mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2025-08-14 05:45:59 +03:00
Adjust parser activation rules in modsecurity.conf-recommended
This commit is contained in:
parent
d6c10885e0
commit
622eb9e6c8
2
CHANGES
2
CHANGES
@ -1,6 +1,8 @@
|
|||||||
v3.x.y - YYYY-MMM-DD (to be released)
|
v3.x.y - YYYY-MMM-DD (to be released)
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
|
|
||||||
|
- Adjust parser activation rules in modsecurity.conf-recommended
|
||||||
|
[Issue #2796 - @terjanq, @martinhsv]
|
||||||
- Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
|
- Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
|
||||||
[Issue #2795 - @terjanq, @martinhsv]
|
[Issue #2795 - @terjanq, @martinhsv]
|
||||||
- Prevent LMDB related segfault
|
- Prevent LMDB related segfault
|
||||||
|
@ -19,21 +19,21 @@ SecRequestBodyAccess On
|
|||||||
# Enable XML request body parser.
|
# Enable XML request body parser.
|
||||||
# Initiate XML Processor in case of xml content-type
|
# Initiate XML Processor in case of xml content-type
|
||||||
#
|
#
|
||||||
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \
|
SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
|
||||||
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
|
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
|
||||||
|
|
||||||
# Enable JSON request body parser.
|
# Enable JSON request body parser.
|
||||||
# Initiate JSON Processor in case of JSON content-type; change accordingly
|
# Initiate JSON Processor in case of JSON content-type; change accordingly
|
||||||
# if your application does not use 'application/json'
|
# if your application does not use 'application/json'
|
||||||
#
|
#
|
||||||
SecRule REQUEST_HEADERS:Content-Type "application/json" \
|
SecRule REQUEST_HEADERS:Content-Type "^application/json" \
|
||||||
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
|
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
|
||||||
|
|
||||||
# Sample rule to enable JSON request body parser for more subtypes.
|
# Sample rule to enable JSON request body parser for more subtypes.
|
||||||
# Uncomment or adapt this rule if you want to engage the JSON
|
# Uncomment or adapt this rule if you want to engage the JSON
|
||||||
# Processor for "+json" subtypes
|
# Processor for "+json" subtypes
|
||||||
#
|
#
|
||||||
#SecRule REQUEST_HEADERS:Content-Type "^application/.+[+]json$" \
|
#SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
|
||||||
# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
|
# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
|
||||||
|
|
||||||
# Maximum request body size we will accept for buffering. If you support
|
# Maximum request body size we will accept for buffering. If you support
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
"SecArgumentsLimit 6",
|
"SecArgumentsLimit 6",
|
||||||
"SecRule REQUEST_HEADERS:Content-Type \"application/json\" \"id:'200001',phase:1,t:none,pass,nolog,ctl:requestBodyProcessor=JSON\"",
|
"SecRule REQUEST_HEADERS:Content-Type \"^application/json\" \"id:'200001',phase:1,t:none,pass,nolog,ctl:requestBodyProcessor=JSON\"",
|
||||||
"SecRule REQBODY_ERROR \"!@eq 0\" \"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}'\"",
|
"SecRule REQBODY_ERROR \"!@eq 0\" \"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}'\"",
|
||||||
"SecRule ARGS:/k5/ \"@rx v5\" \"id:'1234',phase:2,deny,status:403,t:none,log,auditlog\""
|
"SecRule ARGS:/k5/ \"@rx v5\" \"id:'1234',phase:2,deny,status:403,t:none,log,auditlog\""
|
||||||
]
|
]
|
||||||
@ -78,7 +78,7 @@
|
|||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
"SecArgumentsLimit 5",
|
"SecArgumentsLimit 5",
|
||||||
"SecRule REQUEST_HEADERS:Content-Type \"application/json\" \"id:'200001',phase:1,t:none,pass,nolog,ctl:requestBodyProcessor=JSON\"",
|
"SecRule REQUEST_HEADERS:Content-Type \"^application/json\" \"id:'200001',phase:1,t:none,pass,nolog,ctl:requestBodyProcessor=JSON\"",
|
||||||
"SecRule REQBODY_ERROR \"!@eq 0\" \"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}'\"",
|
"SecRule REQBODY_ERROR \"!@eq 0\" \"id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}'\"",
|
||||||
"SecRule ARGS:/k5/ \"@rx v5\" \"id:'1234',phase:2,deny,status:403,t:none,log,auditlog\""
|
"SecRule ARGS:/k5/ \"@rx v5\" \"id:'1234',phase:2,deny,status:403,t:none,log,auditlog\""
|
||||||
]
|
]
|
||||||
|
@ -73,7 +73,7 @@
|
|||||||
},
|
},
|
||||||
"rules":[
|
"rules":[
|
||||||
"SecRuleEngine On",
|
"SecRuleEngine On",
|
||||||
"SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"",
|
"SecRule REQUEST_HEADERS:Content-Type \"^(?:application(?:/soap\+|/)|text/)xml\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"",
|
||||||
"SecRule REQBODY_PROCESSOR \"@contains test\" \"id:1,pass,phase:2,t:trim\""
|
"SecRule REQBODY_PROCESSOR \"@contains test\" \"id:1,pass,phase:2,t:trim\""
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
Loading…
x
Reference in New Issue
Block a user