Skip to content

Update list of url-schemas #4197

New issue
New issue
Open
Open
Update list of url-schemas#4197
Labels
➖ False Negative - Evasion
@HackingRepo

Description

@HackingRepo
HackingRepo
opened on Jul 10, 2025

fax:// and rtsp:// schema not blocked used for send fax over internet and rtsp can attacker access to internal camera device my request is

curl -ig -H "x-format-output: txt-matched-rules" -H "x-crs-paranoia-level: 3" -H "x-backend: coraza-caddy" --data-urlencode "q=fax:+1-555-555-5555" "https://sandbox.coreruleset.org/"
HTTP/1.1 200 OK
Date: Thu, 10 Jul 2025 07:53:45 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
X-Unique-ID: aG9xiQ3ZsEJGA-19Uz89bgAAAMU
x-backend: invalid, fallback to apache-latest
x-crs-last-commit: none

curl -ig -H "x-format-output: txt-matched-rules" -H "x-crs-paranoia-level: 3" -H "x-backend: coraza-caddy" --data-urlencode "q=rtsp://192.168.1.100/stream" "https://sandbox.coreruleset.org/"
HTTP/1.1 200 OK
Date: Thu, 10 Jul 2025 07:53:45 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
X-Unique-ID: aG9xiQ3ZsEJGA-19Uz89bgAAAMU
x-backend: invalid, fallback to apache-latest
x-crs-last-commit: none

Metadata

Metadata

Assignees

No one assigned

    Labels

    ➖ False Negative - Evasion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions