Description

I think rule which impelemted in id 933150 can raise many false positive as it just match a word without additional logic. This is happened in my production environment when user try to get image where the name contain ...fOpenCamera.jpg. Now i disable the fopen function detection and may be another function will be follow.

How to reproduce the misbehavior (-> curl call)

Thanks to the sandbox so we can make a report easily.

1. Open browser
2. visit: https://sandbox.coreruleset.org/RootAndLeafOpenCamera.jpg

Logs

Your Environment

CRS Sandbox environment

Confirmation

[x] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.