v2.3.7 • 03-07-2018

  • add “SkipDetection:” parameter to skip vulnerability detection certain fields
  • add logging to file and/or syslog, log rotation, “LogDir:” to specify log storage directory
  • fix log request before attack check
  • fix timeout to wait for backend increased
  • fix improved communication with TLS backends
  • fix upload with added custom mimetypes
  • fix if content-type is not set do not try to strip body of sensitive information
  • fix false-postive when checking User-Agent and detecting attack on http:// or https://
  • fix “UploadSizeMB:” parameter for proper limitation of uploadable file sizes
  • add “WAF:” parameter to control web firewall filtering policy
  • add new attack samples (SQL, BASH, JS)
  • fix to allow payloads with data for any allowed method