-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
One violation in logs when two triggers sent #1089
Comments
This is the expected behavior, the first "block" stops the filtering. This is especially important for violations that could lead to denial of service of the filter, such as maximum size violations. There are cases when you can see evidence of multiple violations, such as with multiple matching content filter rules. The reason is that all the content filter rules are matched at once, so there is no downside to reporting them all as this does not create extra work. |
@bartavelle And as max we will have |
not exactly, things that are about the arguments will block at once, but things that are about signatures will all be applied at the same time and you'll get all the info |
In the system just the first trigger/violation is registered and just the first violation is counted on proxy.
To Reproduce
Steps to reproduce the behavior:
"Ignore Body"
curl -vv [rbzdevelen001-prod-alb-514441289.eu-central-1.elb.amazonaws.com/home](http://rbzdevelen001-prod-alb-514441289.eu-central-1.elb.amazonaws.com/home) -H “host:default.site” -H “test:vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv” -d "b=c&d=<select>"
Should be registered 2 violations:
The text was updated successfully, but these errors were encountered: