coraza: reserve rule-ID range 990000000-990999999 for WHP-generated rules

2026-05-14 06:53:37 -07:00
parent 1f1bc1837e
commit b2adcdbed9
1 changed files with 9 additions and 0 deletions
--- a/coraza-spoa/overrides.conf
+++ b/coraza-spoa/overrides.conf
@@ -94,3 +94,12 @@ SecRuleUpdateActionById 930130 "ctl:ruleEngine=On"
 #                         (`session_start` literal appearing in billing form data)
 #   950xxx-953xxx       — Data leakage / backup-file disclosure (mixed FP)
 # ---------------------------------------------------------------------------
+
+# ---------------------------------------------------------------------------
+# RESERVED RULE-ID RANGE: 990000000 – 990999999
+# WHP's coraza_rule_manager generates per-host-exception rules in this range
+# (rule ID = 990000000 + target_rule_id). Do NOT add new rules in this range
+# from any other source. When bumping the coraza-spoa pin, check the CRS
+# changelog for new rules with 9-digit IDs (rare but possible) and re-namespace
+# if collision risk emerges.
+# ---------------------------------------------------------------------------