This is the upstream test target sitting behind the mini-waf reverse proxy. It intentionally exposes a curated set of vulnerabilities to exercise WAF detection rules. Do not deploy in production.