“If you run CRS or one the known commercial ModSecurity rule sets on ModSecurity 3 and you disable Request Body Access for the WAF, then you have configured a complete WAF bypass” #infosec #CyberSecurity
https://t.co/UEH4eIN9B1