Description

How to reproduce the misbehavior (-> curl call)

Call a URL with argument ?r=queue%2Fsendmails.
In the specific use case, this is used to call a task sendmails in the queue module of a server-side script. This is considered a normal / benign URL.

Example in sandbox: https://sandbox.coreruleset.org/?r=queue%2Fsendmails

Logs

Your Environment

• CRS version (e.g., v3.3.4): v4.14.0
• Paranoia level setting (e.g. PL1) : -
• ModSecurity version (e.g., 2.9.6): -
• Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): -
• Operating System and version: -

Confirmation

[x] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.