github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added id to recommended file rules

Browse Source
This commit is contained in:
brenosilva 2012-06-06 16:55:36 +00:00
parent b6414bbdf2
commit 8ead49a9b7
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modsecurity.conf-recommended
View File

@ -20,7 +20,7 @@ SecRequestBodyAccess On
# Initiate XML Processor in case of xml content-type # Initiate XML Processor in case of xml content-type
# #
SecRule REQUEST_HEADERS:Content-Type "text/xml" \ SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# Maximum request body size we will accept for buffering. If you support # Maximum request body size we will accept for buffering. If you support
@ -51,7 +51,7 @@ SecRequestBodyLimitAction Reject
# or log a high-severity alert (when deployed in detection-only mode). # or log a high-severity alert (when deployed in detection-only mode).
# #
SecRule REQBODY_ERROR "!@eq 0" \ SecRule REQBODY_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
# By default be strict with what we accept in the multipart/form-data # By default be strict with what we accept in the multipart/form-data
# request body. If the rule below proves to be too strict for your # request body. If the rule below proves to be too strict for your
@ -59,7 +59,7 @@ SecRule REQBODY_ERROR "!@eq 0" \
# _not_ to remove it altogether. # _not_ to remove it altogether.
# #
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
"phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \
failed strict validation: \ failed strict validation: \
PE %{REQBODY_PROCESSOR_ERROR}, \ PE %{REQBODY_PROCESSOR_ERROR}, \
BQ %{MULTIPART_BOUNDARY_QUOTED}, \ BQ %{MULTIPART_BOUNDARY_QUOTED}, \
@ -76,7 +76,7 @@ IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
# Did we see anything that might be a boundary? # Did we see anything that might be a boundary?
# #
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
# PCRE Tuning # PCRE Tuning
# We want to avoid a potential RegEx DoS condition # We want to avoid a potential RegEx DoS condition
@ -90,7 +90,7 @@ SecPcreMatchLimitRecursion 1000
# MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded. # MSC_PCRE_LIMITS_EXCEEDED: PCRE match limits were exceeded.
# #
SecRule TX:/^MSC_/ "!@streq 0" \ SecRule TX:/^MSC_/ "!@streq 0" \
"phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
# -- Response body handling -------------------------------------------------- # -- Response body handling --------------------------------------------------