This is a strawman, especially if like the parent claims this was improving security for one of the most popular website backends ever.

Rules like this might very well have had incredible positive impact on ten of thousands of websites at the cost of some weird debugging sessions for dozens of programmers (made up numbers obviously).

▲ kiitos 8 months ago | parent [-]

Look, any WAF that blocks a document like

    <!DOCTYPE html>
    <html lang="en">
    <body>
    <p>/etc/hosts is a file on Unix hosts</p>

is pretty clearly broken. And you can't meaningfully measure product metrics like impact for fundamentally broken products.

▲

afiori 8 months ago | parent [-]

> is pretty clearly broken

agree

> And you can't meaningfully measure product metrics like impact for fundamentally broken products

disagree

	▲	kiitos 7 months ago \| parent [-]
		I have a WAF that blocks everything. It's obviously fundamentally broken, but in terms of product metrics like impact, it's incredible! It stops 100% of attacks!