Add: AutoCert: CSRFField: CSRFSecret: Certs: Exceptions: LogDir: Logs: Methods: Remove: Routes: SkipDetection: URLLength: UploadSizeMB: UploadTypes: WAF:

SkipDetection

default: -

To skip attack detection on specific Form, Query or Cookie fields use SkipDetection param.

NOTE: Use this parameter only if you are confident that fields are secured. Double check input validation in web page code before adding it to skipped fields.

Example:

SkipDetection:
    COOKIE: session_hash
    FORM: post_content, code
    URL: path
  1. Request curl -X POST --data-urlencode "x=0&code=rm -rf" http://yoursite.rx will be marked as SAFE as value rm -rf belongs to skiped code field.

  2. Request curl -X POST --data-urlencode "x=rm -rf&code=0" http://yoursite.rx will be marked as ATTACK as value rm -rf doesn’t belong to skipped field.