github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-30 11:44:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix bad merge of mem pool fix from trunk.

Browse Source 
Update to latest core rules.
This commit is contained in:
brectanus
2007-06-14 18:46:58 +00:00
parent 6569c444d8
commit a4835b73ff
3 changed files with 233 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
rules/blocking/modsecurity_crs_21_protocol_anomalies.conf
View File

@@ -1,50 +1,55 @@
# ---------------------------------------------------------------
# Core ModSecurity Rule Set
# Copyright (C) 2006 Breach Security Inc. All rights reserved.
#
# The ModSecuirty Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
#
# TODO in some cases a valid client (usually automated) generates requests that
# violates the HTTP protocol. Create exceptions for those clients, but try
# to limit the exception to a source IP or other additional properties of
# the request such as URL and not allow the violation generally.
#
# Use status code 400 response status code by default as protocol violations
# are in essence bad requests.
SecDefaultAction "log,pass,phase:1,status:400"
# Do not accept requests without common headers.
#
# Implies either an attacker or a legitimate automation client.
#
SecRule REQUEST_URI "^/$" "chain,skip:4"
SecRule REMOTE_ADDR "^127\.0\.0\.1$" "chain"
SecRule REQUEST_HEADERS:User-Agent "^Apache.*\(internal dummy connection\)$" "t:none"
SecRule &REQUEST_HEADERS:Host "@eq 0" \
"skip:1,deny,log,auditlog,status:400,msg:'Request Missing a Host Header',id:'960008',severity:'4'"
SecRule REQUEST_HEADERS:Host "^$" \
"deny,log,auditlog,status:400,msg:'Request Missing a Host Header',id:'960008',severity:'4'"
SecRule &REQUEST_HEADERS:Accept "@eq 0" \
"chain,skip:1,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015'"
SecRule REQUEST_METHOD "!OPTIONS"
SecRule REQUEST_HEADERS:Accept "^$" \
"chain,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015'"
SecRule REQUEST_METHOD "!OPTIONS"
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
"skip:1,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "^$" \
"deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',severity:'4'"
# Check that the host header is not an IP address
#
SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017'"
# ---------------------------------------------------------------
# Core ModSecurity Rule Set
# Copyright (C) 2006 Breach Security Inc. All rights reserved.
#
# The ModSecuirty Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
#
# TODO in some cases a valid client (usually automated) generates requests that
# violates the HTTP protocol. Create exceptions for those clients, but try
# to limit the exception to a source IP or other additional properties of
# the request such as URL and not allow the violation generally.
#
# Use status code 400 response status code by default as protocol violations
# are in essence bad requests.
SecDefaultAction "log,pass,phase:2,status:400"
# Do not accept requests without common headers.
#
# Implies either an attacker or a legitimate automation client.
#
SecRule REQUEST_URI "^/$" "chain,skip:4"
SecRule REMOTE_ADDR "^127\.0\.0\.1$" "chain"
SecRule REQUEST_HEADERS:User-Agent "^Apache.*\(internal dummy connection\)$" "t:none"
SecRule &REQUEST_HEADERS:Host "@eq 0" \
"skip:1,deny,log,auditlog,status:400,msg:'Request Missing a Host Header',,id:'960008',severity:'4'"
SecRule REQUEST_HEADERS:Host "^$" \
"deny,log,auditlog,status:400,msg:'Request Missing a Host Header',,id:'960008',severity:'4'"
SecRule &REQUEST_HEADERS:Accept "@eq 0" \
"chain,skip:1,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',,id:'960015',"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule REQUEST_HEADERS:Accept "^$" \
"chain,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',,id:'960015',"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
"skip:1,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',,id:'960009',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "^$" \
"deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',,id:'960009',severity:'4'"
SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \
"chain,deny,log,auditlog,status:400,msg:'Request Containing Content, but Missing Content-Type header',,id:'960904',severity:'4'"
SecRule REQUEST_HEADERS:Content-Length "!^0$"
# Check that the host header is not an IP address
#
SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',,id:'960017',"