github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-13 21:36:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
ModSecurity/rules/modsecurity_crs_35_bad_robots.conf
brectanus efe52d4e77 Initialize rules tmp pool properly. 
Update to latest core rules.
2007-06-14 18:48:35 +00:00

34 lines
2.4 KiB
Plaintext
Raw Blame History

# ---------------------------------------------------------------
# Core ModSecurity Rule Set
# Copyright (C) 2006 Breach Security Inc. All rights reserved.
#
# The ModSecuirty Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
#
# NOTE Bad robots detection is based on checking elements easily
# controlled by the client. As such a determined attacked can bypass
# those checks. Therefore bad robots detection should not be viewed as
# a security mechanism against targeted attacks but rather as a nuisance
# reduction, eliminating most of the random attacks against your web
# site.
SecDefaultAction "log,pass,phase:2,t:lowercase"
SecRule REQUEST_HEADERS:User-Agent "(?:\b(?:m(?:ozilla\/4\.0 \(compatible\)|etis)|webtrends security analyzer|pmafind)\b|n(?:-stealth|sauditor|essus|ikto)|b(?:lack ?widow|rutus|ilbo)|(?:jaascoi|paro)s|internet explorer|webinspect|\.nasl)" \
"deny,log,auditlog,status:404,msg:'Request Indicates a Security Scanner Scanned the Site',,id:'990002',severity:'2'"
SecRule REQUEST_HEADERS_NAMES "\bacunetix-product\b" \
"deny,log,auditlog,status:404,msg:'Request Indicates a Security Scanner Scanned the Site',,id:'990901',severity:'2'"
SecRule REQUEST_FILENAME "^/nessustest" \
"deny,log,auditlog,status:404,msg:'Request Indicates a Security Scanner Scanned the Site',,id:'990902',severity:'2'"
SecRule REQUEST_HEADERS:User-Agent "(?:m(?:ozilla\/(?:4\.0 \(compatible; advanced email extractor|2\.0 \(compatible; newt activex; win32\))|ailto:craftbot\@yahoo\.com)|e(?:mail(?:(?:collec|harves|magne)t|(?: extracto|reape)r|siphon|wolf)|(?:collecto|irgrabbe)r|xtractorpro|o browse)|a(?:t(?:tache|hens)|utoemailspider|dsarobot)|w(?:eb(?:emailextrac| by mail)|3mir)|f(?:astlwspider|loodgate)|p(?:cbrowser|ackrat|surf)|(?:digout4uagen|takeou)t|(?:chinacla|be)w|hhjhj@yahoo|rsync|shai|zeus)" \
"deny,log,auditlog,status:404,msg:'Rogue web site crawler',,id:'990012',severity:'2'"
SecRule REQUEST_HEADERS:User-Agent "(?:\b(?:(?:indy librar|snoop)y|microsoft url control|lynx)\b|d(?:ownload demon|isco)|w(?:3mirror|get)|l(?:ibwww|wp)|p(?:avuk|erl)|cu(?:sto|rl)|big brother|autohttp|netants|eCatch)" \
"chain,log,auditlog,msg:'Request Indicates an automated program explored the site',,id:'990011',severity:'5'"
SecRule REQUEST_HEADERS:User-Agent "!^apache.*perl"
Reference in New Issue View Git Blame Copy Permalink