We are evaluating Xibo in the context of web application security. In this context, we are using ModSecurity with CRS v3.3 without any rule customizations.
We have observed some issues regarding usage of ‘put’ methods, which is blocked by crs v3.3 by default.
We were wondering, if there is any accepted set of modifications to core rule set - that we should always apply to ensure that the CMS functionality is not impacted due to security??