From 32d9be885ffa61a1bb82db7128914b99eef8561e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= Date: Mon, 27 May 2024 12:07:41 +0100 Subject: [PATCH] feat: Add rule to edit the CRS-v3 default allowed_http_versions to add HTTP/3 and HTTP3.0 in ModSecurity when using HTTP3 --- src/common/core/modsecurity/confs/modsec-crs/http3.conf | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 src/common/core/modsecurity/confs/modsec-crs/http3.conf diff --git a/src/common/core/modsecurity/confs/modsec-crs/http3.conf b/src/common/core/modsecurity/confs/modsec-crs/http3.conf new file mode 100644 index 000000000..21d1d118a --- /dev/null +++ b/src/common/core/modsecurity/confs/modsec-crs/http3.conf @@ -0,0 +1,9 @@ +{% if USE_MODSECURITY == "yes" and MODSECURITY_CRS_VERSION == "3" and HTTP3 == "yes" +%} +SecAction \ +"id:900230,\ + phase:1,\ + nolog,\ + pass,\ + t:none,\ + setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'" +{% endif %}