Skip to content

feat: add 921500 - Nonstandard urlencode characters in path#4302

Open
touchweb-vincent wants to merge 10 commits intocoreruleset:mainfrom
touchweb-vincent:patch-2
Open

feat: add 921500 - Nonstandard urlencode characters in path#4302
touchweb-vincent wants to merge 10 commits intocoreruleset:mainfrom
touchweb-vincent:patch-2

Conversation

@touchweb-vincent
Copy link
Contributor

@touchweb-vincent touchweb-vincent commented Oct 22, 2025

Added rules to block non-standard percent-encoded characters in the URI path to prevent evasion attempts.

@touchweb-vincent
feat: add 921500 - Nonstandard urlencode characters in path
10edf72 
Added rules to block non-standard percent-encoded characters in the URI path to prevent evasion attempts.
@github-actions
Copy link
Contributor

github-actions bot commented Oct 22, 2025
edited
Loading

📊 Quantitative test results for language: eng, year: 2023, size: 10K, paranoia level: 1:
🚀 Quantitative testing did not detect new false positives

@touchweb-vincent
Adding units tests
560f447 
Updated rule_id and descriptions to reflect new protocol enforcement rules. Added additional test cases for non-standard URL-encoded characters.
@touchweb-vincent
Add regression tests for protocol attack rule 921500
e352d3e 
Added regression tests for REQUEST-921-PROTOCOL-ATTACK to block non-standard URL-encoded characters and prevent exploits.
@touchweb-vincent
Delete tests/regression/tests/REQUEST-920-PROTOCOL-ENFORCEMENT/921500…
d923e81 
….yaml
@touchweb-vincent touchweb-vincent mentioned this pull request Oct 22, 2025
Closed
@theseion
Copy link
Contributor

theseion commented Oct 22, 2025

Thanks for the PR @touchweb-vincent. Unfortunately, I believe my comment on the other issue is also relevant here.

@touchweb-vincent
Copy link
Contributor Author

touchweb-vincent commented Oct 23, 2025

Discussed on Slack yesterday.

@theseion theseion mentioned this pull request Nov 3, 2025
Closed
@github-actions github-actions bot added the Stale label Nov 23, 2025
@github-actions github-actions bot removed the Stale label Dec 8, 2025
@github-actions github-actions bot added the Stale label Jan 7, 2026
@github-actions github-actions bot closed this Jan 21, 2026
@fzipi fzipi removed the Stale label Jan 21, 2026
@fzipi fzipi reopened this Jan 21, 2026
fzipi
fzipi reviewed Jan 26, 2026
View reviewed changes
@touchweb-vincent @fzipi
Update rules/REQUEST-921-PROTOCOL-ATTACK.conf
87f7a08 
Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
@theseion theseion mentioned this pull request Feb 2, 2026
Closed
This was referenced Feb 28, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fzipi fzipi Awaiting requested review from fzipi

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@touchweb-vincent @theseion @fzipi