This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP ModSec CRS Paranoia Mode Sibling 970003"
From OWASP
(Created page with "''This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.'' == 970003 : SQL Error Leakage == {|- class=...") |
|||
Line 33: | Line 33: | ||
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ | setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ | ||
t:none" | t:none" | ||
+ | |||
+ | [[Category:OWASP ModSecurity Core Rule Set Project]] |
Revision as of 07:18, 8 March 2016
This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.
970003 : SQL Error Leakage
Original ID (2.2.x) | Change | Whitelisting |
970003 | Triggers anomaly score directly now | none |
# # -=[ SQL Error Leakage ]=- # # This is a paranoid sibling to 2.2.9 Rule 970003. # The rule now triggers the anomaly scoring instantly # instead of just setting tx.sql_error_match. # SecRule RESPONSE_BODY "@pmFromFile sql-errors.data" \ "phase:response,\ id:XXXXXX,\ rev:'5',\ ver:'OWASP_CRS/3.0.0',\ pass,\ nolog,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-information disclosure',\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ t:none"