github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 03:34:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update Core Rules to those in 2.1.4.

Browse Source
This commit is contained in:
brectanus
2007-12-14 23:23:46 +00:00
parent 4602f7d908
commit 3c4eacf6f1
17 changed files with 577 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
rules/modsecurity_crs_30_http_policy.conf
View File

@@ -1,6 +1,6 @@
# ---------------------------------------------------------------
# Core ModSecurity Rule Set
# Copyright (C) 2006 Breach Security Inc. All rights reserved.
# Core ModSecurity Rule Set ver.1.5
# Copyright (C) 2006-2007 Breach Security Inc. All rights reserved.
#
# The ModSecuirty Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
@@ -34,7 +34,7 @@ SecDefaultAction "pass,log,status:400,phase:2"
# to edit the line before uncommenting it.
#
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
"phase:2,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',,id:'960032',"
"phase:2,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'960032'"
# Restrict which content-types we accept.
@@ -68,7 +68,7 @@ SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
# UltraLite iAnywhere application/octet-stream
#
SecRule REQUEST_METHOD "!^(?:get|head|propfind|options)$" \
"chain, t:lowercase, deny,log,auditlog,status:501,msg:'Request content type is not allowed by policy',,id:'960010',severity:'4'"
"chain, t:lowercase, deny,log,auditlog,status:501,msg:'Request content type is not allowed by policy',id:'960010',severity:'4'"
SecRule REQUEST_HEADERS:Content-Type "!(?:^(?:application\/x-www-form-urlencoded(?:;(?:\s?charset\s?=\s?[\w\d\-]{1,18})?)??$|multipart/form-data;)|text/xml)"
# Restrict protocol versions.
@@ -82,7 +82,7 @@ SecRule REQUEST_HEADERS:Content-Type "!(?:^(?:application\/x-www-form-urlencoded
# client to send HTTP requests in a version lower than 1.1
#
SecRule REQUEST_PROTOCOL "!^HTTP/(0\.9|1\.[01])$" \
"t:none, deny,log,auditlog,status:505,msg:'HTTP protocol version is not allowed by policy', severity:'2',,id:'960034',"
"t:none, deny,log,auditlog,status:505,msg:'HTTP protocol version is not allowed by policy', severity:'2',id:'960034'"
# Restrict file extension
#
@@ -93,7 +93,7 @@ SecRule REQUEST_PROTOCOL "!^HTTP/(0\.9|1\.[01])$" \
# comment the whole rule.
#
SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|s(?:h?tm|ql|ys)|l(?:icx|nk|og)|\w{0,5}~|webinfo|ht[rw]|xs[dx]|key|mdb|old)$" \
"t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL file extension is restricted by policy', severity:'2',,id:'960035',"
"t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL file extension is restricted by policy', severity:'2',id:'960035'"
@@ -105,7 +105,7 @@ SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(
# Set Templates to do so, otherwise comment the whole rule.
#
SecRule REQUEST_HEADERS_NAMES "(?:lock-token|translate|if)$" \
"t:lowercase,deny,log,auditlog,status:500,msg:'HTTP header is restricted by policy',,id:'960038',severity:'4'"
"t:lowercase,deny,log,auditlog,status:500,msg:'HTTP header is restricted by policy',id:'960038',severity:'4'"
# Restricted Content Encodings
@@ -116,37 +116,9 @@ SecRule REQUEST_HEADERS_NAMES "(?:lock-token|translate|if)$" \
# - Outbound compressed content will be logged once, to alert the user
# Deny inbound compressed content
SecRule REQUEST_HEADERS:Content-Encoding "!^Identity$" \
"phase:2,t:none,deny,log,auditlog,status:501,msg:'ModSecurity does not support content encodings',,id:'960902',severity:'3'"
"phase:2,t:none,deny,log,auditlog,status:501,msg:'ModSecurity does not support content encodings',id:'960902',severity:'3'"
# Log outbound compressed content (once per location)
SecRule RESPONSE_HEADERS:Content-Encoding "!^Identity$" \
"phase:5,t:none,pass,log,auditlog,msg:'ModSecurity does not support content encodings',,id:'960903',severity:'4',chain"
"phase:5,t:none,pass,log,auditlog,msg:'ModSecurity does not support content encodings',id:'960903',severity:'4',chain"
SecRule &RESOURCE:alerted_960903_compression "@eq 0" "setvar:resource.alerted_960903_compression"
## -- Apache Limits ----------------------------------------------------------
# These are Apache limit directives, but we are including them here because
# they are often forgotten. If you already have these configured leave this
# section entirely commented-out. Otherwise review the limits and uncomment
# the directives.
# Maximum size of the request body.
#
# NOTE If your application allows file uploads the value below will
# most likely be way to low.
#
#LimitRequestBody 64000
# Maximum number of request headers in a request.
#
#LimitRequestFields 32
# Maximum size of request header lines.
#
#LimitRequestFieldSize 8000
# Maximum size of the request line.
#
#LimitRequestLine 4000