Add: AutoCert: CSRFField: CSRFSecret: Certs: Exceptions: Headers: LogDir: Logs: Methods: Remove: Replace: Routes: SkipDetection: URLLength: UploadSizeMB: UploadTypes: WAF:

To skip attack detection on specific Form, Query or Cookie fields use SkipDetection param.

NOTE: Use this parameter only if you are confident that fields are secured. Double check input validation in web page code before adding it to skipped fields.

Example:

SkipDetection:
    COOKIE: session_hash
    FORM: post_content, code
    URL: path

1. Request curl -X POST --data-urlencode "x=0&code=rm -rf" http://yoursite.rx will be marked as SAFE as value rm -rf belongs to skiped code field.

2. Request curl -X POST --data-urlencode "x=rm -rf&code=0" http://yoursite.rx will be marked as ATTACK as value rm -rf doesn’t belong to skipped field.