rules for prevent download of install or configuration file like composer.lock g


i want make a rules to prevent download of installation or configuration files like composer.lock, .git files…

original owasp rules set has a file for that :

How can i do that with cwaf ?


Please, use Userdata - Blocked Extensions in plug-in.
From command line this file is also accessable /path_to_cwaf/cwaf/rules/userdata_bl_extensions