Wrong Documentation SecUploadKeepFiles

[security-database]

Description

Trying to play with coraza-spoa it seem that the SecUploadKeepFiles RevelentOnly doc is wrong

Expected result

SecUploadKeepFiles RevelentOnly (By the doc)

Actual result

RevelentOnly On/Off (by the code)

Thanks for your work

[security-database]

In addition, same on coraza.io website

[fzipi]

Hey @security-database! Thanks for creating this issue! Are you up for a PR?

[fzipi]

@security-database ping.

[security-database]

@fzipi i think i can do a PR ;) But i don't know what is good / wrong. Is the Doc good but Code wrong ? Or reverse ? Because if you stick to modsecurity, code is wrong - and for that, i cannot do a PR

To be clear, i cannot write and submit code change, but can test changes.

[fzipi]

That is definitely a bad copy and paste. The modsecurity code should be the good behavior and docs.

[fzipi]

Hmmmmm... https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-%28v2.x%29#user-content-SecUploadKeepFiles

[fzipi]

So RelevantOnly is a thing here. Then the code must be fixed, and docs are good.

[security-database]

So RelevantOnly is a thing here. Then the code must be fixed, and docs are good.

But as you can see,

Note : RelevantOnly is not yet supported on libModSecurity

So it's not implemented every time. If so, you could just for the moment update the doc and plan to add it on later version ?

[fzipi]

Yes, updating the doc to match reality would be the first thing to do.

Because this might have different outputs depending on the middleware, I don't think that at the Coraza layer we can make a decision. That's probably why in libModSecurity is not implemented.

[security-database]

Agree