-
Notifications
You must be signed in to change notification settings - Fork 25
/
ftw.yml
60 lines (57 loc) · 4.29 KB
/
ftw.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
---
logfile: '/home/envoy/logs/ftw.log'
maxmarkerretries: 10
testoverride:
input:
dest_addr: envoy
ignore:
# Envoy not compatible tests
'911100-5': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'911100-7': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-4': 'Accepted by Envoy. Valid request. It is only disabled by default from Apache and Nginx'
'920100-10': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-14': 'Invalid HTTP method. Rejected by Envoy with Error 400'
'920100-16': 'Invalid HTTP request line. Rejected by Envoy with Error 400'
'920181-1': 'Content-Length with Transfer-Encoding chunked is rejected by Envoy with Error 400'
'920210-2': 'Connection header is stripped out by Envoy'
'920210-3': 'Connection header is stripped out by Envoy'
'920210-4': 'Connection header is stripped out by Envoy'
'920210-6': 'Connection header is stripped out by Envoy'
'920210-7': 'Connection header is stripped out by Envoy'
'920274-2': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-3': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'920274-5': 'PL4 - False positive. Envoy Populates :path header, therefore invalid character are detected'
'932161-7': 'Referer header is sanitized by Envoy and removed from the request'
'932161-9': 'Referer header is sanitized by Envoy and removed from the request'
'932161-10': 'Referer header is sanitized by Envoy and removed from the request'
'932161-11': 'Referer header is sanitized by Envoy and removed from the request'
'932161-12': 'Referer header is sanitized by Envoy and removed from the request'
'932237-8': 'Referer header is sanitized by Envoy and removed from the request'
'932237-18': 'Referer header is sanitized by Envoy and removed from the request'
'932239-6': 'Referer header is sanitized by Envoy and removed from the request'
'932239-7': 'Referer header is sanitized by Envoy and removed from the request'
'932239-19': 'Referer header is sanitized by Envoy and removed from the request'
'932239-27': 'Referer header is sanitized by Envoy and removed from the request'
'932239-29': 'Referer header is sanitized by Envoy and removed from the request'
'941101-1': 'Referer header is sanitized by Envoy and removed from the request'
'941110-4': 'Referer header is sanitized by Envoy and removed from the request'
'949110-4': 'Related to 920100. Invalid HTTP method. Rejected by Envoy with Error 400'
# coraza-proxy-wasm not compatible tests
'920280-1': 'Rule 920280 matches missing Host. coraza-proxy-wasm crafts it from :authority'
'920280-3': 'Rule 920280 matches missing Host. coraza-proxy-wasm crafts it from :authority'
'920290-1': 'Rule 920290 matches empty Host. coraza-proxy-wasm crafts it from :authority'
# Rules working, tests excluded for different expected output
'920270-4': 'Log contains 920270. Test has log_contains disabled.'
# Coraza related issues
'920171-2': 'Rule 920171 not detected. GET/HEAD with body. Coraza side'
'920171-3': 'Rule 920171 not detected. GET/HEAD with body. Coraza side'
'920430-3': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-8': 'Rule 920430 not detected. Proto version. Coraza side'
'920430-9': 'Rule 920430 not detected. Proto version. Coraza side'
'934120-23': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-24': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-25': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-26': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'934120-39': 'Rule 934120 partially detected. With HTTP/1.1 Envoy return 400. With HTTP/2 Enclosed alphanumerics not detected. Coraza Side'
'932200-13': 'Unfortunate match inside logs against a different rule log. wip'
'930110-7': 'Coraza/CRS side: See https://github.com/corazawaf/coraza/pull/1081'