Open
Description
Hello, team
i noticed today a bypass of WAF at PL3 my request
curl -ig -H "x-format-output: txt-matched-rules" -H "x-crs-paranoia-level: 3" -H "x-backend: coraza-caddy" --data-urlencode "q=;PATH=/inexistent" "https://sandbox.coreruleset.org/"HTTP/1.1 200 OK
Date: Fri, 11 Jul 2025 13:17:44 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
X-Unique-ID: aHEO-A3ZsEJGA-19Uz8-sAAAAM0
x-backend: invalid, fallback to apache-latest
x-crs-last-commit: none