Y
Hacker News
new
|
ask
|
show
|
jobs
by
rtev
1257 days ago
That WAF needs to be tuned. If they’re worried about the possibility of a local file read that can disclose /etc/shadow, there are much bigger issues.
1 comments
thayne
1256 days ago
Or it is defense in depth. Although blocking it even if the / is percent encoded seems a bit excessive, especially as a default.
link