The dangers of relying on just WAFs.
Bypassing them has been something we’ve done since the dawn of time. During my time with ModSecurity, it was as fun to write rules as it was to bypass them and this log4j is no different.
Seeing as bypasses are out now, it’s edu time