Description
Describe the bug
It seems to me there is a bug in how the variables tx.inbound_anomaly_score is used.
The variable tx.inbound_anomaly_score is only set if the condition TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" is fulfilled (see Rule 949110) or in case of reputation blocking but this is not relevant here as this might be disabled.
IMO this basically breaks Rule 980120. There, the condition is TX:INBOUND_ANOMALY_SCORE "@lt %{tx.inbound_anomaly_score_threshold}".
The condition of Rule 949110 requires TX:ANOMALY_SCORE to be larger than tx.inbound_anomaly_score_threshold for TX:INBOUND_ANOMALY_SCORE to be set. Rule 980120 requires TX:INBOUND_ANOMALY_SCORE to be smaller than tx.inbound_anomaly_score_threshold. But if TX:INBOUND_ANOMALY_SCORE is smaller than tx.inbound_anomaly_score_threshold it is likely unset.
The same is not the case for tx.outbound_anomaly_score as it is calculated differently.
- CRS version (e.g., v3.2.0): v3.3.0