I have no problem with accepting a patch for that. It should be noted that this discussion is for CRS 2.x. In the CRS 3.x branch we actually already have this support see: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/R EQUEST-30-APPLICATION-ATTACK-LFI.conf#L67-L96
And more specifically: https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/l fi-os-files.data#L754 On 10/16/15, 4:51 AM, "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of theMiddle" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of i...@waf.blue> wrote: >950005 ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
