Code development platform for open source projects from the European Union institutions 🔵 EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content

🐛 🔨 fix EC_RPS_WAF_USE_CRS EC_RPS_WAF_ALLOWED_FILES waf variables

Youssef BOUFNICHELrequested to merge
fix_waf_vars into main

Decision record

The objective of this PR is to address two issues related to WAF variables:

EC_RPS_WAF_USE_CRS: When this variable is set to false and we try to integrate another file (e.g., standard.conf), it results in both include standard.conf and include /etc/coreruleset/rules/*.conf being applied, causing conflicts. To resolve this, we remove the content of 20-rules.conf and set the necessary configuration in configure-waf.sh.

EC_RPS_WAF_ALLOWED_FILES: This variable fails to work correctly when it contains special characters, such as /.

Changes

  • 🔧 Delete 20-rules.conf's content
  • 🔧 escape special characters in EC_RPS_WAF_ALLOWED_FILES
  • 🔖 v0.21.1
Edited by Youssef BOUFNICHEL

Merge request reports

For further information about the platform and support, please see https://code.europa.eu/info/about