In the rules, there are transformation instructions which I looked for its implementation in the modsecurity code and saw they are implemented in a different way than aswap's esapi project. I am talking about code found at re_tfns.c and wonder are those transformation functions compatible with the owasp codecs? Can I use either one, yet get same results?
Another thing, owasp's canonical decoding functionality from the aspect of recognizing dual encoding seems to be implemented within the rules, are those two have the same effect? thanks, tzury
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
