79214791

Date: 2024-11-22 11:26:07
Score: 1.5
Natty:
Report link

This was a misunderstanding on my part about the evaluation of logic statements in WAF.

Written out, the logic statement required was: IF request_path AND NOT (header_1 AND header_2)

Where the initial implementation was: IF request_path AND NOT header_1 AND NOT header_2

My desired outcome was achieved by evaluating the presence and values of both header_1 and header_2 in a self contained AND statement within the rule.

Reasons:
  • No code block (0.5):
  • Self-answer (0.5):
  • Low reputation (0.5):
Posted by: dingo