Walter Hop

I think #2480 is excellent and I want it! It's a bit like the rule I did for PHP - move the often triggering false positive words to PL2. I...

It's hard though. If you have an app with an endpoint that executes commands, a `ping some.host.name` is often done while they monitor the ping traffic on that host to...

That's an interesting idea and I think we can implement this ~_easily_~. We require an IP or hostname after the `ping` command. We have to be clever and also look...

Well we compile it from a list. We could replace `ping` in the data file by a little regex, right? https://github.com/coreruleset/coreruleset/blob/8a7a8960c2721890054ec1f5d9e79f9dc62ac991/util/regexp-assemble/data/932150.data#L133

Hmm.. that's not something that can turn a blind attack into leaking information to a hacker-controlled machine that the RCE succeeded though.

We have considered removing `ping` and `time` from rule 932150. Working around them looks not so easy as I first thought. The rule 932150 actually is not our most important...

Hi @vandanrohatgi, thanks for your insight. For now, due to time constraints, and balancing risk with false positives and maintenance load, we had already decided to remove the problematic words...

I think you are using the Elementor plugin and we don't have support added for it yet. If you could post the full error messages (perhaps cleaning your content from...

It seems that Elementor is trying to PUT to a wp-json url and we block that by default. Elementor is becoming a more and more popular “Site builder” plugin for...

Note to self, this is also one exclusion I needed for Elementor that I need to include: ``` SecRule REQUEST_FILENAME "@endsWith /wp-json/elementor/v1/form-submissions" \ "id:5100001,phase:1,t:none,nolog,pass,\ ctl:ruleRemoveById=200001" ```