search

coreruleset / modsecurity-crs-docker

Official ModSecurity Docker + Core Rule Set (CRS) images
https://coreruleset.org
Apache License 2.0
267 stars 69 forks source link

fix: add missing JSON Content-Type rule #253

Closed theseion closed 4 months ago

theseion commented 4 months ago

The new modsecurity.conf file was missing rule 200001, which enables body processing of application/json.

Also took the opportunity to put the content of the file into a form that is easier to maintain w.r.t. to changes from upstream.

Fixes #252

fzipi commented 4 months ago

Hmmmm.... https://github.com/coreruleset/modsecurity-crs-docker/pull/239#discussion_r1581753064 ?

fzipi commented 4 months ago

Ok, so both are needed, right?

theseion commented 4 months ago

Yes. One is for application/json, the other one for application/<something>+json.