github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adjust parser activation rules in modsecurity.conf-recommended

Browse Source
This commit is contained in:
Martin Vierula 2022-09-07 11:43:54 -07:00
parent 51a30d7b40
commit bb372850ac
No known key found for this signature in database
GPG Key ID: F2FC4E45883BCBA4
4 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@ -1,6 +1,8 @@
DD mmm YYYY - 2.9.x (to be released) DD mmm YYYY - 2.9.x (to be released)
------------------- -------------------
* Adjust parser activation rules in modsecurity.conf-recommended
[Issue #2799 - @terjanq, @martinhsv]
* Multipart parsing fixes and new MULTIPART_PART_HEADERS collection * Multipart parsing fixes and new MULTIPART_PART_HEADERS collection
[Issue #2797 - @terjanq, @martinhsv] [Issue #2797 - @terjanq, @martinhsv]
* Limit rsub null termination to where necessary * Limit rsub null termination to where necessary

6
modsecurity.conf-recommended
View File

@ -19,21 +19,21 @@ SecRequestBodyAccess On
# Enable XML request body parser. # Enable XML request body parser.
# Initiate XML Processor in case of xml content-type # Initiate XML Processor in case of xml content-type
# #
SecRule REQUEST_HEADERS:Content-Type "(?:application(?:/soap\+|/)|text/)xml" \ SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
# Enable JSON request body parser. # Enable JSON request body parser.
# Initiate JSON Processor in case of JSON content-type; change accordingly # Initiate JSON Processor in case of JSON content-type; change accordingly
# if your application does not use 'application/json' # if your application does not use 'application/json'
# #
SecRule REQUEST_HEADERS:Content-Type "application/json" \ SecRule REQUEST_HEADERS:Content-Type "^application/json" \
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Sample rule to enable JSON request body parser for more subtypes. # Sample rule to enable JSON request body parser for more subtypes.
# Uncomment or adapt this rule if you want to engage the JSON # Uncomment or adapt this rule if you want to engage the JSON
# Processor for "+json" subtypes # Processor for "+json" subtypes
# #
#SecRule REQUEST_HEADERS:Content-Type "^application/.+[+]json$" \ #SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
# "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" # "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
# Maximum request body size we will accept for buffering. If you support # Maximum request body size we will accept for buffering. If you support

2
tests/regression/rule/10-xml.t
View File

@ -394,7 +394,7 @@
SecXmlExternalEntity On SecXmlExternalEntity On
SecDebugLog $ENV{DEBUG_LOG} SecDebugLog $ENV{DEBUG_LOG}
SecDebugLogLevel 9 SecDebugLogLevel 9
SecRule REQUEST_HEADERS:Content-Type "^text/xml\$" "id:500029, \\ SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" "id:500029, \\
phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML" phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML"
SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500030 SecRule REQBODY_PROCESSOR "!^XML\$" nolog,pass,skipAfter:12345,id:500030
SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope-bad.dtd" "id:500031 \\ SecRule XML "\@validateDTD $ENV{CONF_DIR}/SoapEnvelope-bad.dtd" "id:500031 \\

2
tests/regression/rule/15-json.t
View File

@ -236,7 +236,7 @@
SecAuditLog "$ENV{AUDIT_LOG}" SecAuditLog "$ENV{AUDIT_LOG}"
SecDebugLogLevel 9 SecDebugLogLevel 9
SecRequestBodyJsonDepthLimit 3 SecRequestBodyJsonDepthLimit 3
SecRule REQUEST_HEADERS:Content-Type "application/json" \\ SecRule REQUEST_HEADERS:Content-Type "^application/json" \\
"id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON" "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
SecRule REQBODY_ERROR "!\@eq 0" "id:'200444',phase:2,log,deny,status:403,msg:'Failed to parse request body'" SecRule REQBODY_ERROR "!\@eq 0" "id:'200444',phase:2,log,deny,status:403,msg:'Failed to parse request body'"
SecRule ARGS "\@streq 25" "id:'200445',phase:2,log,deny,status:403" SecRule ARGS "\@streq 25" "id:'200445',phase:2,log,deny,status:403"