mirror of
https://github.com/owasp-modsecurity/ModSecurity.git
synced 2026-01-13 15:07:10 +03:00
55 lines
1.1 KiB
Perl
55 lines
1.1 KiB
Perl
# PDF XSS Protection
|
|
|
|
{
|
|
type => "misc",
|
|
comment => "pdf-xss - GET",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
|
|
SecPdfProtect On
|
|
SecPdfProtectMethod TokenRedirection
|
|
SecPdfProtectSecret FooBar
|
|
SecPdfProtectTimeout 10
|
|
),
|
|
match_log => {
|
|
debug => [ qr/PdfProtect: PDF request without a token - redirecting to/, 1 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^200$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
GET => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
|
|
),
|
|
},
|
|
{
|
|
type => "misc",
|
|
comment => "pdf-xss - POST",
|
|
conf => qq(
|
|
SecRuleEngine On
|
|
SecDebugLog $ENV{DEBUG_LOG}
|
|
SecDebugLogLevel 9
|
|
|
|
SecPdfProtect On
|
|
SecPdfProtectMethod TokenRedirection
|
|
SecPdfProtectSecret FooBar
|
|
SecPdfProtectTimeout 10
|
|
),
|
|
match_log => {
|
|
-error => [ qr/exit signal/, 1 ],
|
|
debug => [ qr/PdfProtect: Not intercepting.*method=POST\/2/, 1 ],
|
|
},
|
|
match_response => {
|
|
status => qr/^200$/,
|
|
},
|
|
request => new HTTP::Request(
|
|
POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/test.pdf",
|
|
[
|
|
"Content-Type" => "application/x-www-form-urlencoded",
|
|
],
|
|
# Args
|
|
"a=1&b=2",
|
|
),
|
|
},
|