|
From: Felipe C. <FC...@tr...> - 2018-03-08 14:03:42
|
Hi Jai, That is an assumption that may be true on a given time frame. The library can do something else in a near future and it will assume that this method is being called from whomever is consume it. That is one of the reasons that calling this method is important. Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Jai Harpalani <jai...@mu...> Date: Thursday, March 8, 2018 at 1:53 AM To: Felipe Costa <FC...@tr...> Cc: Robert Paprocki <rpa...@fe...>, "mod...@li..." <mod...@li...> Subject: Re: [Mod-security-developers] Question regarding transaction::processConnection() Searching through the CRS rules, I see that real_ip is used for DOS and IP_REPUTATION rules. I am excluding those rules for my specific application. Due to these exclusions, it seems like the call to ProcessConnection() is required only to set the uniqueID. Is this an accurate statement? (…) |
