Closed jessebot closed 2 months ago
@jessebot Thanks for the report, I can confirm the false positive
I think that rule you wrote is good, however you could do a bit better in terms of maintainability. The way your allowing the PUT request method will need to be kept in sync with any changes CRS may make in the future, or if you ever decide to edit the allowed request methods in crs-setup.conf
. If you look at how additional request methods are allowed within the plugin, the %{tx.allowed_methods}
is specified (which is the default allowed request methods or whatever you configured in crs-setup.conf
) along with the additional request method you want to allow.
I've opened a PR to fix this within the plugin #85
Awesome, thank you for the tips and for submitting the PR 🙏 Maybe next one I can try to submit it myself :)
@jessebot Sounds great! Contributions are always welcome.
Description
When I try to reorder a list on a board with multiple lists, by dragging a list from one side of the board to the other, I hit this rule, 911100, I think because of the
PUT
:Maybe solution
I think fixing it might look something like this, but I'm not great at modsecurity rule exclusion stuff:
Env
CRS version:
4.4.0
ModSecurity version:ModSecurity v3.0.12 (Linux)
type of web server: ingress-nginx controller via k8sThanks for any help you can provide!