Owasp-modsecurity-crs: Test Apache Struts Vulnerabilities and Exploits 2018

Created on 11 Dec 2018  路  6Comments  路  Source: SpiderLabs/owasp-modsecurity-crs

Issue #1061 and PR #1256 relate to Apache Struts Vulnerabilities from 2017.
In 2018, there are some Apache Struts vulnerabilities and exploits that should be tested.
The CVEs could then be added to comments as it was done in PR #1256 for 2017.

Most helpful comment

Looking through the data file, I think we are quite safe with regards to FPs. I'd say a PR is due.

All 6 comments

I looked for Apache Struts, Oracle WebLogic, and Java Remote Exploits from 2018 and found these 3 CVEs in the Exploit DB:

Apache Struts
CVE 2018-11776

Exploits:

Java
CVE 2018-2380

Exploit:

Oracle WebLogic
CVE 2018-2628

Exploit:

I will test them against the CRS and open a PR to add the findings to the comments of the rules.

tl;dr
Good news: 3 out of 4 exploits are detected by the CRS.
The one not detected is based on the WebLogic T3 protocol, not HTTP, so not relevant to us.

I propose to add CVE 2018-11776 to the comments of rules

  • 933161
  • 933160

And to enhance the Java rule 944130 with REQUEST_FILENAME. But I do not know what that would mean in terms of FP? @spartantri?

Details

CVE 2018-2380 (Java: SAP NetWeaver AS JAVA CRM - Log injection)

CVE 2018-2628 (WebLogic)

CVE 2018-11776 (Apache Struts)

  • 2 exploits tested.

Details of CVE 2018-11776 Apache Struts

Exploit Nr. 1: https://www.exploit-db.com/exploits/45262

Results in GET Request:
GET /%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27cat%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getOutputStream%28%29%29%29.%28%40org.apache.commons.io.IOUtils%40copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/help.action HTTP/1.1

Triggers 3 rules:
[2018-12-16 09:47:23.358088] [-:error] 127.0.0.1:49676 XBYfK38AAQEAAE-TEPEAAABG [client 127.0.0.1] ModSecurity: Warning. Matched phrase "Python-urllib" at REQUEST_HEADERS:User-Agent. [file "REQUEST-913-SCANNER-DETECTION.conf"] [line "151"] [id "913101"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: Python-urllib found within REQUEST_HEADERS:User-Agent: python-urllib/2.7"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "localhosm"] [uri "/${(#_memberAccess['allowStaticMethodAccess']=true).(#cmd='cat').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}/help.action"] [unique_id "XBYfK38AAQEAAE-TEPEAAABG"]

[2018-12-16 09:47:23.368025] [-:error] 127.0.0.1:49676 XBYfK38AAQEAAE-TEPEAAABG [client 127.0.0.1] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1284"] [id "920300"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "localhosm"] [uri "/${(#_memberAccess['allowStaticMethodAccess']=true).(#cmd='cat').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}/help.action"] [unique_id "XBYfK38AAQEAAE-TEPEAAABG"]

[2018-12-16 09:47:23.380704] [-:error] 127.0.0.1:49676 XBYfK38AAQEAAE-TEPEAAABG [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:i(?:s(?:_(?:in(?:t(?:eger)?|finite)|n(?:u(?:meric|ll)|an)|(?:calla|dou)ble|s(?:calar|tring)|f(?:inite|loat)|re(?:source|al)|l(?:ink|ong)|a(?:rray)?|object|bool)|set)|n(?:(?:clud|vok)e|t(?:div|val))|(?:mplod|dat)e|conv)|s(?:t(?:r(?:(?:le|sp)n| ..." at REQUEST_FILENAME. [file "REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "612"] [id "933161"] [msg "PHP Injection Attack: Low-Value PHP Function Call Found"] [data "Matched Data: copy(#process.getInputStream(),#ros)).(#ros.flush()) found within REQUEST_FILENAME: /${(#_memberAccess['allowStaticMethodAccess']=true).(#cmd='cat').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtil..."] [seve [hostname "localhosm"] [uri "/${(#_memberAccess['allowStaticMethodAccess']=true).(#cmd='cat').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}/help.action"] [unique_id "XBYfK38AAQEAAE-TEPEAAABG"]

The last log entry is relevant for the CVE:

  • Rule 933161: msg "PHP Injection Attack: Low-Value PHP Function Call Found"] [data "Matched Data: copy(#process.getInputStream(),#ros)).(#ros.flush()) found within REQUEST_FILENAME

Exploit Nr. 2: https://www.exploit-db.com/exploits/45260

Results in requests:
127.0.0.1 - - [2018-12-19 10:14:14.005243] "GET /$%7B%7B40*40%7D%7D/index.html HTTP/1.1" 404 219 "-" "struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2018-11776)" localhosm 127.0.0.1 80 - - + "-" XBoZ9n8AAQEAAB3CAwcAAABX - - 213 420 -% 36041 20032 112 4219 5 0

127.0.0.1 - - [2018-12-19 10:14:14.032841] "GET /bla/$%7B%7B40*40%7D%7D/index.html HTTP/1.1" 404 223 "-" "struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2018-11776)" localhosm 127.0.0.1 80 - - + "-" XBoZ9n8AAQEAAB3CAwgAAABF - - 217 424 -% 36175 19451 114 3827 5 0

127.0.0.1 - - [2018-12-19 10:14:14.062493] "GET /bla/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%[email protected]@getRuntime%28%29.exec%28%27id%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%[email protected]@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/index.html HTTP/1.1" 404 551 "-" "struts-pwn (https://github.com/mazen160/struts-pwn_CVE-2018-11776)" localhosm 127.0.0.1 80 - - + "-" XBoZ9n8AAQEAAB3CAwkAAABH - - 655 752 -% 51501 35278 184 6065 15 0

Triggers rules:
[2018-12-19 10:14:59.268547] [-:error] 127.0.0.1:49920 XBoaI38AAQEAAB3CAwoAAABL [client 127.0.0.1] ModSecurity: Warning. Matched phrase "struts-pwn" at REQUEST_HEADERS:User-Agent. [file "REQUEST-913-SCANNER-DETECTION.conf"] [line "56"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: struts-pwn found within REQUEST_HEADERS:User-Agent: struts-pwn (https://github.com/mazen160/struts-pwn_cve-2018-11776)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "localhosm"] [uri "/${{26*26}}/index.html"] [unique_id "XBoaI38AAQEAAB3CAwoAAABL"]

[2018-12-19 10:14:59.302002] [-:error] 127.0.0.1:49922 XBoaI38AAQEAAB3CAwsAAABM [client 127.0.0.1] ModSecurity: Warning. Matched phrase "struts-pwn" at REQUEST_HEADERS:User-Agent. [file "REQUEST-913-SCANNER-DETECTION.conf"] [line "56"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: struts-pwn found within REQUEST_HEADERS:User-Agent: struts-pwn (https://github.com/mazen160/struts-pwn_cve-2018-11776)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "localhosm"] [uri "/bla/${{26*26}}/index.html"] [unique_id "XBoaI38AAQEAAB3CAwsAAABM"]

[2018-12-19 10:14:59.340779] [-:error] 127.0.0.1:49924 XBoaI38AAQEAAB3CAwwAAABO [client 127.0.0.1] ModSecurity: Warning. Matched phrase "struts-pwn" at REQUEST_HEADERS:User-Agent. [file "REQUEST-913-SCANNER-DETECTION.conf"] [line "56"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: struts-pwn found within REQUEST_HEADERS:User-Agent: struts-pwn (https://github.com/mazen160/struts-pwn_cve-2018-11776)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "localhosm"] [uri "/bla/${(#_memberAccess[\\"allowStaticMethodAccess\\"]=true,#[email protected]@getRuntime().exec('id').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[51020],#c.read(#d),#[email protected]@getResponse().getWriter(),#sbtest.println(#d),#sbtest.close())}/index.html"] [unique_id "XBoaI38AAQEAAB3CAwwAAABO"]

[2018-12-19 10:14:59.352317] [-:error] 127.0.0.1:49924 XBoaI38AAQEAAB3CAwwAAABO [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at REQUEST_FILENAME. [file "REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "355"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: exec('id').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[51020],#c.read(#d),#[email protected]@getResponse().getWriter(),#sbtest.println(#d),#sbtest.close()) found within REQUEST_FILENAME: /bla/${(#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#[email protected]@getRuntime().exec('id').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[51020],#c.rea..."] [severity "CR [hostname "localhosm"] [uri "/bla/${(#_memberAccess[\\"allowStaticMethodAccess\\"]=true,#[email protected]@getRuntime().exec('id').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[51020],#c.read(#d),#[email protected]@getResponse().getWriter(),#sbtest.println(#d),#sbtest.close())}/index.html"] [unique_id "XBoaI38AAQEAAB3CAwwAAABO"]

CVE relevant:

  • 933160: msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: exec('id').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[51020],#c.read(#d),#[email protected]@getResponse().getWriter(),#sbtest.println(#d),#sbtest.close()) found within REQUEST_FILENAME

Both exploits did not trigger any of the java rules. I had a look at the existing rule 944130, which checks for java keywords from java-classes.data.
The problem with these 2 exploits is, that they are executed in a GET request.
If we enhanced rule 944130 with the check of REQUEST_FILENAME, both exploits would hit this rule:

Exploit Nr. 1:
[2018-12-18 16:50:00.554490] [-:error] 127.0.0.1:49810 XBklOH8AAQEAAB3CAsAAAABE [client 127.0.0.1] ModSecurity: Warning. Matched phrase "java.lang.System" at REQUEST_FILENAME. [file "REQUEST-944-APPLICATION-ATTACK-JAVA.conf"] [line "166"] [id "944130"] [msg "Suspicious Java class detected"] [data "Matched Data: /${(#_memberaccess['allowstaticmethodaccess']=true).(#cmd='cat').(#iswin=(@java.lang.system@getproperty('os.name').tolowercase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'bash','-c',#cmd})).(#p=new java.lang.processbuilder(#cmds)).(#p.redirecterrorstream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.servletactioncontext@getresponse().getoutputstream())).(@org.apache.commons.io.ioutils@copy(#process.getinputstream(),#ros)).(#ros.flush())}/help.action found within REQ..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-java"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [tag "paranoia-level/1"] [hostname "localhosm"] [uri "/${(#_memberAccess['allowStaticMethodAccess']=true).(#cmd='cat').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}/help.action"] [unique_id "XBklOH8AAQEAAB3CAsAAAABE"]

Exploit Nr. 2:
[2018-12-18 17:06:48.825355] [-:error] 127.0.0.1:49874 XBkpKH8AAQEAAB3CAuAAAABB [client 127.0.0.1] ModSecurity: Warning. Matched phrase "java.lang.Runtime" at REQUEST_FILENAME. [file "REQUEST-944-APPLICATION-ATTACK-JAVA.conf"] [line "166"] [id "944130"] [msg "Suspicious Java class detected"] [data "Matched Data: /bla/${(#_memberaccess[\\x22allowstaticmethodaccess\\x22]=true,#[email protected]@getruntime().exec('id').getinputstream(),#b=new java.io.inputstreamreader(#a),#c=new java.io.bufferedreader(#b),#d=new char[51020],#c.read(#d),#[email protected]@getresponse().getwriter(),#sbtest.println(#d),#sbtest.close())}/index.html found within REQUEST_FILENAME"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-java"] [tag "platform-multi"] [tag "attack-rce"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [tag "paranoia-level/1"] [hostname "localhosm"] [uri "/bla/${(#_memberAccess[\\"allowStaticMethodAccess\\"]=true,#[email protected]@getRuntime().exec('id').getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[51020],#c.read(#d),#[email protected]@getResponse().getWriter(),#sbtest.println(#d),#sbtest.close())}/index.html"] [unique_id "XBkpKH8AAQEAAB3CAuAAAABB"]

Long text. Summary:
I will add CVE 2018-11776 to the comment of rules:

  • 933161
  • 933160

And I propose to extend Java rule 944130 with REQUEST_FILENAME. What do you think about that, @spartantri?

And a general comment: It's nice that the CRS recognizes scanners (yes, could be manipulated) because of the user agents and because of the non-compliant HTTP behaviour.

CVE-2018-2380

I tested the exploit https://www.exploit-db.com/exploits/44292.

This exploit triggers 37 rules! A few of them twice or more.

$ wc -l /tmp/error.log
37 /tmp/error.log

Unfortunately, the error.log format is changed by a few errors, so that, among other things, message ids are missing:

$ cat /tmp/error.log | melid | wc -l
27

I managed to detect the message ID by the regular expressions in the error.log file.

Here is the complete list of triggered rules. Of course, we also see blocking rules.

      2 920272
      7 920273
      5 920350
      1 920460
      1 921150
      1 933160
      1 933161
      1 941320
      1 941340
      1 942110
      1 942120
      3 942130
      1 942150
      1 942200
      1 942210
      1 942370
      1 942410
      1 942430
      1 942431
      1 942432
      1 944110
      1 944250
      1 949110
      1 980130

I will open a PR and add the CVE number to all _relevant_ rules.

If we extended rule 944130 (https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.2/dev/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf#L139) with REQUEST_FILENAME, we would cover two exploits for CVE 2018-11776 Apache Struts.

Both exploits did not trigger any of the java rules. I had a look at the existing rule 944130, which checks for java keywords from java-classes.data.
The problem with these 2 exploits is, that they are executed in a GET request.
If we enhanced rule 944130 with the check of REQUEST_FILENAME, both exploits would hit this rule.

Exploit Nr. 1: https://www.exploit-db.com/exploits/45262:

GET /%24%7B%28%23_memberAccess%5B%27allowStaticMethodAccess%27%5D%3Dtrue%29.%28%23cmd%3D%27cat%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%23ros%3D%28%40org.apache.struts2.ServletActionContext%40getResponse%28%29.getOutputStream%28%29%29%29.%28%40org.apache.commons.io.IOUtils%40copy%28%23process.getInputStream%28%29%2C%23ros%29%29.%28%23ros.flush%28%29%29%7D/help.action HTTP/1.1

Exploit Nr. 2: https://www.exploit-db.com/exploits/45260:

GET /bla/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%[email protected]@getRuntime%28%29.exec%28%27id%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%[email protected]@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/index.html HTTP/1.1

Do we want to add REQUEST_FILENAME or do we expect false positives?

I vote to add REQUEST_FILENAME as suggested by @franbuehler this will also help in case there are weird rewrite rules in place turning /id/d into id=d and that kind of things

Looking through the data file, I think we are quite safe with regards to FPs. I'd say a PR is due.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

jeremyjpj0916 picture jeremyjpj0916  路  3Comments

dune73 picture dune73  路  6Comments

spartantri picture spartantri  路  3Comments

elexisvenator picture elexisvenator  路  3Comments

cPJasonB picture cPJasonB  路  3Comments