floyd aka floyd_ch on Nostr: nprofile1q…r0h8q you are welcome. You can always configure your WAF to only allow a ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqfpe7wvhfdaf0q5hakpq3ynvmwxk9wmmnvljc45x63yck7yjmhxds9r0h8q (nprofile…0h8q) you are welcome. You can always configure your WAF to only allow a certain character set (regex) for each parameter, but that's a lot of work and increases false positives, so many customers usually only do that after we (or a CVE published) showed an attack for a certain parameter.
Also parser discrepancies (between WAF and server) is a source of#WAF bypasses (e.g. a parameter name is used twice with different values, is the first occurrence used or the second?)
Also parser discrepancies (between WAF and server) is a source of#WAF bypasses (e.g. a parameter name is used twice with different values, is the first occurrence used or the second?)