blocked requests in SIMULATE mode if not in allowed_content_types #239

pasikarkkainen · 2016-11-08T13:59:04Z

It seems lua-resty-waf can block requests even in SIMULATE mode, which was a bit surprising.

If request content-type isn't listed in "allowed_content_types" setting, lua-resty-waf will block the request, even in SIMULATE mode.

Also I couldn't find a log entry about the blocked request, or the reason why it was blocked.

Something wrong in my settings, or is this a bug?

Thanks!

p0pr0ck5 · 2016-11-09T18:23:21Z

Hi,

Thanks for the report. This is very similar to #232 and will be handled in that patch set.

p0pr0ck5 · 2017-02-22T19:42:52Z

These module options will likely go away in favor of direct SecRules translation, made much more consumable by the addition of the setvar module API. Planning refactor and deprecate this module option in the release following the upcoming v0.11 release, and remove this entirely by v1.0

p0pr0ck5 added this to the v0.9 milestone Nov 9, 2016

p0pr0ck5 added the bug label Nov 9, 2016

p0pr0ck5 self-assigned this Nov 9, 2016

p0pr0ck5 removed this from the v0.9 milestone Jan 25, 2017

p0pr0ck5 added this to the v0.12 milestone Feb 22, 2017

p0pr0ck5 mentioned this issue Feb 22, 2017

different or incorrect logging when request is blocked because of invalid content-type #232

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

blocked requests in SIMULATE mode if not in allowed_content_types #239

blocked requests in SIMULATE mode if not in allowed_content_types #239

pasikarkkainen commented Nov 8, 2016

p0pr0ck5 commented Nov 9, 2016

p0pr0ck5 commented Feb 22, 2017

blocked requests in SIMULATE mode if not in allowed_content_types #239

blocked requests in SIMULATE mode if not in allowed_content_types #239

Comments

pasikarkkainen commented Nov 8, 2016

p0pr0ck5 commented Nov 9, 2016

p0pr0ck5 commented Feb 22, 2017