Chaim Sanders
Chaim Sanders
The most recent change above moved the rate limited checking from _connect to api_call. The reason this is needed is because the rate limit lockout on certain API calls (auth_logs)...
Any update on this? Is the updated project now OSS?
Looks to be a libinjection rule. interesting, not quite sure why this is, maybe it wasnt done with other langs in mind. I know modsec's regex engine also has problems...
@zimmerle can you shed some light on this problem? I know there are tickets in modsec's repo also can we link them here if they apply?
https://github.com/SpiderLabs/ModSecurity/issues/708
https://github.com/SpiderLabs/ModSecurity/issues/348#issuecomment-307545146 please see the very thoughtful comment @marcstern left on this other thread.
3.1 or 3.0.1, I guess 3.1 since it's a new feature.
Seems reasonable - @dune73 you want me to take or do you want it?
I can merge your PR's however --- modsec.org isn't maintained with this anymore.
Hey @calistochen I haven't updated this since ModSecurityv3 (libmodsecurity) changed a lot. I will be quite soon. If its something you really want to play with I can prioritize it...