You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/2-how-crs-works/2-1-anomaly_scoring/index.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -92,7 +92,7 @@ Rule coverage should be taken into account when setting anomaly score thresholds
92
92
{{% notice warning %}}
93
93
Increasing the anomaly score threshold above the defaults (5 for requests, 4 for responses) will allow a substantial number of attacks to bypass CRS and will impede the ability of critical rules to function correctly - including major LFI/RFI safeguards and several protections against severe data-exfiltration vulnerabilities. The anomaly score threshold should only ever be increased temporarily during false-positive tuning.
94
94
95
-
Some WAF vendors (such as Cloudflare) set the default anomaly score well above our defaults - 5 to 12 times higher than what we recommend. This is not a proper implementation of CRS, and you will neutralize entire sections of the WAF.
95
+
Some WAF vendors (such as Cloudflare) set the default anomaly score well above our defaults. This is not a proper implementation of CRS, and will result in bypasses.
0 commit comments