github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update to core rules 1.4.3

Browse Source
This commit is contained in:
brectanus
2007-07-19 14:18:42 +00:00
parent e251a9bd57
commit 9be72c39d1
12 changed files with 183 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
rules/modsecurity_crs_30_http_policy.conf
View File

@@ -34,7 +34,7 @@ SecDefaultAction "pass,log,status:400,phase:2"
# to edit the line before uncommenting it.
#
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
"phase:1,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',,id:'960032',"
"phase:2,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',,id:'960032',"
# Restrict which content-types we accept.
@@ -92,7 +92,7 @@ SecRule REQUEST_PROTOCOL "!^HTTP/(0\.9|1\.[01])$" \
# You may need to use ModSecurity Core Rule Set Templates to do so, otherwise
# comment the whole rule.
#
SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|s(?:h?tm|ql|ys)|l(?:icx|nk|og)|\w{,5}~|webinfo|ht[rw]|xs[dx]|key|mdb|old)$" \
SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(?:rinter|ass|db|ol|wd)|v(?:b(?:proj|s)?|sdisco)|a(?:s(?:ax?|cx)|xd)|d(?:bf?|at|ll|os)|i(?:d[acq]|n[ci])|ba(?:[kt]|ckup)|res(?:ources|x)|s(?:h?tm|ql|ys)|l(?:icx|nk|og)|\w{0,5}~|webinfo|ht[rw]|xs[dx]|key|mdb|old)$" \
"t:urlDecodeUni, t:lowercase, deny,log,auditlog,status:500,msg:'URL file extension is restricted by policy', severity:'2',,id:'960035',"
@@ -104,8 +104,8 @@ SecRule REQUEST_BASENAME "\.(?:c(?:o(?:nf(?:ig)?|m)|s(?:proj|r)?|dx|er|fg|md)|p(
# the list of blocked extensions. You may need to use ModSecurity Core Rule
# Set Templates to do so, otherwise comment the whole rule.
#
SecRule REQUEST_HEADERS_NAMES "\.(?:Lock-Token|Translate|If)$" \
"deny,log,auditlog,status:500,msg:'HTTP header is restricted by policy',,id:'960038',severity:'4'"
SecRule REQUEST_HEADERS_NAMES "(?:lock-token|translate|if)$" \
"t:lowercase,deny,log,auditlog,status:500,msg:'HTTP header is restricted by policy',,id:'960038',severity:'4'"
# Restricted Content Encodings