Currently JIRA seems not to be 100% compatible with the security rule specs defined in OWASP ModSecurity Core Rule Set (CRS).
The rule set is not only used by apache mod_security, but also is used by a big number of content distribution network (CDNs) providers and also by major cloud service providers like Microsoft Azure Application Gateway web application firewall.
Need to make JIRA more compatible with the OWASP WAF rule set: https://coreruleset.org/faq/
- Enterprise customers using CDNs and Cloud services such as MS Azure are more likely to enable OWASP WAF rules on their infrastructure, with JIRA not able to be 100% compatible, those rules will prevent many JIRA functionalities from working as expected.
Enforcing WAF rules is very useful for businesses as it makes their infrastructure more robust against attacks.