Hi Barry, The distinction between phase:1 and phase:2 was blurred with the moving of the phase:1 onto the same apache hook a few years back (in order to make SecRule phase:1 work in Location blocks).
But for people compiling with --enable-request-early and thus having a real phase:1 before the request body is received, for these people moving rules into phase:1 when possible makes a lot of sense. I support your request and suggest you open a github issue. A direct pull request for the 3.0.0rc1 branch would be equally welcome. In case: Did you check all the rules for phase:1 candidates or these just the ones that jumped on you? Ahoj, Christian -- Do not pray for an easy life. Pray for the strength to endure a difficult one. -- Bruce Lee _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
