Closed zc-devs closed 1 year ago
Coraza's logs look like:
{"level":"error","ts":1689775831.1240058,"msg":"[client \"\\xac\\x14\\x00\\x01\"] Coraza: Access denied (phase 2). Inbound Anomaly Score Exceeded (Total Score: 10) [file \"/etc/coraza-spoa/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"] [line \"9504\"] [id \"949110\"] [rev \"\"] [msg \"Inbound Anomaly Score Exceeded (Total Score: 10)\"] [data \"\"] [severity \"emergency\"] [ver \"OWASP_CRS/4.0.0-rc1\"] [maturity \"0\"] [accuracy \"0\"] [tag \"anomaly-evaluation\"] [hostname \"\\xac\\x14\\x00\\x04\"] [uri \"/?x=/etc/passwd\"] [unique_id \"8a04f0d9-f52a-4c71-a6dd-ce567a10c3fa\"]\n"}
There are corrupted client and hostname fields.
client
hostname
Reproduces in dd5eb86.
cc @sts, @amsnek.
Coraza's logs look like:
There are corrupted
clientandhostnamefields.Reproduces in dd5eb86.
cc @sts, @amsnek.