fix(waf): Prevent false positive bot detection on legitimate browsers
- Add LEGITIMATE_BROWSERS whitelist (Chrome, Firefox, Safari, Edge, etc.)
- Check for legitimate browser signatures BEFORE bot signature matching
- Fix CriOS (Chrome iOS) false positive: 'mozi' substring matched Mozi botnet
- Make botnet signatures more specific: 'mozi' → 'mozi/', 'mozi '
- Prevents banning real users loading pages with multiple JS requests
Fixes false positive on IP 82.65.224.119 (French ISP, Chrome iOS user)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CyberMind-FR
3fcad8e626