The WAF blocks many calls of service-nologin.php (\lib\ajax\) and makes Moodle unusable.
The system engineer does not want to create exceptions because it would create security holes. It says that the CRS (Core Rule Sets) must be met by Moodle.
Is he right?
Why does moodle appear to be breaking these security rules?
Am I doing something wrong?
Some other informations:
The OWASP CRS version of our installation is 3.1.0, Moodle is 3.9.8 (build 20210716) RequestURI: \/lib\/ajax\/service-nologin.php
Request 942 (APPLICATION-ATTACK-SQLI)
RuleID 942200, 942260, 942340, 942370, 942430
Request 949 (BLOCKING-EVALUATION)
RuleID 949110 (Mandatory rule! Cannot be disabled)
Request 980 (CORRELATION)
RuleID 980130 (Mandatory rule! Cannot be disabled)
I don't know what other information could be used, but I think it's a problem of approach, rather than a technical one.