cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1f1bc1837e62543f4316e6cbdc4b2721d3c8a7b8
haproxy-manager-base/coraza-spoa/overrides.conf
Josh Knapp 753743de20
All checks were successful
Build and push coraza-spoa / Build-and-Push (push) Successful in 40s
Details
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 54s
Details
coraza: drop 913xxx scanner-UA from enforce list (FP on Mastodon + SiteLock) 
25h whp01 burn-in (2026-05-13) found ~11% FP rate on rule 913100:
ActivityPub federation pulls (Mastodon UA "...Bot" on hackerpublicradio.org
and blog.anti-social.online) and SiteLockSpider scans (a customer-paid
security service hitting greggfranklin.com + suchascream.net). The other
six promoted rule families (930120, 932100-160, 933170-200, 944100-300,
920440, 930130) showed zero FPs across the same window and stay enforced.

Detection-only still feeds the anomaly score, so we lose ~no real
blocking value by demoting this family.
2026-05-13 19:13:22 -07:00

5.5 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink