Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #1138 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "staging"
This commit is contained in:
Théophile Diot 2024-05-02 12:25:20 +02:00 committed by GitHub
commit 92b3948960
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
216 changed files with 6115 additions and 3626 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.github/workflows/beta.yml vendored
View file

@ -94,12 +94,14 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel, rhel9]
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
platforms: [linux/amd64, linux/arm64]
include:
- release: beta
- linux: ubuntu
package: deb
- linux: ubuntu-noble
package: deb
- linux: debian
package: deb
- linux: fedora
@ -133,7 +135,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -179,7 +181,7 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el, el9]
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
arch: [amd64, arm64]
include:
- release: beta
@ -189,6 +191,11 @@ jobs:
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
separator: _
suffix: ""
version: noble
package: deb
- linux: debian
separator: _
suffix: ""
@ -212,6 +219,9 @@ jobs:
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: ubuntu-noble
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
@ -227,6 +237,9 @@ jobs:
- linux: ubuntu
arch: arm64
package_arch: arm64
- linux: ubuntu-noble
arch: arm64
package_arch: arm64
- linux: debian
arch: arm64
package_arch: arm64

6
.github/workflows/codeql.yml vendored
View file

@ -19,7 +19,7 @@ jobs:
language: ["python", "javascript"]
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Set up Python 3.9
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
if: matrix.language == 'python'
@ -35,12 +35,12 @@ jobs:
python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt
echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
- name: Initialize CodeQL
uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
languages: ${{ matrix.language }}
config-file: ./.github/codeql.yml
setup-python-dependencies: false
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
category: "/language:${{matrix.language}}"

2
.github/workflows/container-build.yml vendored
View file

@ -45,7 +45,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Replace VERSION
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}

4
.github/workflows/create-arm.yml vendored
View file

@ -33,7 +33,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Get ARM availabilities
id: availabilities
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082
@ -66,7 +66,7 @@ jobs:
with:
args: instance server wait ${{ fromJson(steps.scw.outputs.json).ID }} zone=fr-par-2
- name: Wait for SSH
uses: iFaxity/wait-on-action@628831cec646e6dacca502f34a6c6b46e131e51d
uses: iFaxity/wait-on-action@df89d0cf8089bb0c38e25279c74848ef313da53b
with:
resource: tcp:${{ fromJson(steps.scw.outputs.json).public_ip.address }}:22
timeout: 300000

4
.github/workflows/dev-update-mmdb.yml vendored
View file

@ -5,14 +5,14 @@ permissions:
on:
schedule:
- cron: "0 12 1 * *"
- cron: "0 12 5 * *"
jobs:
mmdb-update:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}

16
.github/workflows/dev.yml vendored
View file

@ -43,10 +43,12 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel, rhel9]
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
include:
- linux: ubuntu
package: deb
- linux: ubuntu-noble
package: deb
- linux: debian
package: deb
- linux: fedora
@ -78,7 +80,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -111,7 +113,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -185,7 +187,7 @@ jobs:
needs: [tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el, el9]
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
arch: [amd64]
include:
- release: dev
@ -196,6 +198,12 @@ jobs:
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
package_arch: amd64
separator: _
suffix: ""
version: noble
package: deb
- linux: debian
package_arch: amd64
separator: _

4
.github/workflows/doc-to-pdf.yml vendored
View file

@ -13,7 +13,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
@ -32,7 +32,7 @@ jobs:
run: mkdocs serve & sleep 10
- name: Run pdf script
run: node docs/misc/pdf.js http://localhost:8000/print_page/ BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf 'BunkerWeb documentation v${{ inputs.VERSION }}'
- uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
path: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf

4
.github/workflows/linux-build.yml vendored
View file

@ -37,7 +37,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Replace VERSION
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
@ -129,7 +129,7 @@ jobs:
scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }}
env:
LARCH: ${{ env.LARCH }}
- uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}

2
.github/workflows/push-doc.yml vendored
View file

@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
fetch-depth: 0
token: ${{ secrets.BUNKERBOT_TOKEN }}

2
.github/workflows/push-docker.yml vendored
View file

@ -33,7 +33,7 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Login to Docker Hub
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:

4
.github/workflows/push-github.yml vendored
View file

@ -15,11 +15,11 @@ jobs:
runs-on: ubuntu-latest
steps:
# Checkout
- uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# Get PDF doc
- name: Get documentation
if: inputs.VERSION != 'testing'
uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: BunkerWeb_documentation_v${{ inputs.VERSION }}.pdf
# Create tag

21
.github/workflows/push-packagecloud.yml vendored
View file

@ -40,20 +40,20 @@ jobs:
steps:
# Prepare
- name: Check out repository code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install ruby
uses: ruby/setup-ruby@6bd3d993c602f6b675728ebaecb2b569ff86e99b # v1.174.0
uses: ruby/setup-ruby@1198b074305f9356bd56dd4b311757cc0dab2f1c # v1.175.1
with:
ruby-version: "3.0"
- name: Install packagecloud
run: gem install package_cloud
# Download packages
- uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
if: inputs.LINUX != 'el' && inputs.LINUX != 'el9'
with:
name: package-${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
path: /tmp/${{ inputs.LINUX }}
- uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
if: inputs.LINUX == 'el' || inputs.LINUX == 'el9'
with:
name: package-rh${{ inputs.LINUX }}-${{ inputs.PACKAGE_ARCH }}
@ -76,7 +76,7 @@ jobs:
# run: sudo apt install -y rename && rename 's/[0-9]\.[0-9]\.[0-9]/testing/' /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
# Push package
- name: Push package to packagecloud
if: inputs.LINUX != 'el9'
if: inputs.LINUX != 'el9' && inputs.LINUX != 'ubuntu-noble'
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
with:
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
@ -84,7 +84,7 @@ jobs:
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: ${{ inputs.LINUX }}/${{ inputs.VERSION }}
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push package to packagecloud
- name: Push package to packagecloud for el9
if: inputs.LINUX == 'el9'
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
with:
@ -93,3 +93,12 @@ jobs:
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: el/9
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- name: Push package to packagecloud for ubuntu-noble
if: inputs.LINUX == 'ubuntu-noble'
uses: danielmundi/upload-packagecloud@46cd0e61152bf952dbc0d1759e609d3d22649030 # v1
with:
PACKAGE-NAME: /tmp/${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
PACKAGECLOUD-USERNAME: bunkerity
PACKAGECLOUD-REPO: ${{ inputs.REPO }}
PACKAGECLOUD-DISTRIB: ubuntu/noble
PACKAGECLOUD-TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

19
.github/workflows/release.yml vendored
View file

@ -104,12 +104,14 @@ jobs:
needs: [create-arm]
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel, rhel9]
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
platforms: [linux/amd64, linux/arm64]
include:
- release: latest
- linux: ubuntu
package: deb
- linux: ubuntu-noble
package: deb
- linux: debian
package: deb
- linux: fedora
@ -141,7 +143,7 @@ jobs:
versionrpm: ${{ steps.getversionrpm.outputs.versionrpm }}
steps:
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Get VERSION
id: getversion
run: echo "version=$(cat src/VERSION | tr -d '\n')" >> "$GITHUB_OUTPUT"
@ -191,7 +193,7 @@ jobs:
needs: [wait-builds]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el, el9]
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
arch: [amd64, arm64]
include:
- release: latest
@ -201,6 +203,11 @@ jobs:
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
separator: _
suffix: ""
version: noble
package: deb
- linux: debian
separator: _
suffix: ""
@ -224,6 +231,9 @@ jobs:
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: ubuntu-noble
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
@ -239,6 +249,9 @@ jobs:
- linux: ubuntu
arch: arm64
package_arch: arm64
- linux: ubuntu-noble
arch: arm64
package_arch: arm64
- linux: debian
arch: arm64
package_arch: arm64

2
.github/workflows/rm-arm.yml vendored
View file

@ -21,7 +21,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Delete ARM VM
uses: scaleway/action-scw@be2696f261325a78354eda14988c80405f33e082
with:

4
.github/workflows/scorecards-analysis.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: "Checkout code"
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
with:
persist-credentials: false
- name: "Run analysis"
@ -25,6 +25,6 @@ jobs:
results_format: sarif
publish_results: true
- name: "Upload SARIF results to code scanning"
uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
sarif_file: results.sarif

6
.github/workflows/staging-create-infra.yml vendored
View file

@ -21,9 +21,9 @@ jobs:
run: ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" && ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub && echo -e "Host *\n StrictHostKeyChecking no" > ~/.ssh/ssh_config
if: inputs.TYPE != 'k8s'
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install terraform
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
uses: hashicorp/setup-terraform@97f030cf6dc0b4f5e0da352c7bca9cca34579800 # v3.1.0
- name: Install kubectl
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
if: inputs.TYPE == 'k8s'
@ -52,7 +52,7 @@ jobs:
if: always()
env:
SECRET_KEY: ${{ secrets.SECRET_KEY }}
- uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: always()
with:
name: tf-${{ inputs.TYPE }}

6
.github/workflows/staging-delete-infra.yml vendored
View file

@ -20,10 +20,10 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install terraform
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
- uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
uses: hashicorp/setup-terraform@97f030cf6dc0b4f5e0da352c7bca9cca34579800 # v3.1.0
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: tf-${{ inputs.TYPE }}
path: /tmp

4
.github/workflows/staging-tests.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:
@ -43,7 +43,7 @@ jobs:
if: inputs.TYPE == 'swarm'
- name: Install test dependencies
run: PIP_BREAK_SYSTEM_PACKAGES=1 pip3 install --no-cache-dir --require-hashes --no-deps -r tests/requirements.txt
- uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: tf-k8s
path: /tmp

16
.github/workflows/staging.yml vendored
View file

@ -43,10 +43,12 @@ jobs:
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel, rhel9]
linux: [ubuntu, ubuntu-noble, debian, fedora, rhel, rhel9]
include:
- linux: ubuntu
package: deb
- linux: ubuntu-noble
package: deb
- linux: debian
package: deb
- linux: fedora
@ -89,7 +91,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -100,7 +102,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- id: set-matrix
run: |
tests=$(find ./tests/ui/ -name "*_page.py" -type f -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
@ -221,7 +223,7 @@ jobs:
needs: [staging-tests, tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el, el9]
linux: [ubuntu, ubuntu-noble, debian, fedora, el, el9]
arch: [amd64]
include:
- release: testing
@ -232,6 +234,12 @@ jobs:
suffix: ""
version: jammy
package: deb
- linux: ubuntu-noble
package_arch: amd64
separator: _
suffix: ""
version: noble
package: deb
- linux: debian
package_arch: amd64
separator: _

2
.github/workflows/test-core-linux.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Set up Python 3.9
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:

2
.github/workflows/test-core.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:

2
.github/workflows/tests-ui-linux.yml vendored
View file

@ -16,7 +16,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Set up Python 3.9
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:

2
.github/workflows/tests-ui.yml vendored
View file

@ -15,7 +15,7 @@ jobs:
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Login to ghcr
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
with:

10
CHANGELOG.md
View file

@ -13,17 +13,23 @@
- [UI] General : fix tooltip crop because of overflow
- [UI] General : fix select setting crop because of overflow and check if select is out of viewport to determine visible position
- [UI] General : show logs on UI when pre rendering issue
- [UI] General : Improve UI performance by using multiple workers for the web server and reducing the number of times we prompt a loading page
- [UI] Global config : fix script error while fragment relate to a missing plugin
- [UI] Global config / services page : filtering settings now open plugin select to highlight remaining plugin
- [UI] Global config / services page : add combobox on plugin select open to search a plugin quick
- [UI] Global config / services page : add combobox on plugin select open to search a plugin quick
- [UI] Global config / services page : add order for settings to always respect the order defined in the plugin
- [UI] Reporting page : fix missing data and add new ones
- [UI] Account page : keep license key form even if pro register to easy update
- [UI] Wizard : Add the possibility to still configure reverse proxy even if an admin user already exists
- [DOCUMENTATION] Add upgrade procedure for 1.5.7+
- [DOCUMENTATION] Rename Migrating section to Upgrading
- [MISC] Support custom bwcli commands using plugins
- [MISC] Add Docker labels in autoconf, bw, scheduler, and ui Dockerfiles
- [DEPS] Update Python base Docker image to version 3.12.3-alpine3.19
- [DEPS] Updated LuaJIT version to v2.1-20240314
- [DEPS] Updated lua-resty-openssl version to 1.3.1
- [DEPS] Updated coreruleset-v4 version to v4.2.0
## v1.5.6 - 2024/03/25

5
README.md
View file

@ -273,6 +273,7 @@ List of supported Linux distros :
- Debian 12 "Bookworm"
- Ubuntu 22.04 "Jammy"
- Ubuntu 24.04 "Noble"
- Fedora 39
- RHEL 8.9
- RHEL 9.3
@ -281,6 +282,9 @@ Repositories of Linux packages for BunkerWeb are available on [PackageCloud](htt
You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.7/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation.
> [!IMPORTANT]
> As of Ubuntu 24.04, the `nginx` package is not available in the official repository. You will need to use the `jammy` repository to install NGINX 1.24.0. Also we do not yet run automated tests on Ubuntu 24.04, so please consider this version as experimental.
## Ansible
<p align="center">
@ -291,6 +295,7 @@ List of supported Linux distros :
- Debian 12 "Bookworm"
- Ubuntu 22.04 "Jammy"
- Ubuntu 24.04 "Noble"
- Fedora 39
- RHEL 8.9
- RHEL 9.3

9
docs/integrations.md
View file

@ -948,6 +948,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Debian 12 "Bookworm"
- Ubuntu 22.04 "Jammy"
- Ubuntu 24.04 "Noble"
- Fedora 39
- Red Hat Enterprise Linux (RHEL) 8.9
- Red Hat Enterprise Linux (RHEL) 9.3
@ -1005,6 +1006,11 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
=== "Ubuntu"
!!! example "Specifications for Ubuntu 24.04"
As of Ubuntu 24.04, the `nginx` package is not available in the official repository. You will need to use the `jammy` repository to install NGINX 1.24.0.
Also we do not yet run automated tests on Ubuntu 24.04, so please consider this version as experimental.
The first step is to add NGINX official repository :
```shell
@ -1012,7 +1018,7 @@ To simplify the installation process, Linux package repositories for BunkerWeb a
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
http://nginx.org/packages/ubuntu jammy nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
```
@ -1157,6 +1163,7 @@ Supported Linux distributions for BunkerWeb (amd64/x86_64 and arm64/aarch64 arch
- Debian 12 "Bookworm"
- Ubuntu 22.04 "Jammy"
- Ubuntu 24.04 "Noble"
- Fedora 39
- Red Hat Enterprise Linux (RHEL) 8.9
- Red Hat Enterprise Linux (RHEL) 9.3

3
docs/requirements.in
View file

@ -1,5 +1,4 @@
mike==2.0.0
mkdocs==1.5.3
mkdocs-material[imaging]==9.5.18
mkdocs-material[imaging]==9.5.20
mkdocs-print-site-plugin==2.4.0
pytablewriter==1.2.0

229
docs/requirements.txt
View file

@ -8,9 +8,9 @@ babel==2.14.0 \
--hash=sha256:6919867db036398ba21eb5c7a0f6b28ab8cbc3ae7a73a44ebe34ae74a4e7d363 \
--hash=sha256:efb1a25b7118e67ce3a259bed20545c29cb68be8ad2c784c83689981b7a57287
# via mkdocs-material
cairocffi==1.6.1 \
--hash=sha256:78e6bbe47357640c453d0be929fa49cd05cce2e1286f3d2a1ca9cbda7efdb8b7 \
--hash=sha256:aa78ee52b9069d7475eeac457389b6275aa92111895d78fbaa2202a52dac112e
cairocffi==1.7.0 \
--hash=sha256:1f29a8d41dbda4090c0aa33bcdea64f3b493e95f74a43ea107c4a8a7b7f632ef \
--hash=sha256:7761863603894305f3160eca68452f373433ca8745ab7dd445bd2c6ce50dcab7
# via cairosvg
cairosvg==2.7.1 \
--hash=sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0 \
@ -207,6 +207,7 @@ importlib-metadata==7.1.0 \
# markdown
# mike
# mkdocs
# mkdocs-get-deps
importlib-resources==6.4.0 \
--hash=sha256:50d10f043df931902d4194ea07ec57960f66a80449ff867bfe782b4c486ba78c \
--hash=sha256:cdb2b453b8046ca4e3798eb1d84f3cce1446a0e8e7b5ef4efb600f19fc398145
@ -299,21 +300,26 @@ mbstrdecoder==1.1.3 \
mergedeep==1.3.4 \
--hash=sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8 \
--hash=sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307
# via mkdocs
# via
# mkdocs
# mkdocs-get-deps
mike==2.0.0 \
--hash=sha256:566f1cab1a58cc50b106fb79ea2f1f56e7bfc8b25a051e95e6eaee9fba0922de \
--hash=sha256:87f496a65900f93ba92d72940242b65c86f3f2f82871bc60ebdcffc91fad1d9e
# via -r requirements.in
mkdocs==1.5.3 \
--hash=sha256:3b3a78e736b31158d64dbb2f8ba29bd46a379d0c6e324c2246c3bc3d2189cfc1 \
--hash=sha256:eb7c99214dcb945313ba30426c2451b735992c73c2e10838f76d09e39ff4d0e2
mkdocs==1.6.0 \
--hash=sha256:1eb5cb7676b7d89323e62b56235010216319217d4af5ddc543a91beb8d125ea7 \
--hash=sha256:a73f735824ef83a4f3bcb7a231dcab23f5a838f88b7efc54a0eef5fbdbc3c512
# via
# -r requirements.in
# mike
# mkdocs-material
mkdocs-material==9.5.18 \
--hash=sha256:1e0e27fc9fe239f9064318acf548771a4629d5fd5dfd45444fd80a953fe21eb4 \
--hash=sha256:a43f470947053fa2405c33995f282d24992c752a50114f23f30da9d8d0c57e62
mkdocs-get-deps==0.2.0 \
--hash=sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c \
--hash=sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134
# via mkdocs
mkdocs-material==9.5.20 \
--hash=sha256:986eef0250d22f70fb06ce0f4eac64cc92bd797a589ec3892ce31fad976fe3da \
--hash=sha256:ad0094a7597bcb5d0cc3e8e543a10927c2581f7f647b9bb4861600f583180f9b
# via
# -r requirements.in
# mkdocs-print-site-plugin
@ -415,10 +421,10 @@ pillow==10.3.0 \
# via
# cairosvg
# mkdocs-material
platformdirs==4.2.0 \
--hash=sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068 \
--hash=sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768
# via mkdocs
platformdirs==4.2.1 \
--hash=sha256:031cd18d4ec63ec53e82dceaac0417d218a6863f7745dfcc9efe7793b7039bdf \
--hash=sha256:17d5a1161b3fd67b390023cb2d3b026bbd40abde6fdb052dfbd3a29c3ba22ee1
# via mkdocs-get-deps
pycparser==2.22 \
--hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
--hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
@ -427,9 +433,9 @@ pygments==2.17.2 \
--hash=sha256:b27c2826c47d0f3219f29554824c30c5e8945175d888647acd804ddd04af846c \
--hash=sha256:da46cec9fd2de5be3a8a784f434e4c4ab670b4ff54d605c4c2717e9d49c4c367
# via mkdocs-material
pymdown-extensions==10.7.1 \
--hash=sha256:c70e146bdd83c744ffc766b4671999796aba18842b268510a329f7f64700d584 \
--hash=sha256:f5cc7000d7ff0d1ce9395d216017fa4df3dde800afb1fb72d1c7d3fd35e710f4
pymdown-extensions==10.8.1 \
--hash=sha256:3ab1db5c9e21728dabf75192d71471f8e50f216627e9a1fa9535ecb0231b9940 \
--hash=sha256:f938326115884f48c6059c67377c46cf631c733ef3629b6eed1349989d1b30cb
# via mkdocs-material
pyparsing==3.1.2 \
--hash=sha256:a1bac0ce561155ecc3ed78ca94d3c9378656ad4c94c1270de543f621420f94ad \
@ -504,106 +510,93 @@ pyyaml==6.0.1 \
# via
# mike
# mkdocs
# mkdocs-get-deps
# pymdown-extensions
# pyyaml-env-tag
pyyaml-env-tag==0.1 \
--hash=sha256:70092675bda14fdec33b31ba77e7543de9ddc88f2e5b99160396572d11525bdb \
--hash=sha256:af31106dec8a4d68c60207c1886031cbf839b68aa7abccdb19868200532c2069
# via mkdocs
regex==2024.4.16 \
--hash=sha256:00169caa125f35d1bca6045d65a662af0202704489fada95346cfa092ec23f39 \
--hash=sha256:03576e3a423d19dda13e55598f0fd507b5d660d42c51b02df4e0d97824fdcae3 \
--hash=sha256:03e68f44340528111067cecf12721c3df4811c67268b897fbe695c95f860ac42 \
--hash=sha256:0534b034fba6101611968fae8e856c1698da97ce2efb5c2b895fc8b9e23a5834 \
--hash=sha256:08dea89f859c3df48a440dbdcd7b7155bc675f2fa2ec8c521d02dc69e877db70 \
--hash=sha256:0a38d151e2cdd66d16dab550c22f9521ba79761423b87c01dae0a6e9add79c0d \
--hash=sha256:0c8290b44d8b0af4e77048646c10c6e3aa583c1ca67f3b5ffb6e06cf0c6f0f89 \
--hash=sha256:10188fe732dec829c7acca7422cdd1bf57d853c7199d5a9e96bb4d40db239c73 \
--hash=sha256:1210365faba7c2150451eb78ec5687871c796b0f1fa701bfd2a4a25420482d26 \
--hash=sha256:12f6a3f2f58bb7344751919a1876ee1b976fe08b9ffccb4bbea66f26af6017b9 \
--hash=sha256:159dc4e59a159cb8e4e8f8961eb1fa5d58f93cb1acd1701d8aff38d45e1a84a6 \
--hash=sha256:20b7a68444f536365af42a75ccecb7ab41a896a04acf58432db9e206f4e525d6 \
--hash=sha256:23cff1b267038501b179ccbbd74a821ac4a7192a1852d1d558e562b507d46013 \
--hash=sha256:2c72608e70f053643437bd2be0608f7f1c46d4022e4104d76826f0839199347a \
--hash=sha256:3399dd8a7495bbb2bacd59b84840eef9057826c664472e86c91d675d007137f5 \
--hash=sha256:34422d5a69a60b7e9a07a690094e824b66f5ddc662a5fc600d65b7c174a05f04 \
--hash=sha256:370c68dc5570b394cbaadff50e64d705f64debed30573e5c313c360689b6aadc \
--hash=sha256:3a1018e97aeb24e4f939afcd88211ace472ba566efc5bdf53fd8fd7f41fa7170 \
--hash=sha256:3d5ac5234fb5053850d79dd8eb1015cb0d7d9ed951fa37aa9e6249a19aa4f336 \
--hash=sha256:4313ab9bf6a81206c8ac28fdfcddc0435299dc88cad12cc6305fd0e78b81f9e4 \
--hash=sha256:445ca8d3c5a01309633a0c9db57150312a181146315693273e35d936472df912 \
--hash=sha256:479595a4fbe9ed8f8f72c59717e8cf222da2e4c07b6ae5b65411e6302af9708e \
--hash=sha256:4918fd5f8b43aa7ec031e0fef1ee02deb80b6afd49c85f0790be1dc4ce34cb50 \
--hash=sha256:4aba818dcc7263852aabb172ec27b71d2abca02a593b95fa79351b2774eb1d2b \
--hash=sha256:4e819a806420bc010489f4e741b3036071aba209f2e0989d4750b08b12a9343f \
--hash=sha256:4facc913e10bdba42ec0aee76d029aedda628161a7ce4116b16680a0413f658a \
--hash=sha256:549c3584993772e25f02d0656ac48abdda73169fe347263948cf2b1cead622f3 \
--hash=sha256:5c02fcd2bf45162280613d2e4a1ca3ac558ff921ae4e308ecb307650d3a6ee51 \
--hash=sha256:5f580c651a72b75c39e311343fe6875d6f58cf51c471a97f15a938d9fe4e0d37 \
--hash=sha256:62120ed0de69b3649cc68e2965376048793f466c5a6c4370fb27c16c1beac22d \
--hash=sha256:6295004b2dd37b0835ea5c14a33e00e8cfa3c4add4d587b77287825f3418d310 \
--hash=sha256:65436dce9fdc0aeeb0a0effe0839cb3d6a05f45aa45a4d9f9c60989beca78b9c \
--hash=sha256:684008ec44ad275832a5a152f6e764bbe1914bea10968017b6feaecdad5736e0 \
--hash=sha256:684e52023aec43bdf0250e843e1fdd6febbe831bd9d52da72333fa201aaa2335 \
--hash=sha256:6cc38067209354e16c5609b66285af17a2863a47585bcf75285cab33d4c3b8df \
--hash=sha256:6f2f017c5be19984fbbf55f8af6caba25e62c71293213f044da3ada7091a4455 \
--hash=sha256:743deffdf3b3481da32e8a96887e2aa945ec6685af1cfe2bcc292638c9ba2f48 \
--hash=sha256:7571f19f4a3fd00af9341c7801d1ad1967fc9c3f5e62402683047e7166b9f2b4 \
--hash=sha256:7731728b6568fc286d86745f27f07266de49603a6fdc4d19c87e8c247be452af \
--hash=sha256:785c071c982dce54d44ea0b79cd6dfafddeccdd98cfa5f7b86ef69b381b457d9 \
--hash=sha256:78fddb22b9ef810b63ef341c9fcf6455232d97cfe03938cbc29e2672c436670e \
--hash=sha256:7bb966fdd9217e53abf824f437a5a2d643a38d4fd5fd0ca711b9da683d452969 \
--hash=sha256:7cbc5d9e8a1781e7be17da67b92580d6ce4dcef5819c1b1b89f49d9678cc278c \
--hash=sha256:803b8905b52de78b173d3c1e83df0efb929621e7b7c5766c0843704d5332682f \
--hash=sha256:80b696e8972b81edf0af2a259e1b2a4a661f818fae22e5fa4fa1a995fb4a40fd \
--hash=sha256:81500ed5af2090b4a9157a59dbc89873a25c33db1bb9a8cf123837dcc9765047 \
--hash=sha256:89ec7f2c08937421bbbb8b48c54096fa4f88347946d4747021ad85f1b3021b3c \
--hash=sha256:8ba6745440b9a27336443b0c285d705ce73adb9ec90e2f2004c64d95ab5a7598 \
--hash=sha256:8c91e1763696c0eb66340c4df98623c2d4e77d0746b8f8f2bee2c6883fd1fe18 \
--hash=sha256:8d015604ee6204e76569d2f44e5a210728fa917115bef0d102f4107e622b08d5 \
--hash=sha256:8d1f86f3f4e2388aa3310b50694ac44daefbd1681def26b4519bd050a398dc5a \
--hash=sha256:8f83b6fd3dc3ba94d2b22717f9c8b8512354fd95221ac661784df2769ea9bba9 \
--hash=sha256:8fc6976a3395fe4d1fbeb984adaa8ec652a1e12f36b56ec8c236e5117b585427 \
--hash=sha256:904c883cf10a975b02ab3478bce652f0f5346a2c28d0a8521d97bb23c323cc8b \
--hash=sha256:911742856ce98d879acbea33fcc03c1d8dc1106234c5e7d068932c945db209c0 \
--hash=sha256:91797b98f5e34b6a49f54be33f72e2fb658018ae532be2f79f7c63b4ae225145 \
--hash=sha256:95399831a206211d6bc40224af1c635cb8790ddd5c7493e0bd03b85711076a53 \
--hash=sha256:956b58d692f235cfbf5b4f3abd6d99bf102f161ccfe20d2fd0904f51c72c4c66 \
--hash=sha256:98c1165f3809ce7774f05cb74e5408cd3aa93ee8573ae959a97a53db3ca3180d \
--hash=sha256:9ab40412f8cd6f615bfedea40c8bf0407d41bf83b96f6fc9ff34976d6b7037fd \
--hash=sha256:9df1bfef97db938469ef0a7354b2d591a2d438bc497b2c489471bec0e6baf7c4 \
--hash=sha256:a01fe2305e6232ef3e8f40bfc0f0f3a04def9aab514910fa4203bafbc0bb4682 \
--hash=sha256:a70b51f55fd954d1f194271695821dd62054d949efd6368d8be64edd37f55c86 \
--hash=sha256:a7ccdd1c4a3472a7533b0a7aa9ee34c9a2bef859ba86deec07aff2ad7e0c3b94 \
--hash=sha256:b340cccad138ecb363324aa26893963dcabb02bb25e440ebdf42e30963f1a4e0 \
--hash=sha256:b74586dd0b039c62416034f811d7ee62810174bb70dffcca6439f5236249eb09 \
--hash=sha256:b9d320b3bf82a39f248769fc7f188e00f93526cc0fe739cfa197868633d44701 \
--hash=sha256:ba2336d6548dee3117520545cfe44dc28a250aa091f8281d28804aa8d707d93d \
--hash=sha256:ba8122e3bb94ecda29a8de4cf889f600171424ea586847aa92c334772d200331 \
--hash=sha256:bd727ad276bb91928879f3aa6396c9a1d34e5e180dce40578421a691eeb77f47 \
--hash=sha256:c21fc21a4c7480479d12fd8e679b699f744f76bb05f53a1d14182b31f55aac76 \
--hash=sha256:c2d0e7cbb6341e830adcbfa2479fdeebbfbb328f11edd6b5675674e7a1e37730 \
--hash=sha256:c2ef6f7990b6e8758fe48ad08f7e2f66c8f11dc66e24093304b87cae9037bb4a \
--hash=sha256:c4ed75ea6892a56896d78f11006161eea52c45a14994794bcfa1654430984b22 \
--hash=sha256:cccc79a9be9b64c881f18305a7c715ba199e471a3973faeb7ba84172abb3f317 \
--hash=sha256:d0800631e565c47520aaa04ae38b96abc5196fe8b4aa9bd864445bd2b5848a7a \
--hash=sha256:d2da13568eff02b30fd54fccd1e042a70fe920d816616fda4bf54ec705668d81 \
--hash=sha256:d61ae114d2a2311f61d90c2ef1358518e8f05eafda76eaf9c772a077e0b465ec \
--hash=sha256:d83c2bc678453646f1a18f8db1e927a2d3f4935031b9ad8a76e56760461105dd \
--hash=sha256:dd5acc0a7d38fdc7a3a6fd3ad14c880819008ecb3379626e56b163165162cc46 \
--hash=sha256:df79012ebf6f4efb8d307b1328226aef24ca446b3ff8d0e30202d7ebcb977a8c \
--hash=sha256:e0a2df336d1135a0b3a67f3bbf78a75f69562c1199ed9935372b82215cddd6e2 \
--hash=sha256:e2f142b45c6fed48166faeb4303b4b58c9fcd827da63f4cf0a123c3480ae11fb \
--hash=sha256:e697e1c0238133589e00c244a8b676bc2cfc3ab4961318d902040d099fec7483 \
--hash=sha256:e757d475953269fbf4b441207bb7dbdd1c43180711b6208e129b637792ac0b93 \
--hash=sha256:e87ab229332ceb127a165612d839ab87795972102cb9830e5f12b8c9a5c1b508 \
--hash=sha256:ea355eb43b11764cf799dda62c658c4d2fdb16af41f59bb1ccfec517b60bcb07 \
--hash=sha256:ec7e0043b91115f427998febaa2beb82c82df708168b35ece3accb610b91fac1 \
--hash=sha256:eeaa0b5328b785abc344acc6241cffde50dc394a0644a968add75fcefe15b9d4 \
--hash=sha256:f2d80a6749724b37853ece57988b39c4e79d2b5fe2869a86e8aeae3bbeef9eb0 \
--hash=sha256:fa454d26f2e87ad661c4f0c5a5fe4cf6aab1e307d1b94f16ffdfcb089ba685c0 \
--hash=sha256:fb83cc090eac63c006871fd24db5e30a1f282faa46328572661c0a24a2323a08 \
--hash=sha256:fd80d1280d473500d8086d104962a82d77bfbf2b118053824b7be28cd5a79ea5
regex==2024.4.28 \
--hash=sha256:05d9b6578a22db7dedb4df81451f360395828b04f4513980b6bd7a1412c679cc \
--hash=sha256:08a1749f04fee2811c7617fdd46d2e46d09106fa8f475c884b65c01326eb15c5 \
--hash=sha256:0940038bec2fe9e26b203d636c44d31dd8766abc1fe66262da6484bd82461ccf \
--hash=sha256:0a2a512d623f1f2d01d881513af9fc6a7c46e5cfffb7dc50c38ce959f9246c94 \
--hash=sha256:0a54a047b607fd2d2d52a05e6ad294602f1e0dec2291152b745870afc47c1397 \
--hash=sha256:0dd3f69098511e71880fb00f5815db9ed0ef62c05775395968299cb400aeab82 \
--hash=sha256:1031a5e7b048ee371ab3653aad3030ecfad6ee9ecdc85f0242c57751a05b0ac4 \
--hash=sha256:108e2dcf0b53a7c4ab8986842a8edcb8ab2e59919a74ff51c296772e8e74d0ae \
--hash=sha256:144a1fc54765f5c5c36d6d4b073299832aa1ec6a746a6452c3ee7b46b3d3b11d \
--hash=sha256:19d6c11bf35a6ad077eb23852827f91c804eeb71ecb85db4ee1386825b9dc4db \
--hash=sha256:1f687a28640f763f23f8a9801fe9e1b37338bb1ca5d564ddd41619458f1f22d1 \
--hash=sha256:224803b74aab56aa7be313f92a8d9911dcade37e5f167db62a738d0c85fdac4b \
--hash=sha256:23a412b7b1a7063f81a742463f38821097b6a37ce1e5b89dd8e871d14dbfd86b \
--hash=sha256:25f87ae6b96374db20f180eab083aafe419b194e96e4f282c40191e71980c666 \
--hash=sha256:2630ca4e152c221072fd4a56d4622b5ada876f668ecd24d5ab62544ae6793ed6 \
--hash=sha256:28e1f28d07220c0f3da0e8fcd5a115bbb53f8b55cecf9bec0c946eb9a059a94c \
--hash=sha256:2b51739ddfd013c6f657b55a508de8b9ea78b56d22b236052c3a85a675102dc6 \
--hash=sha256:2cc1b87bba1dd1a898e664a31012725e48af826bf3971e786c53e32e02adae6c \
--hash=sha256:2fef0b38c34ae675fcbb1b5db760d40c3fc3612cfa186e9e50df5782cac02bcd \
--hash=sha256:36f392dc7763fe7924575475736bddf9ab9f7a66b920932d0ea50c2ded2f5636 \
--hash=sha256:374f690e1dd0dbdcddea4a5c9bdd97632cf656c69113f7cd6a361f2a67221cb6 \
--hash=sha256:3986217ec830c2109875be740531feb8ddafe0dfa49767cdcd072ed7e8927962 \
--hash=sha256:39fb166d2196413bead229cd64a2ffd6ec78ebab83fff7d2701103cf9f4dfd26 \
--hash=sha256:4290035b169578ffbbfa50d904d26bec16a94526071ebec3dadbebf67a26b25e \
--hash=sha256:43548ad74ea50456e1c68d3c67fff3de64c6edb85bcd511d1136f9b5376fc9d1 \
--hash=sha256:44a22ae1cfd82e4ffa2066eb3390777dc79468f866f0625261a93e44cdf6482b \
--hash=sha256:457c2cd5a646dd4ed536c92b535d73548fb8e216ebee602aa9f48e068fc393f3 \
--hash=sha256:459226445c7d7454981c4c0ce0ad1a72e1e751c3e417f305722bbcee6697e06a \
--hash=sha256:47af45b6153522733aa6e92543938e97a70ce0900649ba626cf5aad290b737b6 \
--hash=sha256:499334ad139557de97cbc4347ee921c0e2b5e9c0f009859e74f3f77918339257 \
--hash=sha256:57ba112e5530530fd175ed550373eb263db4ca98b5f00694d73b18b9a02e7185 \
--hash=sha256:5ce479ecc068bc2a74cb98dd8dba99e070d1b2f4a8371a7dfe631f85db70fe6e \
--hash=sha256:5dbc1bcc7413eebe5f18196e22804a3be1bfdfc7e2afd415e12c068624d48247 \
--hash=sha256:6277d426e2f31bdbacb377d17a7475e32b2d7d1f02faaecc48d8e370c6a3ff31 \
--hash=sha256:66372c2a01782c5fe8e04bff4a2a0121a9897e19223d9eab30c54c50b2ebeb7f \
--hash=sha256:670fa596984b08a4a769491cbdf22350431970d0112e03d7e4eeaecaafcd0fec \
--hash=sha256:6f435946b7bf7a1b438b4e6b149b947c837cb23c704e780c19ba3e6855dbbdd3 \
--hash=sha256:7413167c507a768eafb5424413c5b2f515c606be5bb4ef8c5dee43925aa5718b \
--hash=sha256:7c3d389e8d76a49923683123730c33e9553063d9041658f23897f0b396b2386f \
--hash=sha256:7d77b6f63f806578c604dca209280e4c54f0fa9a8128bb8d2cc5fb6f99da4150 \
--hash=sha256:7e76b9cfbf5ced1aca15a0e5b6f229344d9b3123439ffce552b11faab0114a02 \
--hash=sha256:7f3502f03b4da52bbe8ba962621daa846f38489cae5c4a7b5d738f15f6443d17 \
--hash=sha256:7fe9739a686dc44733d52d6e4f7b9c77b285e49edf8570754b322bca6b85b4cc \
--hash=sha256:83ab366777ea45d58f72593adf35d36ca911ea8bd838483c1823b883a121b0e4 \
--hash=sha256:84077821c85f222362b72fdc44f7a3a13587a013a45cf14534df1cbbdc9a6796 \
--hash=sha256:8bb381f777351bd534462f63e1c6afb10a7caa9fa2a421ae22c26e796fe31b1f \
--hash=sha256:92da587eee39a52c91aebea8b850e4e4f095fe5928d415cb7ed656b3460ae79a \
--hash=sha256:9301cc6db4d83d2c0719f7fcda37229691745168bf6ae849bea2e85fc769175d \
--hash=sha256:965fd0cf4694d76f6564896b422724ec7b959ef927a7cb187fc6b3f4e4f59833 \
--hash=sha256:99d6a550425cc51c656331af0e2b1651e90eaaa23fb4acde577cf15068e2e20f \
--hash=sha256:99ef6289b62042500d581170d06e17f5353b111a15aa6b25b05b91c6886df8fc \
--hash=sha256:a1409c4eccb6981c7baabc8888d3550df518add6e06fe74fa1d9312c1838652d \
--hash=sha256:a74fcf77d979364f9b69fcf8200849ca29a374973dc193a7317698aa37d8b01c \
--hash=sha256:aaa179975a64790c1f2701ac562b5eeb733946eeb036b5bcca05c8d928a62f10 \
--hash=sha256:ac69b394764bb857429b031d29d9604842bc4cbfd964d764b1af1868eeebc4f0 \
--hash=sha256:b45d4503de8f4f3dc02f1d28a9b039e5504a02cc18906cfe744c11def942e9eb \
--hash=sha256:b7d893c8cf0e2429b823ef1a1d360a25950ed11f0e2a9df2b5198821832e1947 \
--hash=sha256:b8eb28995771c087a73338f695a08c9abfdf723d185e57b97f6175c5051ff1ae \
--hash=sha256:b91d529b47798c016d4b4c1d06cc826ac40d196da54f0de3c519f5a297c5076a \
--hash=sha256:bc365ce25f6c7c5ed70e4bc674f9137f52b7dd6a125037f9132a7be52b8a252f \
--hash=sha256:bf29304a8011feb58913c382902fde3395957a47645bf848eea695839aa101b7 \
--hash=sha256:c06bf3f38f0707592898428636cbb75d0a846651b053a1cf748763e3063a6925 \
--hash=sha256:c77d10ec3c1cf328b2f501ca32583625987ea0f23a0c2a49b37a39ee5c4c4630 \
--hash=sha256:cd196d056b40af073d95a2879678585f0b74ad35190fac04ca67954c582c6b61 \
--hash=sha256:d7a353ebfa7154c871a35caca7bfd8f9e18666829a1dc187115b80e35a29393e \
--hash=sha256:d84308f097d7a513359757c69707ad339da799e53b7393819ec2ea36bc4beb58 \
--hash=sha256:dd7ef715ccb8040954d44cfeff17e6b8e9f79c8019daae2fd30a8806ef5435c0 \
--hash=sha256:e672cf9caaf669053121f1766d659a8813bd547edef6e009205378faf45c67b8 \
--hash=sha256:ecc6148228c9ae25ce403eade13a0961de1cb016bdb35c6eafd8e7b87ad028b1 \
--hash=sha256:f1c5742c31ba7d72f2dedf7968998730664b45e38827637e0f04a2ac7de2f5f1 \
--hash=sha256:f1d6e4b7b2ae3a6a9df53efbf199e4bfcff0959dbdb5fd9ced34d4407348e39a \
--hash=sha256:f2fc053228a6bd3a17a9b0a3f15c3ab3cf95727b00557e92e1cfe094b88cc662 \
--hash=sha256:f57515750d07e14743db55d59759893fdb21d2668f39e549a7d6cad5d70f9fea \
--hash=sha256:f85151ec5a232335f1be022b09fbbe459042ea1951d8a48fef251223fc67eee1 \
--hash=sha256:fb0315a2b26fde4005a7c401707c5352df274460f2f85b209cf6024271373013 \
--hash=sha256:fc0916c4295c64d6890a46e02d4482bb5ccf33bf1a824c0eaa9e83b148291f90 \
--hash=sha256:fd24fd140b69f0b0bcc9165c397e9b2e89ecbeda83303abf2a072609f60239e2 \
--hash=sha256:fdae0120cddc839eb8e3c15faa8ad541cc6d906d3eb24d82fb041cfe2807bc1e \
--hash=sha256:fe00f4fe11c8a521b173e6324d862ee7ee3412bf7107570c9b564fe1119b56fb
# via mkdocs-material
requests==2.31.0 \
--hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
@ -625,13 +618,13 @@ tabledata==1.3.3 \
--hash=sha256:4abad1c996d8607e23b045b44dc0c5f061668f3c37585302c5f6c84c93a89962 \
--hash=sha256:c90daaba9a408e4397934b3ff2f6c06797d5289676420bf520c741ad43e6ff91
# via pytablewriter
tcolorpy==0.1.4 \
--hash=sha256:d0926480aa5012f34877d69fc3b670f207dc165674e68ad07458fa6ee5b12724 \
--hash=sha256:f0dceb1cb95e554cee63024b3cd2fd8d4628c568773de2d1e6b4f0478461901c
tcolorpy==0.1.6 \
--hash=sha256:8c15cb3167f30b0a433d72297e9d68667c825bd9e2af41c8dd7dfbd3d7f7e207 \
--hash=sha256:8cea0bf5f8cf03f77528a9acfbf312df935573892ba5ea3b2516e61fa54de9a5
# via pytablewriter
tinycss2==1.2.1 \
--hash=sha256:2b80a96d41e7c3914b8cda8bc7f705a4d9c49275616e886103dd839dfc847847 \
--hash=sha256:8cff3a8f066c2ec677c06dbc7b45619804a6938478d9d73c284b29d14ecb0627
tinycss2==1.3.0 \
--hash=sha256:152f9acabd296a8375fbca5b84c961ff95971fcfc32e79550c8df8e29118c54d \
--hash=sha256:54a8dbdffb334d536851be0226030e9505965bb2f30f21a4a82c55fb2a80fae7
# via
# cairosvg
# cssselect2

5
docs/security-tuning.md
View file

@ -178,9 +178,10 @@ This plugin offers seamless integration with various DNS providers for streamlin
| `LETS_ENCRYPT_DNS_EMAIL` | | multisite | no | Email address for Let's Encrypt notifications. |
| `USE_LETS_ENCRYPT_DNS_STAGING` | `no` | multisite | no | Set to `yes` to use Let's Encrypt staging server. |
| `LETS_ENCRYPT_DNS_PROVIDER` | | multisite | no | DNS provider for Let's Encrypt DNS challenges. |
| `USE_LETS_ENCRYPT_DNS_WILDCARD` | `no` | multisite | no | Set to `yes` to automatically generate wildcard domains in certificates. |
| `USE_LETS_ENCRYPT_DNS_WILDCARD` | `yes` | multisite | no | Set to `yes` to automatically generate wildcard domains in certificates. |
| `LETS_ENCRYPT_DNS_PROPAGATION` | `default` | multisite | no | Time in seconds to wait for DNS propagation. |
| `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` | | multisite | yes | Credential item for Let's Encrypt DNS provider that contains required credentials. |
| `LETS_ENCRYPT_DNS_CLEAR_OLD_CERTS` | `no` | global | no | Clear old certificates when renewing. |
!!! info "Information and behavior"
- The `LETS_ENCRYPT_DNS_CREDENTIAL_ITEM` setting is a multiple setting and can be used to set multiple items for the DNS provider. The items will be saved as a cache file and Certbot will read the credentials from it.
@ -248,7 +249,7 @@ ModSecurity is integrated and enabled by default alongside the OWASP Core Rule S
You can choose between the following versions of the OWASP Core Rule Set :
- **3** : The version [v3.3.5](https://github.com/coreruleset/coreruleset/releases/tag/v3.3.5) of the OWASP Core Rule Set (***default***)
- **4** : The version [v4.0.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.0.0) of the OWASP Core Rule Set
- **4** : The version [v4.2.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.2.0) of the OWASP Core Rule Set
### Custom configurations

6
misc/dev/docker-compose.autoconf.ui.misc.yml
View file

@ -91,22 +91,20 @@ services:
build:
context: ../..
dockerfile: ./src/ui/Dockerfile
command: python -m flask --app main:app run --host=0.0.0.0 --port=7000
depends_on:
- bw-docker
volumes:
- ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro
- ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro
- ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro
- ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro
- ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro
- ../../src/ui/utils.py:/usr/share/bunkerweb/ui/utils.py:ro
environment:
<<: *env
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
FLASK_APP: "main.py"
FLASK_DEBUG: "1"
FLASK_ENV: "development"
DEBUG: "1"
networks:
bw-universe:
aliases:

6
misc/dev/docker-compose.autoconf.ui.yml
View file

@ -88,22 +88,20 @@ services:
build:
context: ../..
dockerfile: ./src/ui/Dockerfile
command: python -m flask --app main:app run --host=0.0.0.0 --port=7000
depends_on:
- bw-docker
volumes:
- ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro
- ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro
- ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro
- ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro
- ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro
- ../../src/ui/utils.py:/usr/share/bunkerweb/ui/utils.py:ro
environment:
<<: *env
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
FLASK_APP: "main.py"
FLASK_DEBUG: "1"
FLASK_ENV: "development"
DEBUG: "1"
networks:
bw-universe:
aliases:

6
misc/dev/docker-compose.autoconf.wizard.yml
View file

@ -88,20 +88,18 @@ services:
build:
context: ../..
dockerfile: ./src/ui/Dockerfile
command: python -m flask --app main:app run --host=0.0.0.0 --port=7000
depends_on:
- bw-docker
volumes:
- ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro
- ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro
- ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro
- ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro
- ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro
- ../../src/ui/utils.py:/usr/share/bunkerweb/ui/utils.py:ro
environment:
<<: *env
FLASK_APP: "main.py"
FLASK_DEBUG: "1"
FLASK_ENV: "development"
DEBUG: "1"
networks:
bw-universe:
aliases:

6
misc/dev/docker-compose.ui.misc.yml
View file

@ -81,22 +81,20 @@ services:
build:
context: ../..
dockerfile: ./src/ui/Dockerfile
command: python -m flask --app main:app run --host=0.0.0.0 --port=7000
depends_on:
- bw-docker
volumes:
- ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro
- ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro
- ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro
- ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro
- ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro
- ../../src/ui/utils.py:/usr/share/bunkerweb/ui/utils.py:ro
environment:
<<: *env
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
FLASK_APP: "main.py"
FLASK_DEBUG: "1"
FLASK_ENV: "development"
DEBUG: "1"
networks:
bw-universe:
aliases:

6
misc/dev/docker-compose.ui.yml
View file

@ -77,22 +77,20 @@ services:
build:
context: ../..
dockerfile: ./src/ui/Dockerfile
command: python -m flask --app main:app run --host=0.0.0.0 --port=7000
depends_on:
- bw-docker
volumes:
- ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro
- ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro
- ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro
- ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro
- ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro
- ../../src/ui/utils.py:/usr/share/bunkerweb/ui/utils.py:ro
environment:
<<: *env
ADMIN_USERNAME: "admin"
ADMIN_PASSWORD: "P@ssw0rd"
FLASK_APP: "main.py"
FLASK_DEBUG: "1"
FLASK_ENV: "development"
DEBUG: "1"
networks:
bw-universe:
aliases:

6
misc/dev/docker-compose.wizard.yml
View file

@ -72,20 +72,18 @@ services:
build:
context: ../..
dockerfile: ./src/ui/Dockerfile
command: python -m flask --app main:app run --host=0.0.0.0 --port=7000
depends_on:
- bw-docker
volumes:
- ../../src/ui/src:/usr/share/bunkerweb/ui/src:ro
- ../../src/ui/static:/usr/share/bunkerweb/ui/static:ro
- ../../src/ui/templates:/usr/share/bunkerweb/ui/templates:ro
- ../../src/ui/gunicorn.conf.py:/usr/share/bunkerweb/ui/gunicorn.conf.py:ro
- ../../src/ui/main.py:/usr/share/bunkerweb/ui/main.py:ro
- ../../src/ui/utils.py:/usr/share/bunkerweb/ui/utils.py:ro
environment:
<<: *env
FLASK_APP: "main.py"
FLASK_DEBUG: "1"
FLASK_ENV: "development"
DEBUG: "1"
networks:
bw-universe:
aliases:

2
misc/requirements-ansible.in
View file

@ -1 +1 @@
ansible==9.2.0
ansible==9.5.1

14
misc/requirements-ansible.txt
View file

@ -1,16 +1,16 @@
#
# This file is autogenerated by pip-compile with Python 3.11
# This file is autogenerated by pip-compile with Python 3.12
# by the following command:
#
# pip-compile --allow-unsafe --generate-hashes --strip-extras requirements-ansible.in
#
ansible==9.2.0 \
--hash=sha256:39b19c252800aeed531413a626ccd07473b79615a3cea77568a1624c1aefaf7c \
--hash=sha256:a207a4a00a45e5cd178a7f94ca42afe26f23c9d27be49901ea8c45d18a07b7c6
ansible==9.5.1 \
--hash=sha256:3c278bc9642b97fc953b2ba05b99cd80801e75bf3567dfaa1cb5131fe0ec1ecd \
--hash=sha256:aed2f4208a75836a27c13555ec5d8d942fe3b089a8b1fc44e8234fadd9e649fd
# via -r requirements-ansible.in
ansible-core==2.16.5 \
--hash=sha256:371b0bb11d109a58982684307c18cc44ff8d408b1b3350c0c5c78d9f096ee1f1 \
--hash=sha256:cdd29b0ec3f20c35657355a2f6a9c1d0cf1131da99cc9a4a3401801b0ab36d6d
ansible-core==2.16.6 \
--hash=sha256:111e55d358c2297ec0ce03ba98e6c5ce95947fdf50d878215eb8c183d0c275e4 \
--hash=sha256:f9dea5044a86fd95cc27099f4f5c3ae9beb23acf7c3b6331455726c47825922b
# via ansible
cffi==1.16.0 \
--hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \

12
misc/update-mmdb.sh
View file

@ -13,6 +13,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
content_head="$(head -n 2 asn.mmdb.gz)"
if [[ "$content_head" =~ "404 Not Found" ]]; then
echo "❌ The ASN database is not available for the current month for the moment."
exit 1
fi
curl -o country.mmdb.gz "https://download.db-ip.com/free/dbip-country-lite-$(date +%Y-%m).mmdb.gz"
# shellcheck disable=SC2181
if [ $? -ne 0 ]; then
@ -20,6 +26,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
content_head="$(head -n 2 country.mmdb.gz)"
if [[ "$content_head" =~ "404 Not Found" ]]; then
echo "❌ The country database is not available for the current month for the moment."
exit 1
fi
# Decompress the downloaded databases
gunzip -f asn.mmdb.gz

2
src/bw/loading/index.html
View file

@ -346,7 +346,7 @@
This website is protected with
<a
class="underline hover:italic hover:brightness-90 transition"
href="https://github.com/bunkerity/bunkerweb"
href="https://www.bunkerweb.io/?utm_campaign=self&utm_source=bwloading"
target="_blank"
>BunkerWeb</a
>

BIN
src/bw/misc/asn.mmdb
View file

Binary file not shown.

BIN
src/bw/misc/country.mmdb
View file

Binary file not shown.

10
src/common/core/antibot/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the antibot plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#antibot" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#antibot" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% if pre_render.get("status", False) and pre_render.get("status", False) == "ko" or "error" in pre_render.get("data", {}) or pre_render.get("data") is not mapping %} <div class="core-layout-separator"></div>
@ -112,7 +115,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-deactivated-title">Deactivated</h5>
<h5 class="core-card-deactivated-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -127,8 +130,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

10
src/common/core/backup/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the backup plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#backup-and-restore" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#backup-and-restore" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% if pre_render.get("status", False) and pre_render.get("status", False) == "ko" or "error" in pre_render.get("data", {}) or pre_render.get("data") is not mapping %} <div class="core-layout-separator"></div>
@ -61,7 +64,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -76,8 +79,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

15
src/common/core/badbehavior/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the bad behavior plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#bad-behavior" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,12 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available
<a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#bad-behavior" class="core-card-text-doc-link">
in the documentation
</a>
.
</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -121,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -136,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

10
src/common/core/blacklist/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the blacklist plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#blacklisting" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#blacklisting" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

10
src/common/core/bunkernet/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the bunkernet plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#bunkernet" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#bunkernet" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

10
src/common/core/cors/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the cors plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#cors" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#cors" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

10
src/common/core/country/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the country plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#country" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#country" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

10
src/common/core/dnsbl/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the dnsbl plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#dnsbl" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#dnsbl" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

5
src/common/core/errors/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the errors plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/settings/#errors" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -11,7 +14,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/settings/#errors" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->

10
src/common/core/greylist/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the greylist plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#greylisting" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#greylisting" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

1
src/common/core/gzip/confs/server-http/gzip.conf
View file

@ -3,4 +3,5 @@ gzip on;
gzip_types {{ GZIP_TYPES }};
gzip_comp_level {{ GZIP_COMP_LEVEL }};
gzip_min_length {{ GZIP_MIN_LENGTH }};
gzip_proxied {{ GZIP_PROXIED }};
{% endif %}

9
src/common/core/gzip/plugin.json
View file

@ -41,6 +41,15 @@
"regex": "^[1-9]$",
"type": "select",
"select": ["1", "2", "3", "4", "5", "6", "7", "8", "9"]
},
"GZIP_PROXIED": {
"context": "multisite",
"default": "no-cache no-store private expired auth",
"help": "Which kind of proxied requests we should compress.",
"id": "gzip-proxied",
"label": "Proxied requests",
"regex": "^.*$",
"type": "text"
}
}
}

10
src/common/core/limit/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the limit plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/security-tuning/#limiting" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/security-tuning/#limiting" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

2
src/common/core/misc/files/default.html
View file

@ -251,7 +251,7 @@
This website is protected with
<a
class="underline hover:italic hover:brightness-90 transition"
href="https://www.bunkerweb.io/?utm_campaign=self&utm_source=bwloading"
href="https://www.bunkerweb.io/?utm_campaign=self&utm_source=bwdefault"
target="_blank"
>BunkerWeb</a
>

10
src/common/core/misc/ui/template.html
View file

@ -1,4 +1,7 @@
{% extends "base.html" %}
{% set read_doc_text = 'You will find more information about the misc plugin <a target="_blank" href="https://docs.bunkerweb.io/' + bw_version + '/settings/#miscellaneous" class="core-card-text-doc-link">in the documentation</a>.' %}
{% block content %}
<input type="csrf_token"
name="csrf_token"
@ -12,7 +15,7 @@
<div class="core-card-text-container">
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p class="core-card-text-doc">More information available <a href="https://docs.bunkerweb.io/{{ bw_version }}/settings/#miscellaneous" class="core-card-text-doc-link">in the documentation</a>.</p>
<p class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
@ -116,7 +119,7 @@
{% else %}
<div class="core-card">
<div class="core-card-wrap">
<h5 class="core-card-title">Deactivated</h5>
<h5 class="core-card-title">Plugin deactivated</h5>
<!-- icon -->
<div role="img" class="core-card-svg-container">
<svg xmlns="http://www.w3.org/2000/svg"
@ -131,8 +134,9 @@
<!-- end icon -->
</div>
<div class="core-card-text-container">
<p data-info class="core-card-text">This plugin need to be activated to access page.</p>
<p data-info class="core-card-text">{{plugin.get('description')}}</p>
</div>
<p data-info class="core-card-text-doc">{{ read_doc_text|safe }}</p>
</div>
<!-- end info -->
{% endif %}

11
src/common/core/modsecurity/files/coreruleset-v4/.changes-pending.md vendored
View file

@ -1,11 +0,0 @@
* feat: add check for combinations of t:lowercase and (?i) to lint (Franziska Bühler) [#3584]
* fix: remove t:lowercase from rules that use '(?i)' modifier in their regex (942150 PL2, 942151 PL1, 942152 PL2) (Ervin Hegedus) [#3585]
* test: change HTTP method to uppercase for test 932260-28 (Matteo Pace) [#3580]
* feat: move HTTP header rules to phase 1 (932161 PL2, 932205 PL2, 932206 PL2, 932237 PL3) (Esad Cetiner) [#3570]
* fix: prevent FPs against names due to "cron" (932260 PL1, 932236 PL2, 932237 PL3, 932239 PL2) (@superlgn) [#3578]
* chore: add Esad Cetiner to list of developers (@EsadCetiner) [#3589]
* fix: add missing tags and ver action (various rules) (Jozef Sudolský) [#3571]
* fix: adding more missing tags and ver actions (Jozef Sudolský) [#3593]
* fix: do not check URL fragments in referer headers as part of the existing rule to prevent FPs (932205 PL2) (Max Leske) [#3485]
* chore(deps): update workflow actions (Max Leske) [#3613]
* fix: range expressions must not start with `\v` (various rules) (Max Leske) [#3615]

300
src/common/core/modsecurity/files/coreruleset-v4/.github/create-changelog-prs.py vendored
View file

@ -1,5 +1,6 @@
#! /usr/bin/env python
import argparse
import subprocess
import json
import datetime
@ -9,39 +10,51 @@ import re
from inspect import getframeinfo, currentframe
DEVELOPERS = {}
CHANGELOG_LABEL = "changelog-pr"
def get_pr(repository: str, number: int) -> dict:
command = f"""gh pr view \
--repo "{repository}" \
"{number}" \
--json mergeCommit,mergedBy,title,author,headRefName,baseRefName,number
--json mergeCommit,mergedBy,title,author,headRefName,baseRefName,number,body
"""
with subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
with subprocess.Popen(
command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE
) as proc:
pr_json, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
return json.loads(pr_json)
def get_prs(repository: str, start_date: datetime.date, end_date: datetime.date) -> list:
print("Fetching PR for start_date")
def get_prs(
repository: str, start_date: datetime.date, end_date: datetime.date
) -> (list, list):
print(f"Fetching PRs from {start_date} through {end_date}")
command = f"""gh search prs \
--repo "{repository}" \
--merged-at "{end_date}..{start_date}" \
--json number \
-- \
-label:changelog-pr # ignore changelog prs
--merged-at "{start_date}..{end_date}" \
--json number,labels
"""
with subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
with subprocess.Popen(
command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE
) as proc:
prs_json, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
prs = []
changelog_prs = []
for result in json.loads(prs_json):
prs.append(get_pr(repository, result["number"]))
if CHANGELOG_LABEL in [label["name"] for label in result["labels"]]:
changelog_prs.append(get_pr(repository, result["number"]))
else:
prs.append(get_pr(repository, result["number"]))
return (prs, changelog_prs)
return prs
def parse_prs(prs: list) -> dict:
pr_map = {}
@ -56,79 +69,116 @@ def parse_prs(prs: list) -> dict:
return pr_map
# Accepts a single date on purpose. Gathering PRs over more than a single day
# is for debugging only.
def create_prs(repository: str, merged_by_prs_map: dict, day: datetime.date):
base_pr = find_latest_open_changelog_pr(repository)
base_ref = base_pr["headRefName"] if base_pr else None
def create_prs(
repository: str,
merged_by_prs_map: dict,
changelog_prs: list,
start_date: datetime.date,
end_date: datetime.date,
dry_run: bool,
):
for author in merged_by_prs_map.keys():
base_ref = create_pr(repository, base_ref, author, merged_by_prs_map[author], day)
create_pr(
repository,
author,
merged_by_prs_map[author],
changelog_prs,
start_date,
end_date,
dry_run,
)
def find_latest_open_changelog_pr(repository: str) -> dict | None:
command = f"""gh search prs \
--repo "{repository}" \
--label "changelog-pr" \
--state open \
--sort created \
--json number
"""
with subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
pr_json, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
ids = json.loads(pr_json)
base_pr_id = ids[0]["number"] if ids else None
if not base_pr_id:
print("No open changelog PR found to use as base")
return None
base_pr = get_pr(repository, base_pr_id)
print(f"Found existing changelog PR to use as base: {base_pr_id}")
return base_pr
def create_pr(repository: str, base_ref: str | None, merged_by: str, prs: list, day: datetime.date) -> str:
def create_pr(
repository: str,
merged_by: str,
prs: list,
changelog_prs: list,
start_date: datetime.date,
end_date: datetime.date,
dry_run: bool,
):
if len(prs) == 0:
return base_ref
return
print(f"Creating changelog PR for @{merged_by}")
base_branch = base_ref if base_ref else prs[0]["baseRefName"]
pr_branch_name = create_pr_branch(day, merged_by, base_branch)
base_branch = prs[0]["baseRefName"]
checkout_base(base_branch, dry_run)
pr_branch_name = create_pr_branch(start_date, end_date, merged_by, dry_run)
pr_body, changelog_lines = generate_content(prs, merged_by)
create_commit(changelog_lines)
push_pr_branch(pr_branch_name)
create_commit(changelog_lines, dry_run)
push_pr_branch(pr_branch_name, dry_run)
print("\tCreating PR...")
command = f"""gh pr create \
--repo "{repository}" \
--assignee "{merged_by}" \
--base "{base_branch}" \
--label "changelog-pr" \
--title "chore: changelog updates for {day}, merged by @{merged_by}" \
--label "{CHANGELOG_LABEL}" \
--title "chore: changelog updates since {start_date}, merged by @{merged_by}" \
--body-file -
"""
with subprocess.Popen(command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
if dry_run:
print(command)
return
with subprocess.Popen(
command,
shell=True,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
) as proc:
outs, errors = proc.communicate(input=pr_body.encode())
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
print(f"Created PR: {outs.decode()}")
return pr_branch_name
def create_commit(changelog_lines: str):
print("\tCreating commit...")
with open('.changes-pending.md', 'a', encoding='utf-8s') as changelog:
changelog.write(changelog_lines)
command = "git commit .changes-pending.md -m 'Add pending changelog entries'"
with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc:
_, errors = proc.communicate()
def checkout_base(base_ref: str, dry_run: bool):
print("\tChecking out base ref ...")
command = f"git checkout {base_ref}"
if dry_run:
print(command)
return
with subprocess.Popen(
command,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
) as proc:
outs, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
def create_commit(changelog_lines: str, dry_run: bool):
print("\tCreating commit...")
if dry_run:
print("Changelogs to append:")
print(changelog_lines)
else:
with open(".changes-pending.md", "a", encoding="utf-8") as changelog:
changelog.write(changelog_lines)
command = "git commit .changes-pending.md -m 'Add pending changelog entries'"
if dry_run:
print(command)
else:
with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc:
_, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
def generate_content(prs: list, merged_by: str) -> (str, str):
print("\tGenerating PR content...")
changelog_lines = ""
@ -147,82 +197,144 @@ def generate_content(prs: list, merged_by: str) -> (str, str):
return pr_body, changelog_lines
def get_pr_author_name(login: str) -> str:
if len(DEVELOPERS) == 0:
parse_contributors()
return DEVELOPERS[login] if login in DEVELOPERS else f"@{login}"
def parse_contributors():
regex = re.compile(r'^\s*?-\s*?\[([^]]+)\]\s*?\(http.*/([^/]+)\s*?\)')
with open('CONTRIBUTORS.md', 'rt', encoding='utf-8') as handle:
regex = re.compile(r"^\s*?-\s*?\[([^]]+)\]\s*?\(http.*/([^/]+)\s*?\)")
with open("CONTRIBUTORS.md", "rt", encoding="utf-8") as handle:
line = handle.readline()
while not ('##' in line and 'Contributors' in line):
while not ("##" in line and "Contributors" in line):
match = regex.match(line)
if match:
DEVELOPERS[match.group(2)] = match.group(1)
line = handle.readline()
def create_pr_branch(day: datetime.date, author: str, base_branch: str) -> str:
def create_pr_branch(
start_date: datetime.date,
end_date: datetime.date,
author: str,
dry_run: bool,
) -> str:
print("\tCreating branch...")
branch_name = f"changelog-updates-for-{day}-{author}"
command = f"git checkout {base_branch}; git checkout -b {branch_name}"
with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc:
_, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
branch_name = f"changelog-updates-{start_date}-{end_date}-{author}"
command = f"git checkout -b {branch_name}"
return branch_name
if dry_run:
print(command)
else:
with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc:
_, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
def push_pr_branch(branch_name: str):
return branch_name
def push_pr_branch(branch_name: str, dry_run: bool):
print("\tPushing branch...")
command = f"git push -u origin {branch_name}"
with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc:
_, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
if dry_run:
print(command)
else:
with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc:
_, errors = proc.communicate()
if proc.returncode != 0:
print_errors(errors)
sys.exit(1)
def run():
# disable pager
os.environ["GH_PAGER"] = ''
os.environ["GH_PAGER"] = ""
# set variables for Git
os.environ["GIT_AUTHOR_NAME"] = "changelog-pr-bot"
os.environ["GIT_AUTHOR_EMAIL"] = "dummy@coreruleset.org"
os.environ["GIT_COMMITTER_NAME"] = "changelog-pr-bot"
os.environ["GIT_COMMITTER_EMAIL"] = "dummy@coreruleset.org"
source_repository = 'coreruleset/coreruleset'
target_repository = source_repository
# the cron schedule for the workflow uses UTC
start_date = datetime.datetime.now(datetime.timezone.utc).date()
days = 1
args = parse_command_line()
from_date = (
args.from_date
if args.from_date is not None
else args.to_date - datetime.timedelta(days=7)
)
run_workflow(args.source, args.target, from_date, args.to_date, args.dry_run)
if len(sys.argv) > 1 and len(sys.argv[1]) > 0:
source_repository = sys.argv[1]
if len(sys.argv) > 2 and len(sys.argv[2]) > 0:
target_repository = sys.argv[2]
if len(sys.argv) > 3 and len(sys.argv[3]) > 0:
start_date = datetime.date.fromisoformat(sys.argv[3])
if len(sys.argv) > 4 and len(sys.argv[4]) > 0:
days = int(sys.argv[4])
run_workflow(source_repository, target_repository, start_date, days)
def run_workflow(source_repository: str, target_repository: str, start_date: datetime.date, days: int):
end_date = start_date - datetime.timedelta(days=days)
prs = get_prs(source_repository, start_date, end_date)
def run_workflow(
source_repository: str,
target_repository: str,
start_date: datetime.date,
end_date: datetime.date,
dry_run: bool,
):
prs, changelog_prs = get_prs(source_repository, start_date, end_date)
prs_length = len(prs)
print(f"Found {prs_length} PRs")
if prs_length == 0:
return
prs = filter_prs(prs, changelog_prs)
merged_by_prs_map = parse_prs(prs)
create_prs(target_repository, merged_by_prs_map, start_date)
create_prs(
target_repository,
merged_by_prs_map,
changelog_prs,
start_date,
end_date,
dry_run,
)
def filter_prs(prs: list, changelog_prs: list) -> list:
filtered_prs = []
for pr in prs:
found = False
for cpr in changelog_prs:
for line in cpr["body"].splitlines():
if line.endswith(f"[#{pr['number']}]"):
print(
f"PR {pr['number']} was processed in a previous run. Skipping..."
)
found = True
break
if found:
break
if not found:
filtered_prs.append(pr)
return filtered_prs
def print_errors(errors: str):
print(f"{getframeinfo(currentframe().f_back).lineno}:", errors)
def parse_command_line():
parser = argparse.ArgumentParser()
parser.add_argument("--source", default="coreruleset/coreruleset")
parser.add_argument("--target", default="coreruleset/coreruleset")
# the cron schedule for the workflow uses UTC
parser.add_argument("--from", type=datetime.date.fromisoformat, dest="from_date")
parser.add_argument(
"--to",
type=datetime.date.fromisoformat,
default=datetime.datetime.now(datetime.timezone.utc).date(),
dest="to_date",
)
parser.add_argument("--dry-run", action="store_true")
return parser.parse_args()
if __name__ == "__main__":
run()

15
src/common/core/modsecurity/files/coreruleset-v4/.github/workflows/lint.yaml vendored
View file

@ -2,6 +2,11 @@ name: Lint
on: [push, pull_request, merge_group]
# Pin versions to not disrupt test pipelines
env:
CRS_TOOLCHAIN_VERSION: '2.1.0'
SECRULES_PARSING_VERSION: '0.2.9'
jobs:
check-syntax:
runs-on: ubuntu-latest
@ -28,7 +33,7 @@ jobs:
- name: "Check CRS syntax"
run: |
pip install --upgrade setuptools
pip install secrules-parsing
pip install secrules-parsing==${{ env.SECRULES_PARSING_VERSION }}
secrules-parser -c --output-type github -f rules/*.conf
- name: "Check CRS formatting"
@ -43,14 +48,12 @@ jobs:
pip install -r ./util/find-rules-without-test/requirements.txt
./util/find-rules-without-test/find-rules-without-test.py --output=github .
- name: "Install crs-toolchain"
- name: "Install crs-toolchain ${{ env.CRS_TOOLCHAIN_VERSION }}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release download -R coreruleset/crs-toolchain -p '*_linux_amd64.tar.gz'
ls crs-toolchain*
tar xzf crs-toolchain*_linux_amd64.tar.gz
rm crs-toolchain*_linux_amd64.tar.gz
gh release download -R coreruleset/crs-toolchain "v${{ env.CRS_TOOLCHAIN_VERSION }}" \
-p "crs-toolchain_${{ env.CRS_TOOLCHAIN_VERSION }}_linux_amd64.tar.gz" -O - | tar -xzvf - crs-toolchain
- name: "Check that all assembly files are properly formatted"
run: |

12
src/common/core/modsecurity/files/coreruleset-v4/.github/workflows/nightly.yml vendored
View file

@ -9,6 +9,12 @@ jobs:
name: Nightly Release
runs-on: ubuntu-latest
steps:
- name: Check GH API rate limits
run: |
gh api -i repos/coreruleset/coreruleset/releases/latest | grep -i "x-ratelimit"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Checkout repo"
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
@ -59,3 +65,9 @@ jobs:
nightly
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check GH API rate limits
run: |
gh api -i repos/coreruleset/coreruleset/releases/latest | grep -i "x-ratelimit"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

23
src/common/core/modsecurity/files/coreruleset-v4/.github/workflows/test.yml vendored
View file

@ -14,6 +14,10 @@ on:
- '.github/**'
merge_group:
# Pin tool versions to prevent problems
env:
GO_FTW_VERSION: '0.6.4'
jobs:
regression:
runs-on: ubuntu-latest
@ -27,20 +31,21 @@ jobs:
- name: "Install dependencies"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO_FTW_VERSION: '0.6.4'
run: |
gh release download -R coreruleset/go-ftw v${GO_FTW_VERSION} -p "ftw_${GO_FTW_VERSION}_linux_amd64.tar.gz" -O - | tar -xzvf - ftw
gh release download -R coreruleset/go-ftw "v${{ env.GO_FTW_VERSION }}" \
-p "ftw_${{ env.GO_FTW_VERSION }}_linux_amd64.tar.gz" -O - | tar -xzvf - ftw
- name: "Run tests for ${{ matrix.modsec_version }}"
run: |
mkdir -p tests/logs/${{ matrix.modsec_version }}/{nginx,apache2}
docker-compose -f ./tests/docker-compose.yml up -d "${{ matrix.modsec_version }}"
docker-compose -f ./tests/docker-compose.yml logs
[ $(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}') = 'true' ]
./ftw check -d tests/regression/tests
./ftw run -d tests/regression/tests --show-failures-only
env:
FTW_LOGFILE: './tests/logs/${{ matrix.modsec_version }}/error.log'
run: |
mkdir -p "tests/logs/${{ matrix.modsec_version }}/{nginx,apache2}"
chmod -R o+rw "tests/logs"
docker-compose -f ./tests/docker-compose.yml up -d "${{ matrix.modsec_version }}"
docker-compose -f ./tests/docker-compose.yml logs
[ "$(docker inspect ${{ matrix.modsec_version }} --format='{{.State.Running}}')" = "true" ]
./ftw check -d tests/regression/tests
./ftw run -d tests/regression/tests --show-failures-only
- name: "Change permissions if failed"
if: failure()

15
src/common/core/modsecurity/files/coreruleset-v4/.github/workflows/update-changelog.yaml vendored
View file

@ -4,8 +4,9 @@ name: Create changelog PRs
permissions: {}
on:
workflow_dispatch:
schedule:
- cron: '0 2 * * *' # run at 2 AM UTC
- cron: '0 4 * * Sun' # run on Sundays at 4 AM UTC
jobs:
create-changelog-prs:
@ -22,8 +23,20 @@ jobs:
with:
python-version: 3.12
- name: Check GH API rate limits
run: |
gh api -i repos/coreruleset/coreruleset/releases/latest | grep -i "x-ratelimit"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Run script"
run: ".github/create-changelog-prs.py"
env:
# Required for the use of the gh CLI in the script
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check GH API rate limits
run: |
gh api -i repos/coreruleset/coreruleset/releases/latest | grep -i "x-ratelimit"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

34
src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md vendored
View file

@ -8,6 +8,40 @@
## Nightly builds
New changelog entries are written to `.changes-pending.md`. They will be moved to the main changelog before a release.
## Version 4.2.0 - 2024-04-23
Changes with direct rule impact (sorted by lowest rule ID per change where available):
* fix: increase length of Accept-Encoding header from 50 to 100 (920520 PL1) (Franziska Bühler) [#3661]
* fix: add missing roundcube files (930120 PL1, 930121 PL2, 930130 PL1, 932180 PL1) (Esad Cetiner) [#3635]
* fix: add visudo and cscli to unix-shell.data (932160 PL1, 932161 PL2) (Esad Cetiner) [#3663]
* feat: block crowdsec cscli and visudo commands (932235 PL1, 932236 PL2, 932237 PL3, 932239 PL2, 932260 PL1) (Esad Cetiner) [#3649]
* fix: add detection for php evasion attempt (933100 PL1) (Franziska Bühler) [#3667]
Changes without direct rule impact:
* feat: disassemble php rule (933100 PL1) (Franziska Bühler) [#3662]
* chore: remove references to nonexistant 942110 rule (Esad Cetiner) [#3648]
## Version 4.1.0 - 2024-03-21
Changes with direct rule impact (sorted by lowest rule ID per change where available):
* feat: move HTTP header rules to phase 1 (932161 PL2, 932205 PL2, 932206 PL2, 932237 PL3) (Esad Cetiner) [#3570]
* fix: remove t:lowercase from rules that use '(?i)' modifier in their regex (942150 PL2, 942151 PL1, 942152 PL2) (Ervin Hegedus) [#3585]
* fix: prevent FPs against names due to "cron" (932260 PL1, 932236 PL2, 932237 PL3, 932239 PL2) (@superlgn) [#3578]
* fix: add missing tags and ver action (various rules) (Jozef Sudolský) [#3571]
* fix: adding more missing tags and ver actions (Jozef Sudolský) [#3593]
* fix: do not check URL fragments in referer headers as part of the existing rule to prevent FPs (932205 PL2) (Max Leske) [#3485]
* fix: range expressions must not start with `\v` (various rules) (Max Leske) [#3615]
Changes without direct rule impact:
* feat: add check for combinations of t:lowercase and (?i) to lint (Franziska Bühler) [#3584]
* chore: add Esad Cetiner to list of developers (@EsadCetiner) [#3589]
* chore(deps): update workflow actions (Max Leske) [#3613]
* test: change HTTP method to uppercase for test 932260-28 (Matteo Pace) [#3580]
## Version 4.0.0 - 2024-02-14
Important changes:

1
src/common/core/modsecurity/files/coreruleset-v4/SECURITY.md vendored
View file

@ -11,6 +11,7 @@ Along those lines, OWASP CRS team may not issue security notifications for unsup
| Version | Supported |
| --------- | ------------------ |
| 4.2.0 | :white_check_mark: |
| 4.1.0 | :white_check_mark: |
| 4.0.0 | :white_check_mark: |
| 3.3.x | :white_check_mark: |

54
src/common/core/modsecurity/files/coreruleset-v4/crs-setup.conf.example vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -181,7 +181,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.blocking_paranoia_level=1"
@ -209,7 +209,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.detection_paranoia_level=1"
@ -235,7 +235,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.enforce_bodyproc_urlencoded=1"
@ -270,7 +270,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.critical_anomaly_score=5,\
# setvar:tx.error_anomaly_score=4,\
# setvar:tx.warning_anomaly_score=3,\
@ -324,7 +324,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.inbound_anomaly_score_threshold=5,\
# setvar:tx.outbound_anomaly_score_threshold=4"
@ -385,7 +385,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.reporting_level=4"
@ -417,7 +417,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.early_blocking=1"
@ -438,7 +438,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.enable_default_collections=1"
@ -466,7 +466,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
# Content-Types that a client is allowed to send in a request.
@ -496,7 +496,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# nolog,\
# tag:'OWASP_CRS',\
# ctl:ruleRemoveById=920420,\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# chain"
# SecRule REQUEST_URI "@rx ^/foo/bar" \
# "t:none"
@ -510,7 +510,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'"
# Allowed HTTP versions.
@ -526,7 +526,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'"
# Forbidden file extensions.
@ -550,7 +550,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'"
# Restricted request headers.
@ -595,7 +595,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'"
#
# [ Extended ]
@ -621,7 +621,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:'tx.restricted_headers_extended=/accept-charset/'"
# Content-Types charsets that a client is allowed to send in a request.
@ -635,7 +635,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'"
#
@ -661,7 +661,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.max_num_args=255"
# Block request if the length of any argument name is too high
@ -675,7 +675,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.arg_name_length=100"
# Block request if the length of any argument value is too high
@ -689,7 +689,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.arg_length=400"
# Block request if the total length of all combined arguments is too high
@ -703,7 +703,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.total_arg_length=64000"
# Block request if the file size of any individual uploaded file is too high
@ -717,7 +717,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.max_file_size=1048576"
# Block request if the total size of all combined uploaded files is too high
@ -731,7 +731,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.combined_file_sizes=1048576"
@ -771,7 +771,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# pass,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.sampling_percentage=100"
@ -792,7 +792,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# nolog,\
# tag:'OWASP_CRS',\
# ver:'OWASP_CRS/4.1.0',\
# ver:'OWASP_CRS/4.2.0',\
# setvar:tx.crs_validate_utf8_encoding=1"
@ -814,5 +814,5 @@ SecAction \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
setvar:tx.crs_setup_version=410"
ver:'OWASP_CRS/4.2.0',\
setvar:tx.crs_setup_version=420"

7
src/common/core/modsecurity/files/coreruleset-v4/plugins/README.md vendored Normal file
View file

@ -0,0 +1,7 @@
This is the folder where you install CRS plugins.
See https://github.com/coreruleset/plugin-registry
for a list of registered official and 3rd party plugins.
Plugins are documented in the CRS INSTALL file and
in also with said plugin registry.

0
src/common/core/modsecurity/files/coreruleset-v4/plugins/empty-after.conf vendored Normal file
View file

0
src/common/core/modsecurity/files/coreruleset-v4/plugins/empty-before.conf vendored Normal file
View file

0
src/common/core/modsecurity/files/coreruleset-v4/plugins/empty-config.conf vendored Normal file
View file

30
src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/933100.ra vendored Normal file
View file

@ -0,0 +1,30 @@
##! Please refer to the documentation at
##! https://coreruleset.org/docs/development/regex_assembly/.
##!+ i
##!> assemble
<\?
##!=>
##!> assemble
[^x]
x[^m]
xm[^l]
xml[^\s]
##! With [^a-z] we are looking for `:` as in `<?xml :echo 1;`
xml\s+[^a-z]
xml$
$
php
##!<
##!<
##!> assemble
\[
##!=>
##!> assemble
php\]
/php\]
\x5cphp\]
##!<
##!<

2
src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/include/unix-shell-4andup.ra vendored
View file

@ -164,6 +164,7 @@ cpulimit
crash@
cron@
crontab
cscli@
csplit
csvtool
cupsfilter
@ -522,6 +523,7 @@ vigr
vimdiff
vipw
virsh
visudo
volatility@
wall@
watch@

2
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#

62
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -26,7 +26,7 @@
#
# Ref: https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#seccomponentsignature
#
SecComponentSignature "OWASP_CRS/4.1.0"
SecComponentSignature "OWASP_CRS/4.2.0"
#
# -=[ Default setup values ]=-
@ -60,7 +60,7 @@ SecRule &TX:crs_setup_version "@eq 0" \
auditlog,\
msg:'ModSecurity CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL'"
@ -79,7 +79,7 @@ SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.inbound_anomaly_score_threshold=5'"
# Default Outbound Anomaly Threshold Level (rule 900110 in crs-setup.conf)
@ -89,7 +89,7 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.outbound_anomaly_score_threshold=4'"
# Default Reporting Level (rule 900115 in crs-setup.conf)
@ -99,7 +99,7 @@ SecRule &TX:reporting_level "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.reporting_level=4'"
# Default Early Blocking (rule 900120 in crs-setup.conf)
@ -109,7 +109,7 @@ SecRule &TX:early_blocking "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.early_blocking=0'"
# Default Blocking Paranoia Level (rule 900000 in crs-setup.conf)
@ -119,7 +119,7 @@ SecRule &TX:blocking_paranoia_level "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_paranoia_level=1'"
# Default Detection Paranoia Level (rule 900001 in crs-setup.conf)
@ -129,7 +129,7 @@ SecRule &TX:detection_paranoia_level "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_paranoia_level=%{TX.blocking_paranoia_level}'"
# Default Sampling Percentage (rule 900400 in crs-setup.conf)
@ -139,7 +139,7 @@ SecRule &TX:sampling_percentage "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.sampling_percentage=100'"
# Default Anomaly Scores (rule 900100 in crs-setup.conf)
@ -149,7 +149,7 @@ SecRule &TX:critical_anomaly_score "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.critical_anomaly_score=5'"
SecRule &TX:error_anomaly_score "@eq 0" \
@ -158,7 +158,7 @@ SecRule &TX:error_anomaly_score "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.error_anomaly_score=4'"
SecRule &TX:warning_anomaly_score "@eq 0" \
@ -167,7 +167,7 @@ SecRule &TX:warning_anomaly_score "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.warning_anomaly_score=3'"
SecRule &TX:notice_anomaly_score "@eq 0" \
@ -176,7 +176,7 @@ SecRule &TX:notice_anomaly_score "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.notice_anomaly_score=2'"
# Default HTTP policy: allowed_methods (rule 900200 in crs-setup.conf)
@ -186,7 +186,7 @@ SecRule &TX:allowed_methods "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
# Default HTTP policy: allowed_request_content_type (rule 900220 in crs-setup.conf)
@ -196,7 +196,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'"
# Default HTTP policy: allowed_request_content_type_charset (rule 900280 in crs-setup.conf)
@ -206,7 +206,7 @@ SecRule &TX:allowed_request_content_type_charset "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'"
# Default HTTP policy: allowed_http_versions (rule 900230 in crs-setup.conf)
@ -216,7 +216,7 @@ SecRule &TX:allowed_http_versions "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'"
# Default HTTP policy: restricted_extensions (rule 900240 in crs-setup.conf)
@ -226,7 +226,7 @@ SecRule &TX:restricted_extensions "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'"
# Default HTTP policy: restricted_headers_basic (rule 900250 in crs-setup.conf)
@ -236,7 +236,7 @@ SecRule &TX:restricted_headers_basic "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'"
# Default HTTP policy: restricted_headers_extended (rule 900255 in crs-setup.conf)
@ -246,7 +246,7 @@ SecRule &TX:restricted_headers_extended "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.restricted_headers_extended=/accept-charset/'"
# Default enforcing of body processor URLENCODED (rule 900010 in crs-setup.conf)
@ -256,7 +256,7 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.enforce_bodyproc_urlencoded=0'"
# Default check for UTF8 encoding validation (rule 900950 in crs-setup.conf)
@ -266,7 +266,7 @@ SecRule &TX:crs_validate_utf8_encoding "@eq 0" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.crs_validate_utf8_encoding=0'"
#
@ -284,7 +284,7 @@ SecAction \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=0',\
setvar:'tx.detection_inbound_anomaly_score=0',\
setvar:'tx.inbound_anomaly_score_pl1=0',\
@ -323,7 +323,7 @@ SecRule TX:ENABLE_DEFAULT_COLLECTIONS "@eq 1" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
chain"
SecRule REQUEST_HEADERS:User-Agent "@rx ^.*$" \
"t:none,t:sha1,t:hexEncode,\
@ -346,7 +346,7 @@ SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \
msg:'Enabling body inspection',\
tag:'OWASP_CRS',\
ctl:forceRequestBodyVariable=On,\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
# Force body processor URLENCODED
SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \
@ -358,7 +358,7 @@ SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \
noauditlog,\
msg:'Enabling forced body inspection for ASCII content',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
chain"
SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \
"ctl:requestBodyProcessor=URLENCODED"
@ -398,7 +398,7 @@ SecRule TX:sampling_percentage "@eq 100" \
pass,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
skipAfter:END-SAMPLING"
SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
@ -409,7 +409,7 @@ SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
t:sha1,t:hexEncode,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'"
#
@ -434,7 +434,7 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \
msg:'Sampling: Disable the rule engine based on sampling_percentage %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\
tag:'OWASP_CRS',\
ctl:ruleRemoveByTag=OWASP_CRS,\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
SecMarker "END-SAMPLING"
@ -453,4 +453,4 @@ SecRule TX:detection_paranoia_level "@lt %{tx.blocking_paranoia_level}" \
log,\
msg:'Detection paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"

6
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -25,7 +25,7 @@ SecRule REQUEST_LINE "@streq GET /" \
tag:'platform-apache',\
tag:'attack-generic',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
chain"
SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \
"t:none,\
@ -46,7 +46,7 @@ SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \
tag:'platform-apache',\
tag:'attack-generic',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
chain"
SecRule REQUEST_HEADERS:User-Agent "@endsWith (internal dummy connection)" \
"t:none,\

20
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -39,31 +39,31 @@ SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/274',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

20
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -51,29 +51,29 @@ SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/224/541/310',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

144
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -23,8 +23,8 @@
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -64,7 +64,7 @@ SecRule REQUEST_LINE "!@rx (?i)^(?:get /[^#\?]*(?:\?[^\s\x0b#]*)?(?:#[^\s\x0b]*)
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'"
@ -119,7 +119,7 @@ SecRule FILES|FILES_NAMES "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[a
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -148,7 +148,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^\d+$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -182,7 +182,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule REQUEST_HEADERS:Content-Length "!@rx ^0?$" \
@ -207,7 +207,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \
@ -247,7 +247,7 @@ SecRule REQUEST_PROTOCOL "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule REQUEST_METHOD "@streq POST" \
@ -277,7 +277,7 @@ SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule &REQUEST_HEADERS:Content-Length "!@eq 0" \
@ -315,7 +315,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx (\d+)-(\d+)" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule TX:2 "@lt %{tx.1}" \
@ -347,7 +347,7 @@ SecRule REQUEST_HEADERS:Connection "@rx \b(?:keep-alive|close),\s?(?:keep-alive|
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'"
@ -388,7 +388,7 @@ SecRule REQUEST_URI_RAW "@rx \x25" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/267/72',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule REQUEST_URI_RAW "@rx ^(.*)/(?:[^\?]+)?(\?.*)?$" \
@ -422,7 +422,7 @@ SecRule REQUEST_BASENAME "!@rx ^.*%.*\.[^\s\x0b\.]+$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/267/72',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule TX:0 "@validateUrlEncoding" \
@ -453,7 +453,7 @@ SecRule TX:CRS_VALIDATE_UTF8_ENCODING "@eq 1" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/267',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "@validateUtf8Encoding" \
@ -497,7 +497,7 @@ SecRule REQUEST_URI|REQUEST_BODY "@rx (?i)%uff[0-9a-f]{2}" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/267/72',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'"
@ -553,7 +553,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 1-255" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -585,7 +585,7 @@ SecRule &REQUEST_HEADERS:Host "@eq 0" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',\
skipAfter:END-HOST-CHECK"
@ -604,7 +604,7 @@ SecRule REQUEST_HEADERS:Host "@rx ^$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -644,7 +644,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'NOTICE',\
chain"
SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \
@ -669,7 +669,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'NOTICE',\
chain"
SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \
@ -702,7 +702,7 @@ SecRule REQUEST_HEADERS:User-Agent "@rx ^$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'NOTICE',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.notice_anomaly_score}'"
@ -739,7 +739,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'NOTICE',\
chain"
SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \
@ -784,7 +784,7 @@ SecRule REQUEST_HEADERS:Host "@rx (?:^([\d.]+|\[[\da-f:]+\]|[\da-f:]+)(:[\d]+)?$
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'"
@ -816,7 +816,7 @@ SecRule &TX:MAX_NUM_ARGS "@eq 1" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule &ARGS "@gt %{tx.max_num_args}" \
@ -841,7 +841,7 @@ SecRule &TX:ARG_NAME_LENGTH "@eq 1" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule ARGS_NAMES "@gt %{tx.arg_name_length}" \
@ -868,7 +868,7 @@ SecRule &TX:ARG_LENGTH "@eq 1" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule ARGS "@gt %{tx.arg_length}" \
@ -892,7 +892,7 @@ SecRule &TX:TOTAL_ARG_LENGTH "@eq 1" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}" \
@ -917,7 +917,7 @@ SecRule &TX:MAX_FILE_SIZE "@eq 1" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)multipart/form-data" \
@ -943,7 +943,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}" \
@ -983,7 +983,7 @@ SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+*-]+(?:\s?;\s?(?:action|bounda
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -1006,7 +1006,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.content_type=|%{tx.0}|',\
chain"
@ -1034,7 +1034,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*[\"']?([^;\"'\s]+)" \
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.content_type_charset=|%{tx.1}|',\
chain"
@ -1061,7 +1061,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset.*?charset" \
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -1083,7 +1083,7 @@ SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -1106,7 +1106,7 @@ SecRule REQUEST_BASENAME "@rx \.([^.]+)$" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.extension=.%{tx.1}/',\
chain"
@ -1133,7 +1133,7 @@ SecRule REQUEST_FILENAME "@rx \.[^.~]+~(?:/.*|)$" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -1187,7 +1187,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.header_name_920450_%{tx.0}=/%{tx.0}/',\
chain"
@ -1196,15 +1196,17 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \
#
# Rule against CVE-2022-21907
# This rule blocks Accept-Encoding headers longer than 50 characters.
# The length of 50 is a heuristic based on the length of values from
# This rule blocks Accept-Encoding headers longer than 100 characters.
# The length of 100 is a heuristic based on the length of values from
# the RFC (https://datatracker.ietf.org/doc/rfc9110/)
# and the respective values assigned by IANA
# (https://www.iana.org/assignments/http-parameters/http-parameters.xml#content-coding).
# Concatenating all valid values for Accept-Encoding (without q=0.5) resulted in a value of 93:
# aes128gcm, br, compress, deflate, exi, gzip, identity, pack200-gzip, x-compress, x-gzip, zstd
#
# This rule has a stricter sibling: 920521
#
SecRule REQUEST_HEADERS:Accept-Encoding "@gt 50" \
SecRule REQUEST_HEADERS:Accept-Encoding "@gt 100" \
"id:920520,\
phase:1,\
block,\
@ -1219,7 +1221,7 @@ SecRule REQUEST_HEADERS:Accept-Encoding "@gt 50" \
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -1251,7 +1253,7 @@ SecRule REQUEST_HEADERS:Accept "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*
tag:'attack-protocol',\
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -1274,7 +1276,7 @@ SecRule REQBODY_PROCESSOR "!@streq JSON" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/267/72',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?i)\x5cu[0-9a-f]{4}" \
@ -1298,7 +1300,7 @@ SecRule REQUEST_URI_RAW "@contains #" \
tag:'attack-protocol',\
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -1330,13 +1332,13 @@ SecRule &REQUEST_HEADERS:Content-Type "@gt 1" \
tag:'attack-protocol',\
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -1375,7 +1377,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule REQUEST_BASENAME "!@endsWith .pdf" \
@ -1399,7 +1401,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){63}" \
@ -1420,7 +1422,7 @@ SecRule ARGS "@rx %[0-9a-fA-F]{2}" \
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/267/120',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}'"
@ -1442,7 +1444,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 9,10,13,
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1469,7 +1471,7 @@ SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'NOTICE',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.notice_anomaly_score}'"
@ -1491,7 +1493,7 @@ SecRule FILES_NAMES|FILES "@rx ['\";=]" \
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1516,7 +1518,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \
@ -1543,7 +1545,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.header_name_920451_%{tx.0}=/%{tx.0}/',\
chain"
@ -1570,7 +1572,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)application/x-www-form-urlencoded
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/267/72',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule REQUEST_BODY "@rx \x25" \
@ -1578,8 +1580,8 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)application/x-www-form-urlencoded
SecRule REQUEST_BODY "@validateUrlEncoding" \
"setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
@ -1604,7 +1606,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteR
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -1638,7 +1640,7 @@ SecRule &REQUEST_HEADERS:Accept "@eq 0" \
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
tag:'PCI/6.5.10',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'NOTICE',\
chain"
SecRule REQUEST_METHOD "!@rx ^(?:OPTIONS|CONNECT)$" \
@ -1671,7 +1673,7 @@ SecRule &REQUEST_HEADERS:x-up-devcap-post-charset "@ge 1" \
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule REQUEST_HEADERS:User-Agent "@rx ^(?i)up" \
@ -1724,7 +1726,7 @@ SecRule &REQUEST_HEADERS:Cache-Control "@gt 0" \
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule REQUEST_HEADERS:Cache-Control "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:\s*\,\s*|$)){1,7}$" \
@ -1755,12 +1757,12 @@ SecRule REQUEST_HEADERS:Accept-Encoding "!@rx br|compress|deflate|(?:pack200-)?g
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#
@ -1783,7 +1785,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \
tag:'paranoia-level/4',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
chain"
SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){6}" \
@ -1810,7 +1812,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteRange 38,44-46,48-58,61,65-90
tag:'paranoia-level/4',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'"
@ -1831,7 +1833,7 @@ SecRule REQUEST_HEADERS|!REQUEST_HEADERS:User-Agent|!REQUEST_HEADERS:Referer|!RE
tag:'paranoia-level/4',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'"
@ -1857,7 +1859,7 @@ SecRule REQUEST_HEADERS:Sec-Fetch-User|REQUEST_HEADERS:Sec-CH-UA-Mobile "!@rx ^(
tag:'paranoia-level/4',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'"
@ -1901,7 +1903,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?:^|[^\x5c])\x5c[cdegh
tag:'paranoia-level/4',\
tag:'OWASP_CRS',\
tag:'capec/1000/153/267',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'"

52
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -46,7 +46,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_BODY|XML:/* "@rx (?:get|post|head|options|connec
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/33',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -78,7 +78,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/34',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -99,7 +99,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/34',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -133,7 +133,7 @@ SecRule REQUEST_HEADERS_NAMES|REQUEST_HEADERS "@rx [\n\r]" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/273',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -161,7 +161,7 @@ SecRule ARGS_NAMES "@rx [\n\r]" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/33',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -182,7 +182,7 @@ SecRule ARGS_GET_NAMES|ARGS_GET "@rx [\n\r]+(?:\s|location|refresh|(?:set-)?cook
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/33',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -208,7 +208,7 @@ SecRule REQUEST_FILENAME "@rx [\n\r]" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/34',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -241,7 +241,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/136',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -274,7 +274,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?(?:applicati
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -300,13 +300,13 @@ SecRule REQUEST_URI "@rx unix:[^|]*\|" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/33',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -333,7 +333,7 @@ SecRule ARGS_GET "@rx [\n\r]" \
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220/33',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -369,13 +369,13 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?\b(?:((?:tex
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
tag:'PCI/12.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
@ -405,7 +405,7 @@ SecRule &REQUEST_HEADERS:Range "@gt 0" \
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/210/272/220',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -439,7 +439,7 @@ SecRule ARGS_NAMES "@rx ." \
tag:'attack-protocol',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/15/460',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'TX.paramcounter_%{MATCHED_VAR_NAME}=+1'"
SecRule TX:/paramcounter_.*/ "@gt 1" \
@ -455,7 +455,7 @@ SecRule TX:/paramcounter_.*/ "@gt 1" \
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/15/460',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule MATCHED_VARS_NAMES "@rx TX:paramcounter_(.*)" \
@ -500,15 +500,15 @@ SecRule ARGS_NAMES "@rx (][^\]]+$|][^\]]+\[)" \
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/15/460',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#
@ -548,7 +548,7 @@ SecRule ARGS_NAMES "@rx \[" \
tag:'paranoia-level/4',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/15/460',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'"

8
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -38,7 +38,7 @@ SecRule &MULTIPART_PART_HEADERS:_charset_ "!@eq 0" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.922100_charset=|%{ARGS._charset_}|',\
chain"
@ -69,7 +69,7 @@ SecRule MULTIPART_PART_HEADERS "@rx ^content-type\s*:\s*(.*)$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/272/220',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule TX:1 "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*(?:[\s\x0b]*,[\s\x0b]*(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*)*$" \
@ -92,6 +92,6 @@ SecRule MULTIPART_PART_HEADERS "@rx content-transfer-encoding:(.*)" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/272/220',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"

28
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -47,7 +47,7 @@ SecRule REQUEST_URI_RAW|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML:
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/126',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}'"
@ -79,7 +79,7 @@ SecRule REQUEST_URI|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML:/* "
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/126',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
@ -110,7 +110,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/126',\
tag:'PCI/6.5.4',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -137,15 +137,15 @@ SecRule REQUEST_FILENAME "@pmFromFile restricted-files.data" \
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/126',\
tag:'PCI/6.5.4',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -175,22 +175,22 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@pmFromFile lfi-os-f
tag:'OWASP_CRS',\
tag:'capec/1000/255/153/126',\
tag:'PCI/6.5.4',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

28
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -17,8 +17,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -49,7 +49,7 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?)://(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/175/253',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -69,7 +69,7 @@ SecRule QUERY_STRING|REQUEST_BODY "@rx (?i)(?:\binclude\s*\([^)]*|mosConfig_abso
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/175/253',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -89,15 +89,15 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?).*?\?+$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/175/253',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -128,7 +128,7 @@ SecRule ARGS "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|it
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/175/253',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\
chain"
@ -158,7 +158,7 @@ SecRule REQUEST_FILENAME "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/175/253',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\
chain"
@ -167,16 +167,16 @@ SecRule REQUEST_FILENAME "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

107
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf vendored
View file

File diff suppressed because one or more lines are too long

56
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -44,12 +44,12 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'O
# Therefore, that pattern is now checked by rule 933190 in paranoia levels
# 3 or higher.
#
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:<\?(?:[^x]|x[^m]|xm[^l]|xml[^\s]|xml$|$)|<\?php|\[(?:/|\x5c)?php\])" \
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)<\?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^\s\x0b]|[\s\x0b]+[^a-z]|$)))|$|php)|\[[/\x5c]?php\]" \
"id:933100,\
phase:2,\
block,\
capture,\
t:none,t:lowercase,\
t:none,\
msg:'PHP Injection Attack: PHP Open Tag Found',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
tag:'application-multi',\
@ -59,7 +59,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -100,7 +100,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -124,7 +124,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.933120_tx_0=%{tx.0}',\
chain"
@ -152,7 +152,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -188,7 +188,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -224,7 +224,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -291,7 +291,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -343,7 +343,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -398,7 +398,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -453,7 +453,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -500,13 +500,13 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -543,7 +543,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.933151_tx_0=%{tx.0}',\
chain"
@ -555,8 +555,8 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
@ -598,7 +598,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -642,7 +642,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -684,7 +684,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -713,7 +713,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -748,14 +748,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/3',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

36
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -65,7 +65,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
@ -100,7 +100,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/664',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -135,7 +135,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1/180/77',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
@ -167,7 +167,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -198,7 +198,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
@ -228,13 +228,13 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -256,7 +256,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
@ -308,7 +308,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/664',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -340,20 +340,20 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

86
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -62,7 +62,7 @@ SecRule REQUEST_FILENAME "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-12
nolog,\
tag:'OWASP_CRS',\
ctl:ruleRemoveTargetByTag=xss-perf-disable;REQUEST_FILENAME,\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
#
@ -94,7 +94,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -121,7 +121,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -151,7 +151,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -180,7 +180,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -213,7 +213,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -238,7 +238,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -265,7 +265,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -292,7 +292,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -314,7 +314,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -336,7 +336,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -358,7 +358,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -380,7 +380,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -402,7 +402,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -424,7 +424,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -446,7 +446,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -468,7 +468,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -490,7 +490,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -512,7 +512,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -534,7 +534,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -594,7 +594,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx (?:\xbc\s*/\s*[^\xbe>]*[\xbe>])|(?:<\s*/\s*[^\xbe]*\xbe)" \
@ -624,7 +624,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -666,7 +666,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242/63',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -694,7 +694,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|REQU
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242/63',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -726,7 +726,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -756,14 +756,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -787,7 +787,7 @@ SecRule REQUEST_FILENAME|REQUEST_HEADERS:Referer "@detectXSS" \
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -821,7 +821,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -847,7 +847,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -875,7 +875,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -963,7 +963,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/242/63',\
tag:'PCI/6.5.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -985,7 +985,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
tag:'PCI/6.5.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1010,7 +1010,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
tag:'PCI/6.5.1',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1043,23 +1043,23 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242/63',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

146
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -59,7 +59,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
@ -90,7 +90,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -123,7 +123,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -166,7 +166,7 @@ SecRule REQUEST_BASENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -192,7 +192,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -218,7 +218,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -242,7 +242,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -268,7 +268,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -294,7 +294,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -315,7 +315,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -336,7 +336,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -362,7 +362,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -388,7 +388,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -417,7 +417,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -443,7 +443,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -482,7 +482,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -523,7 +523,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
@ -560,7 +560,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -589,7 +589,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -618,14 +618,14 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -658,7 +658,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx (?i)!=|&&|\|\||>[=>]|<(?:<|
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -699,7 +699,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.942130_matched_var_name=%{matched_var_name}',\
chain"
@ -735,7 +735,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
multiMatch,\
setvar:'tx.942131_matched_var_name=%{matched_var_name}',\
@ -772,7 +772,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -815,7 +815,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -844,7 +844,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -873,7 +873,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -899,7 +899,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -925,7 +925,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -951,7 +951,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -985,7 +985,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1014,7 +1014,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1039,7 +1039,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1069,7 +1069,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1101,7 +1101,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1127,7 +1127,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1153,7 +1153,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1179,7 +1179,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1210,7 +1210,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1239,7 +1239,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1268,7 +1268,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1309,7 +1309,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'"
@ -1327,7 +1327,7 @@ SecRule ARGS_GET:fbclid "@rx [a-zA-Z0-9_-]{61,61}" \
nolog,\
tag:'OWASP_CRS',\
ctl:ruleRemoveTargetById=942440;ARGS:fbclid,\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
#
# -=[ Exclusion rule for 942440 ]=-
@ -1342,7 +1342,7 @@ SecRule ARGS_GET:gclid "@rx [a-zA-Z0-9_-]{91,91}" \
nolog,\
tag:'OWASP_CRS',\
ctl:ruleRemoveTargetById=942440;ARGS:gclid,\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
#
# -=[ Detect SQL Comment Sequences ]=-
@ -1396,7 +1396,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule MATCHED_VARS "!@rx ^ey[\-0-9A-Z_a-z]+\.ey[\-0-9A-Z_a-z]+\.[\-0-9A-Z_a-z]+$" \
@ -1427,7 +1427,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1454,8 +1454,6 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
#
# The minimal string that triggers this regexp is: `if`
#
# The rule 942510 is related to 942110 which catches a single ' or `
#
# The rule 942511 is similar to this rule, but triggers on normal quotes
# ('if'). That rule runs in paranoia level 3 or higher since it is prone to
# false positives in natural text.
@ -1476,7 +1474,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1503,7 +1501,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1536,7 +1534,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.942521_matched_var_name=%{matched_var_name}',\
chain"
@ -1564,7 +1562,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ^.*?\x5c['\"`](?:.*?['\"`])?\s*(?:and|or)\b"
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1602,7 +1600,7 @@ SecRule REQUEST_BASENAME|REQUEST_FILENAME "@detectSQLi" \
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1634,7 +1632,7 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)\b(?:a(?:dd(
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -1664,15 +1662,15 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)create[\s\x0
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
@ -1704,7 +1702,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -1728,7 +1726,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -1768,7 +1766,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'"
@ -1797,7 +1795,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'"
@ -1827,7 +1825,7 @@ SecRule ARGS "@rx \W{4}" \
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}'"
@ -1854,8 +1852,6 @@ SecRule ARGS "@rx \W{4}" \
#
# The minimal string that triggers this regexp is: 'if'
#
# The rule 942511 is related to 942110 which catches a single ' or `
#
# The rule 942510 is similar to this rule, but triggers on backticks
# (`if`). That rule runs in paranoia level 2 or higher since the risk of
# false positives in natural text is still present but lower than this
@ -1877,7 +1873,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
@ -1906,14 +1902,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#
@ -1940,7 +1936,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'"
@ -1969,7 +1965,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´
tag:'OWASP_CRS',\
tag:'capec/1000/152/248/66',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'WARNING',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'"

24
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -43,7 +43,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/21/593/61',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.session_fixation_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -64,7 +64,7 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/21/593/61',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.943110_matched_var_name=%{matched_var_name}',\
chain"
@ -91,7 +91,7 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/21/593/61',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.943120_matched_var_name=%{matched_var_name}',\
chain"
@ -102,24 +102,24 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

46
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -13,8 +13,8 @@
#
# Many rules check request bodies, use "SecRequestBodyAccess On" to enable it on main modsecurity configuration file.
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -46,7 +46,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/6',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -79,7 +79,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* "@rx (?:unmarshaller|base64data|java\.)" \
@ -104,7 +104,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
chain"
SecRule MATCHED_VARS "@rx (?:runtime|processbuilder)" \
@ -136,7 +136,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -174,7 +174,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/152/242',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -222,14 +222,14 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/6',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -260,7 +260,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/6',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -292,7 +292,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -313,7 +313,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -334,7 +334,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -358,7 +358,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
@ -383,14 +383,14 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
@ -417,14 +417,14 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES
tag:'OWASP_CRS',\
tag:'capec/1000/152/248',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#
@ -453,7 +453,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE
tag:'OWASP_CRS',\
tag:'capec/1000/152/137/6',\
tag:'PCI/6.5.2',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\
setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'"

58
src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -24,7 +24,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
@ -34,7 +34,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
@ -44,7 +44,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
@ -54,7 +54,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
@ -64,7 +64,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
@ -74,7 +74,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
@ -84,7 +84,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
@ -94,7 +94,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'"
# at start of phase 2, we reset the aggregate scores to 0 to prevent duplicate counting of per-PL scores
@ -106,7 +106,7 @@ SecAction \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=0'"
SecAction \
@ -116,7 +116,7 @@ SecAction \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=0'"
# Summing up the blocking and detection anomaly scores in phase 2
@ -128,7 +128,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
@ -138,7 +138,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
@ -148,7 +148,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
@ -158,7 +158,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
@ -168,7 +168,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
@ -178,7 +178,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
@ -188,7 +188,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
@ -198,7 +198,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'"
@ -217,7 +217,7 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh
msg:'Inbound Anomaly Score Exceeded in phase 1 (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\
tag:'anomaly-evaluation',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
chain"
SecRule TX:EARLY_BLOCKING "@eq 1"
@ -230,34 +230,34 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh
msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\
tag:'anomaly-evaluation',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

24
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -23,8 +23,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -48,7 +48,7 @@ SecRule RESPONSE_BODY "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Inde
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54/127',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
@ -80,13 +80,13 @@ SecRule RESPONSE_BODY "@rx ^#\!\s?/" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -110,22 +110,22 @@ SecRule RESPONSE_STATUS "@rx ^5\d{2}$" \
tag:'OWASP_CRS',\
tag:'capec/1000/152',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

52
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -38,7 +38,7 @@ SecRule RESPONSE_BODY "!@pmFromFile sql-errors.data" \
tag:'attack-disclosure',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
skipAfter:END-SQL-ERROR-MATCH-PL1"
SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])" \
@ -56,7 +56,7 @@ SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Micr
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -76,7 +76,7 @@ SecRule RESPONSE_BODY "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java\.sql\.SQLException|
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -96,7 +96,7 @@ SecRule RESPONSE_BODY "@rx (?i:DB2 SQL error:|\[IBM\]\[CLI Driver\]\[DB2/6000\]|
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -116,7 +116,7 @@ SecRule RESPONSE_BODY "@rx (?i:\[DM_QUERY_E_SYNTAX\]|has occurred in the vicinit
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -136,7 +136,7 @@ SecRule RESPONSE_BODY "@rx (?i)Dynamic SQL Error" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -156,7 +156,7 @@ SecRule RESPONSE_BODY "@rx (?i)Exception (?:condition )?\d+\. Transaction rollba
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -176,7 +176,7 @@ SecRule RESPONSE_BODY "@rx (?i)org\.hsqldb\.jdbc" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -196,7 +196,7 @@ SecRule RESPONSE_BODY "@rx (?i:An illegal character has been found in the statem
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -216,7 +216,7 @@ SecRule RESPONSE_BODY "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|Ingres\W.*Driver
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -236,7 +236,7 @@ SecRule RESPONSE_BODY "@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -256,7 +256,7 @@ SecRule RESPONSE_BODY "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -276,7 +276,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:System\.Data\.OleDb\.OleDbException|\[Microsof
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -301,7 +301,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -326,7 +326,7 @@ SecRule RESPONSE_BODY "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -346,7 +346,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/J
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -366,7 +366,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*S
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116/54',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\
setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'"
@ -374,24 +374,24 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*S
SecMarker "END-SQL-ERROR-MATCH-PL1"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

22
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -39,7 +39,7 @@ SecRule RESPONSE_BODY "@pmFromFile java-code-leakages.data" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
@ -64,30 +64,30 @@ SecRule RESPONSE_BODY "@pmFromFile java-errors.data" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

26
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -39,7 +39,7 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors.data" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
@ -64,7 +64,7 @@ SecRule RESPONSE_BODY "@rx (?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scan
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
@ -90,13 +90,13 @@ SecRule RESPONSE_BODY "@rx (?i)<\?(?:=|php)?\s+" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -123,21 +123,21 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors-pl2.data" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

26
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -37,7 +37,7 @@ SecRule RESPONSE_BODY "@rx [a-z]:\x5cinetpub\b" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
@ -58,7 +58,7 @@ SecRule RESPONSE_BODY "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
@ -82,7 +82,7 @@ SecRule RESPONSE_BODY "@pmFromFile iis-errors.data" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'"
@ -104,7 +104,7 @@ SecRule RESPONSE_STATUS "!@rx ^404$" \
tag:'OWASP_CRS',\
tag:'capec/1000/118/116',\
tag:'PCI/6.5.6',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'ERROR',\
chain"
SecRule RESPONSE_BODY "@rx \bServer Error in.{0,50}?\bApplication\b" \
@ -114,24 +114,24 @@ SecRule RESPONSE_STATUS "!@rx ^404$" \
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

70
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. (not) All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -14,8 +14,8 @@
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
@ -36,7 +36,7 @@ SecRule RESPONSE_BODY "@pmFromFile web-shells-php.data" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -55,7 +55,7 @@ SecRule RESPONSE_BODY "@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -74,7 +74,7 @@ SecRule RESPONSE_BODY "@rx ^<html><head><meta http-equiv='Content-Type' content=
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -93,7 +93,7 @@ SecRule RESPONSE_BODY "@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -112,7 +112,7 @@ SecRule RESPONSE_BODY "@rx <title>Mini Shell</title>.*Developed By LameHacker" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -131,7 +131,7 @@ SecRule RESPONSE_BODY "@rx <title>\.:: .* ~ Ashiyane V [0-9.]+ ::\.</title>" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -150,7 +150,7 @@ SecRule RESPONSE_BODY "@rx <title>Symlink_Sa [0-9.]+</title>" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -169,7 +169,7 @@ SecRule RESPONSE_BODY "@rx <title>CasuS [0-9.]+ by MafiABoY</title>" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -188,7 +188,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\r\n<head>\r\n<title>GRP WebShell [0-9.]+ " \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -207,7 +207,7 @@ SecRule RESPONSE_BODY "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>\n$" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -226,7 +226,7 @@ SecRule RESPONSE_BODY "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ - "
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -245,7 +245,7 @@ SecRule RESPONSE_BODY "@rx ^<!DOCTYPE html>\n<html>\n<!-- By Artyum .*<title>Web
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -264,7 +264,7 @@ SecRule RESPONSE_BODY "@rx <title>lama's'hell v. [0-9.]+</title>" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -283,7 +283,7 @@ SecRule RESPONSE_BODY "@rx ^ *<html>\n[ ]+<head>\n[ ]+<title>lostDC - " \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -302,7 +302,7 @@ SecRule RESPONSE_BODY "@rx ^<title>PHP Web Shell</title>\r\n<html>\r\n<body>\r\n
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -321,7 +321,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\n<head>\n<div align=\"left\"><font size=\"1\"
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -340,7 +340,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\n<head>\n<title>Ru24PostWebShell - " \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -359,7 +359,7 @@ SecRule RESPONSE_BODY "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -378,7 +378,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\r\n<head>\r\n<meta http-equiv=\"Content-Type\
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -397,7 +397,7 @@ SecRule RESPONSE_BODY "@rx ^ <html>\n\n<head>\n\n<title>g00nshell v[0-9.]+ " \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -418,7 +418,7 @@ SecRule RESPONSE_BODY "@contains <title>punkholicshell</title>" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -437,7 +437,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\n <head>\n <title>azrail [0-
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -456,7 +456,7 @@ SecRule RESPONSE_BODY "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=" \
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -475,7 +475,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\n<title>.*? ~ Shell I</title>\n<head>\n<style
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
@ -494,14 +494,14 @@ SecRule RESPONSE_BODY "@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>
tag:'paranoia-level/1',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:955013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:955014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:955013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:955014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
@ -522,20 +522,20 @@ SecRule RESPONSE_BODY "@contains <h1 style=\"margin-bottom: 0\">webadmin.php</h1
tag:'paranoia-level/2',\
tag:'OWASP_CRS',\
tag:'capec/1000/225/122/17/650',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
severity:'CRITICAL',\
setvar:'tx.outbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:955015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:955016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:955015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:955016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:955017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:955018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:955017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:955018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-955-WEB-SHELLS"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

58
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-959-BLOCKING-EVALUATION.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -35,7 +35,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
@ -45,7 +45,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
@ -55,7 +55,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
@ -65,7 +65,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
@ -75,7 +75,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
@ -85,7 +85,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
@ -95,7 +95,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
@ -105,7 +105,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
# at start of phase 4, we reset the aggregate scores to 0 to prevent duplicate counting of per-PL scores
@ -117,7 +117,7 @@ SecAction \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=0'"
SecAction \
@ -127,7 +127,7 @@ SecAction \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=0'"
SecMarker "EARLY_BLOCKING_ANOMALY_SCORING"
@ -141,7 +141,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
@ -151,7 +151,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
@ -161,7 +161,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
@ -171,7 +171,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
@ -181,7 +181,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
@ -191,7 +191,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
@ -201,7 +201,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
@ -211,7 +211,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
t:none,\
nolog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
#
@ -227,7 +227,7 @@ SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_thre
msg:'Outbound Anomaly Score Exceeded in phase 3 (Total Score: %{tx.blocking_outbound_anomaly_score})',\
tag:'anomaly-evaluation',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
chain"
SecRule TX:EARLY_BLOCKING "@eq 1"
@ -240,34 +240,34 @@ SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_thre
msg:'Outbound Anomaly Score Exceeded (Total Score: %{tx.blocking_outbound_anomaly_score})',\
tag:'anomaly-evaluation',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

44
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-980-CORRELATION.conf vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#
@ -28,7 +28,7 @@ SecAction \
nolog,\
noauditlog,\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0',\
ver:'OWASP_CRS/4.2.0',\
setvar:'tx.blocking_anomaly_score=%{tx.blocking_inbound_anomaly_score}',\
setvar:'tx.blocking_anomaly_score=+%{tx.blocking_outbound_anomaly_score}',\
setvar:'tx.detection_anomaly_score=%{tx.detection_inbound_anomaly_score}',\
@ -41,33 +41,33 @@ SecAction \
#
# -= Reporting Level 0 =- (Skip over reporting when tx.reporting_level is 0)
SecRule TX:REPORTING_LEVEL "@eq 0" "id:980041,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REPORTING"
SecRule TX:REPORTING_LEVEL "@eq 0" "id:980041,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REPORTING"
# -= Reporting Level 5 =- (Jump to reporting rule immediately when tx.reporting_level is 5 or greater)
SecRule TX:REPORTING_LEVEL "@ge 5" "id:980042,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:LOG-REPORTING"
SecRule TX:REPORTING_LEVEL "@ge 5" "id:980042,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:LOG-REPORTING"
# -= Zero detection score =- (Skip over reporting when sum of inbound and outbound detection score is equal to 0)
SecRule TX:DETECTION_ANOMALY_SCORE "@eq 0" "id:980043,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REPORTING"
SecRule TX:DETECTION_ANOMALY_SCORE "@eq 0" "id:980043,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REPORTING"
# -= Blocking score exceeds threshold =- (Jump to reporting rule immediately if a blocking score exceeds a threshold)
SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980044,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:LOG-REPORTING"
SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980045,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:LOG-REPORTING"
SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980044,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:LOG-REPORTING"
SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980045,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:LOG-REPORTING"
# -= Reporting Level 2 =- (Skip over reporting when tx.reporting_level is less than 2)
SecRule TX:REPORTING_LEVEL "@lt 2" "id:980046,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REPORTING"
SecRule TX:REPORTING_LEVEL "@lt 2" "id:980046,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REPORTING"
# -= Detection score exceeds threshold =- (Jump to reporting rule immediately if a detection score exceeds a threshold)
SecRule TX:DETECTION_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980047,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:LOG-REPORTING"
SecRule TX:DETECTION_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980048,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:LOG-REPORTING"
SecRule TX:DETECTION_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980047,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:LOG-REPORTING"
SecRule TX:DETECTION_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980048,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:LOG-REPORTING"
# -= Reporting Level 3 =- (Skip over reporting when tx.reporting_level is less than 3)
SecRule TX:REPORTING_LEVEL "@lt 3" "id:980049,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REPORTING"
SecRule TX:REPORTING_LEVEL "@lt 3" "id:980049,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REPORTING"
# -= Blocking score greater than zero =- (Jump to reporting rule immediately when sum of inbound and outbound blocking score is greater than zero)
SecRule TX:BLOCKING_ANOMALY_SCORE "@gt 0" "id:980050,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:LOG-REPORTING"
SecRule TX:BLOCKING_ANOMALY_SCORE "@gt 0" "id:980050,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:LOG-REPORTING"
# -= Reporting Level 4 =- (Skip over reporting when tx.reporting_level is less than 4)
SecRule TX:REPORTING_LEVEL "@lt 4" "id:980051,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-REPORTING"
SecRule TX:REPORTING_LEVEL "@lt 4" "id:980051,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-REPORTING"
# At this point, the reporting level is 4 and there's a non-zero detection
# score (already established by rule 980043) so fall through to the reporting
@ -95,37 +95,37 @@ SecAction \
(SQLI=%{tx.sql_injection_score}, XSS=%{tx.xss_score}, RFI=%{tx.rfi_score}, LFI=%{tx.lfi_score}, RCE=%{tx.rce_score}, PHPI=%{tx.php_injection_score}, HTTP=%{tx.http_violation_score}, SESS=%{tx.session_fixation_score}, COMBINED_SCORE=%{tx.anomaly_score})',\
tag:'reporting',\
tag:'OWASP_CRS',\
ver:'OWASP_CRS/4.1.0'"
ver:'OWASP_CRS/4.2.0'"
SecMarker "END-REPORTING"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
#
# -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
#
# -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
#
# -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
#
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.1.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.2.0',skipAfter:END-RESPONSE-980-CORRELATION"
#
# -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
#

2
src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example vendored
View file

@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP CRS ver.4.1.0
# OWASP CRS ver.4.2.0
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2024 CRS project. All rights reserved.
#

2
src/common/core/modsecurity/files/coreruleset-v4/rules/lfi-os-files.data vendored
View file

@ -143,6 +143,7 @@ boot/grub/grub.cfg
boot/grub/menu.lst
config_dev.yml
config_prod.yml
config.sample.php
config_test.yml
config.inc.php
config.php
@ -154,6 +155,7 @@ configuration.php
cpanel/logs
data/elasticsearch
data/kafka
defaults.inc.php
etc/.java
etc/acpi
etc/adduser.conf

4
src/common/core/modsecurity/files/coreruleset-v4/rules/restricted-files.data vendored
View file

@ -176,6 +176,10 @@ WEB-INF/
sslvpn_websession
# BlockCypher log file used in code examples
BlockCypher.log
# Roundcube Webmail
config.inc.php
config.sample.php
defaults.inc.php
# /proc entries (keep in sync with lfi-os-files.data)
# grep -E "^proc/" lfi-os-files.data

Some files were not shown because too many files have changed in this diff Show more