Open amcgregor opened 2 years ago
An incoming HEAD request whose entire path portion of the URI is itself the URI being requested is very likely a probe for an open proxy. This should warrant a WAF rejection.
HEAD /https://example.com
An incoming HEAD request whose entire path portion of the URI is itself the URI being requested is very likely a probe for an open proxy. This should warrant a WAF rejection.