← Back to context

Comment by afiori

1 day ago

This is a strawman, especially if like the parent claims this was improving security for one of the most popular website backends ever.

Rules like this might very well have had incredible positive impact on ten of thousands of websites at the cost of some weird debugging sessions for dozens of programmers (made up numbers obviously).

1 comment

afiori

Reply
kiitos  7 hours ago

Look, any WAF that blocks a document like

    <!DOCTYPE html>
    <html lang="en">
    <body>
    <p>/etc/hosts is a file on Unix hosts</p>

is pretty clearly broken. And you can't meaningfully measure product metrics like impact for fundamentally broken products.