Detection mode also trains teams to ignore WAF alerts, which creates a second-order problem. Because everything gets logged and nothing ever blocks, alerts in Detection mode have no operational consequence. Over months, teams tune the alerting down or stop routing WAF events to anyone who acts on them. When you eventually flip to Prevention and need that channel to surface false positives causing real user impact, you’ve spent months conditioning your team to treat WAF alerts as noise.
small Firefox extension
。关于这个话题,新收录的资料提供了深入分析
In Boris Tane’s How I Use Claude Code, he describes how he uses inline annotations to give Claude feedback. I adapted this pattern for complex FDs where conversational back-and-forth can be imprecise. I edit the FD file directly in Cursor and add inline annotations prefixed with %%:
7 25,423 1,383 24,040 ← --help (120) + tool call
�@�[�d�pUSB�|�[�g�iType-C�~2�AType-A�~2�j�����ځB�ʔ��̃\�[���[�p�l�����j�b�g�uEcoFlow 220W�y�ʗ��ʃ\�[���[�p�l���v�i�\�z�������i��8��2500�~�j���p�������z���[�d���T�|�[�g���Ă����B