p0pr0ck5
commented
8 years ago Hi,
Thanks for the report. This is very similar to #232 and will be handled in that patch set.
Open pasikarkkainen opened 8 years ago
p0pr0ck5
commented
8 years ago Hi,
Thanks for the report. This is very similar to #232 and will be handled in that patch set.
p0pr0ck5
commented
7 years ago These module options will likely go away in favor of direct SecRules translation, made much more consumable by the addition of the setvar module API. Planning refactor and deprecate this module option in the release following the upcoming v0.11 release, and remove this entirely by v1.0
It seems lua-resty-waf can block requests even in SIMULATE mode, which was a bit surprising.
If request content-type isn't listed in "allowed_content_types" setting, lua-resty-waf will block the request, even in SIMULATE mode.
Also I couldn't find a log entry about the blocked request, or the reason why it was blocked.
Something wrong in my settings, or is this a bug?
Thanks!