Any reasons these rules are phase 2 rules? 960034 checks http protocol version (available in phase 1)960035 checks requested filename (available in phase 1)960038 checks http headers (available in phase 1) Surely we should check all rules are earliest possible phase as a matter or principal and can't see any reason to delay these until phase 2. Reason I'm asking is that I have a rule that white lists GET requests for static resources after phase 1 to improve performance and so rules like these will not run when ideally they should do. Thanks,Barry
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
