diff --git a/content/concepts/anomaly_scoring.md b/content/concepts/anomaly_scoring.md index 0305aba8..d880caf4 100644 --- a/content/concepts/anomaly_scoring.md +++ b/content/concepts/anomaly_scoring.md @@ -19,7 +19,7 @@ Individual rules designed to detect specific types of attacks and malicious beha Once all of the rules that inspect *request* data have been executed, *blocking evaluation* takes place. If the anomaly score is greater than or equal to the inbound anomaly score threshold then the transaction is *denied*. Transactions that are not denied continue on their journey. -![Diagram showing an example where the inbound anomaly score threshold is set to 5. A first example request accumulates an anomaly score of 2 and is allowed to pass at the blocking evaluation step. A second example request accumulates an anomaly score of 7 and is denied at the blocking evaluation step.](as_inbound_no_fonts.svg?height=36em) +![Diagram showing an example where the inbound anomaly score threshold is set to 5. A first example request accumulates an anomaly score of 2 and is allowed to pass at the blocking evaluation step. A second example request accumulates an anomaly score of 7 and is denied at the blocking evaluation step.](anomaly_scoring/as_inbound_no_fonts.svg?height=36em) Continuing on, once all of the rules that inspect *response* data have been executed, a second round of blocking evaluation takes place. If the *outbound* anomaly score is greater than or equal to the outbound anomaly score threshold, then the response is *not returned* to the user. (Note that in this case, the request *is* fully handled by the backend or application; only the response is stopped.) diff --git a/content/deployment/engine_integration_options.md b/content/deployment/engine_integration_options.md index 9ebb4b1b..5d6c6ac0 100644 --- a/content/deployment/engine_integration_options.md +++ b/content/deployment/engine_integration_options.md @@ -117,9 +117,7 @@ To learn more about Edgecast, read [their WAF documentation](https://docs.edgeca ### Fastly -Fastly has offered CRS as part of their Fastly WAF for several years, but they have started to migrate their existing customers to the recently acquired Signal Sciences WAF. Interestingly, Fastly is transposing CRS rules into their own Varnish-based WAF engine. - -For more information about the Fastly CRS offering, read [their WAF documentation](https://docs.fastly.com/en/guides/fastly-waf-rule-set-updates-maintenance-legacy). +Fastly has offered CRS as part of their Fastly WAF for several years, but they have started to migrate their existing customers to the recently acquired Signal Sciences WAF. Interestingly, Fastly is transposing CRS rules into their own Varnish-based WAF engine. Unfortunately, documentation on their legacy WAF offering has been removed. ### Google Cloud Armor diff --git a/content/development/sandbox.md b/content/development/sandbox.md index 7fdfd35e..e9389298 100644 --- a/content/development/sandbox.md +++ b/content/development/sandbox.md @@ -151,8 +151,6 @@ CRS therefore detects this payload starting with paranoia level 1. The sandbox consists of various parts. The frontend that receives the requests runs on Openresty. It handles the incoming request, chooses and configures the backend running CRS, proxies the request to the backend, and waits for the response. Then it parses the WAF audit log and sends the matched rules back in the format chosen by the user. -![CRS sandbox diagram v3.drawio.png](https://coreruleset.org/assets/uploads/2022/01/CRS_sandbox_diagram_v3.drawio.png) - There is a backend container for every engine and version. For instance, one Apache with CRS 3.2.2, one with CRS 3.2.1, et cetera... These are normal webserver installations with a WAF and the CRS. The backend writes their JSON logs to a volume to be read by a collector script and sent to S3 bucket and Elasticsearch. diff --git a/lychee.toml b/lychee.toml new file mode 100644 index 00000000..04a21d40 --- /dev/null +++ b/lychee.toml @@ -0,0 +1,3 @@ +exclude = ["github.com/coreruleset.*/SECURITY.md", "github.com/coreruleset.*/.github/.*"] +user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0" +no-progress = true