git:// schema not detected #4196
Description
Hi, Team
I detect today the git:// schema not blocked again can be lead to SSRF (Git Internal daemon abuse) or even RCE in some case in PL3
curl -ig -H "x-format-output: txt-matched-rules" -H "x-crs-paranoia-level: 3" -H "x-backend: coraza-caddy" --data-urlencode "git://evil.attacker.com/repo.git" "https://sandbox.coreruleset.org/"HTTP/1.1 200 OK
Date: Thu, 10 Jul 2025 07:29:22 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
X-Unique-ID: aG9r0g3ZsEJGA-19Uz89VwAAANQ
x-backend: invalid, fallback to apache-latest
x-crs-last-commit: none
The WAF Should block git:// protocol at PL 3 sometime can be abused