Adding an appsec exclusion for Nightscout socket.io traffic
ContainerHi everyone :)
I just started playing with appsec, and the vpatch rules are performing very well. So I figured I´d add out of band CRS processing as well and I'm seeing a lot of false positives for Nightscout (a diabetes management system)
Specifically, traffic to /socket.io/ is being detected and eventually a ban decision is made.
I was able to make a whitelist parser in
I put the full json of one of the alerts, as well as some config files here: https://gist.vobar.eu/cas/585a09f8dc01489e9c08fdfe18960448
I have a temporary nightscout deployment at https://temp-ns.vobar.eu if you want to check out what kind of traffic it generates.
Thanks :)
I just started playing with appsec, and the vpatch rules are performing very well. So I figured I´d add out of band CRS processing as well and I'm seeing a lot of false positives for Nightscout (a diabetes management system)
Specifically, traffic to /socket.io/ is being detected and eventually a ban decision is made.
I was able to make a whitelist parser in
parsers/s02-enrich/I put the full json of one of the alerts, as well as some config files here: https://gist.vobar.eu/cas/585a09f8dc01489e9c08fdfe18960448
I have a temporary nightscout deployment at https://temp-ns.vobar.eu if you want to check out what kind of traffic it generates.
Thanks :)
