v2.3.7
• 03-07-2018
- add “SkipDetection:” parameter to skip vulnerability detection certain fields
- add logging to file and/or
syslog
, log rotation, “LogDir:” to specify log storage directory
- fix log request before attack check
- fix timeout to wait for backend increased
- fix improved communication with TLS backends
- fix upload with added custom mimetypes
- fix if
content-type
is not set do not try to strip body of sensitive information
- fix false-postive when checking
User-Agent
and detecting attack on http://
or https://
- fix “UploadSizeMB:” parameter for proper limitation of uploadable file sizes
- add “WAF:” parameter to control web firewall filtering policy
- add new attack samples (SQL, BASH, JS)
- fix to allow payloads with data for any allowed method