Christian Folini
Christian Folini
Is there any progress on this front?
While you guys are at it ... AFAIK mod_auth_cas does not check the path in the ticket metadata against the path of the request. I think it would be more...
This is a very interesting addition, @nullpo-head. Thank you very much. We are currently phasing out ftw and replace it with go-ftw. https://github.com/fzipi/go-ftw You may want to check that out...
Also see https://github.com/coreruleset/crs-sandbox/issues/48
I doubt this is an "outdated sandbox" problem. But let's first draw a clear picture first and the root cause might be pretty clear afterwards.
I mean this is a response, so there is a higher trust than for a request, but I am sure there are attacks where the attacker can control CT. The...
Would not you want to keep it at `
Let's see if we get some other feedback. Honestly, (2) would be better, but not sure if we can trust it.
Probably yes, but then we should at least comment it out and then document the plugin to enable this. I do not think it's a good idea to mess with...