From 8ead49a9b7c3505c745e8a5bcb2da223b65a21e3 Mon Sep 17 00:00:00 2001 From: brenosilva Date: Wed, 6 Jun 2012 16:55:36 +0000 Subject: [PATCH] Added id to recommended file rules --- modsecurity.conf-recommended | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended index cb0cbc6d..b48f2ffb 100644 --- a/modsecurity.conf-recommended +++ b/modsecurity.conf-recommended @@ -20,7 +20,7 @@ SecRequestBodyAccess On # Initiate XML Processor in case of xml content-type # SecRule REQUEST_HEADERS:Content-Type "text/xml" \ - "phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" # Maximum request body size we will accept for buffering. If you support @@ -51,7 +51,7 @@ SecRequestBodyLimitAction Reject # or log a high-severity alert (when deployed in detection-only mode). # SecRule REQBODY_ERROR "!@eq 0" \ -"phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" +"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" # By default be strict with what we accept in the multipart/form-data # request body. If the rule below proves to be too strict for your @@ -59,7 +59,7 @@ SecRule REQBODY_ERROR "!@eq 0" \ # _not_ to remove it altogether. # SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ -"phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ +"id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ failed strict validation: \ PE %{REQBODY_PROCESSOR_ERROR}, \ BQ %{MULTIPART_BOUNDARY_QUOTED}, \ @@ -76,7 +76,7 @@ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'" # Did we see anything that might be a boundary? # SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ -"phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" +"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" # PCRE Tuning # We want to avoid a potential RegEx DoS condition @@ -90,7 +90,7 @@ SecPcreMatchLimitRecursion 1000 # MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. # SecRule TX:/^MSC_/ "!@streq 0" \ - "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" # -- Response body handling --------------------------------------------------