[ First, let me apologize for consuming a few more than my share of
electrons on this... ]
I think I've improved the fake X-Authentication-Warning header check.
I incorporated a few other rules that were mentioned into the following.
I am not a regex guru so this will likely be able to be improved or made
more efficient.
header __X_AUTH_WARN_0 exists:X-Authentication-Warning
header __X_AUTH_WARN_1 X-Authentication-Warning =~
/^(?:[a-z]{4,20}[\-\.\,]? ){2,8}/ # no /i, trailing space
header __X_AUTH_WARN_2 X-Authentication-Warning =~
/\b[A-Z]{2,5}[a-z]{5,7}[0-9]{2}\b/
header __X_AUTH_WARN_3 X-Authentication-Warning !~ /using -f/
meta CSL_X_AUTH_WARN (__X_AUTH_WARN_0 && (__X_AUTH_WARN_1 ||
__X_AUTH_WARN_2 || __X_AUTH_WARN_3))
describe CSL_X_AUTH_WARN Fake X-Authentication-Warning header
score CSL_X_AUTH_WARN 4.5
