This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP ModSec CRS Paranoia Mode Sibling 970003"

From OWASP
Jump to: navigation, search
(Created page with "''This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.'' == 970003 : SQL Error Leakage == {|- class=...")
 
Line 33: Line 33:
 
         setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
 
         setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
 
         t:none"
 
         t:none"
 +
 +
[[Category:OWASP ModSecurity Core Rule Set Project]]

Revision as of 07:18, 8 March 2016

This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.

970003 : SQL Error Leakage

Original ID (2.2.x) Change Whitelisting
970003 Triggers anomaly score directly now none
 #
 # -=[ SQL Error Leakage ]=-
 #
 # This is a paranoid sibling to 2.2.9 Rule 970003.
 # The rule now triggers the anomaly scoring instantly
 # instead of just setting tx.sql_error_match.
 #
 SecRule RESPONSE_BODY "@pmFromFile sql-errors.data" \
       "phase:response,\
       id:XXXXXX,\
       rev:'5',\
       ver:'OWASP_CRS/3.0.0',\
       pass,\
       nolog,\
       tag:'application-multi',\
       tag:'language-multi',\
       tag:'platform-multi',\
       tag:'attack-information disclosure',\
       setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
       t:none"