This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP ModSec CRS Paranoia Mode Sibling 960901"
From OWASP
(Created page with "''This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.'' == 960901 : Invalid character in request ==...") |
(→960901 : Invalid character in request) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 4: | Line 4: | ||
{|- class="wikitable" | {|- class="wikitable" | ||
| − | | ''' | + | | '''RuleID 2.2.x''' |
| + | | '''RuleID 3.0.0-rc1 (original Rule)''' | ||
| + | | '''RuleID 3.0.0-rc1 (paranoid Rule)''' | ||
| '''Change''' | | '''Change''' | ||
| '''Whitelisting''' | | '''Whitelisting''' | ||
|- | |- | ||
| 960901 | | 960901 | ||
| + | | 920270 | ||
| + | | 920271-920274 | ||
| Character byte range limited to 32-126. | | Character byte range limited to 32-126. | ||
| none | | none | ||
| Line 18: | Line 22: | ||
# This is a paranoid sibling to 2.2.x Rule 960901. | # This is a paranoid sibling to 2.2.x Rule 960901. | ||
# Byte range restrictions are now set to 32-126. | # Byte range restrictions are now set to 32-126. | ||
| − | # For | + | # For 3.0.0-rc1 rule, see 920270. |
# | # | ||
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateByteRange 32-126" \ | SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateByteRange 32-126" \ | ||
| Line 39: | Line 43: | ||
setvar:tx.anomaly_score=+%{tx.error_anomaly_score},\ | setvar:tx.anomaly_score=+%{tx.error_anomaly_score},\ | ||
setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}" | setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}" | ||
| + | |||
| + | [[Category:OWASP ModSecurity Core Rule Set Project]] | ||
Latest revision as of 09:12, 10 March 2016
This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.
960901 : Invalid character in request
| RuleID 2.2.x | RuleID 3.0.0-rc1 (original Rule) | RuleID 3.0.0-rc1 (paranoid Rule) | Change | Whitelisting |
| 960901 | 920270 | 920271-920274 | Character byte range limited to 32-126. | none |
#
# [ Invalid character in request ]
#
# This is a paranoid sibling to 2.2.x Rule 960901.
# Byte range restrictions are now set to 32-126.
# For 3.0.0-rc1 rule, see 920270.
#
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateByteRange 32-126" \
"phase:request,\
rev:'2',\
ver:'OWASP_CRS/3.0.0',\
maturity:'9',\
accuracy:'9',\
block,\
msg:'Invalid character in request',\
id:'XXXXXX',\
severity:'ERROR',\
t:none,t:urlDecodeUni,\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-protocol',\
tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.anomaly_score=+%{tx.error_anomaly_score},\
setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}"
