Add:
AutoCert:
CSRFField:
CSRFSecret:
Certs:
Exceptions:
Headers:
LogDir:
Logs:
Methods:
Remove:
Replace:
Routes:
SkipDetection:
URLLength:
UploadSizeMB:
UploadTypes:
WAF:
SkipDetection
default: -
To skip attack detection on specific Form, Query or Cookie fields use SkipDetection
param.
NOTE: Use this parameter only if you are confident that fields are secured. Double check input validation in web page code before adding it to skipped fields.
Example:
SkipDetection:
COOKIE: session_hash
FORM: post_content, code
URL: path
Request
curl -X POST --data-urlencode "x=0&code=rm -rf" http://yoursite.rx
will be marked as SAFE as valuerm -rf
belongs to skipedcode
field.Request
curl -X POST --data-urlencode "x=rm -rf&code=0" http://yoursite.rx
will be marked as ATTACK as valuerm -rf
doesn’t belong to skipped field.