Hi,
Just for my clarification, on "core ruleset/2.1.1", I saw that 960032 are
using "tx.allowed_methods", configured from modsecurity_crs_10_config.conf.
REQUEST_METHOD "!@within %{tx.allowed_methods}" ...
But 960010 are not:
REQUEST_METHOD REQUEST_METHOD "!^(?:GET|HEAD|PROPFIND|OPTIONS)$"
Don't should 960010 use "tx.allowed_methods" too?
Best regards,
Klaubert
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
