Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Add blocking mode for CRS Sandbox
See original GitHub issueMotivation
Currently, the sandbox never blocks: https://coreruleset.org/docs/development/sandbox/#example
The sandbox will return a 200 response code, no matter if an attack was detected or not.
This can be confusing for tools that benchmark or compare WAF configurations:
- How does my configuration compare to vanilla CRS?
- How does WAF X compare to CRS?
Proposed solution
It would be great if this behaviour could be dynamically changed per request by adding headers. Similar options to control the behaviour of the sandbox are already configurable using headers: https://coreruleset.org/docs/development/sandbox/#changing-options.
Useful options could be:
- Blocking/Detection
- Anomaly Threshold
Alternatives
–
Additional context
One tool that could be interesting with respect to the sandbox is GoTestWAF. This tool provides an option that might help circumvent the problem but I have not got it to wor yet:
--blockRegex string Regex to detect a blocking page with the same HTTP response status code as a not blocked request
FYI: @roguelabs
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:25 (25 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Oh, well, that’s the default, of course. If you set the header
x-crs-mode: blocking, that’s what you get.I think that’s the way to go.
And then we ought to think about whether we want to have 5 as default as with CRS.