This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP ModSec CRS Paranoia Mode Sibling 960901"
From OWASP
(Created page with "''This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.'' == 960901 : Invalid character in request ==...") |
|||
Line 39: | Line 39: | ||
setvar:tx.anomaly_score=+%{tx.error_anomaly_score},\ | setvar:tx.anomaly_score=+%{tx.error_anomaly_score},\ | ||
setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}" | setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}" | ||
+ | |||
+ | [[Category:OWASP ModSecurity Core Rule Set Project]] |
Revision as of 07:18, 8 March 2016
This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.
960901 : Invalid character in request
Original ID (2.2.x) | Change | Whitelisting |
960901 | Character byte range limited to 32-126. | none |
# # [ Invalid character in request ] # # This is a paranoid sibling to 2.2.x Rule 960901. # Byte range restrictions are now set to 32-126. # For unadapted 3.0.0 Rule see Rule ID 920270. # SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateByteRange 32-126" \ "phase:request,\ rev:'2',\ ver:'OWASP_CRS/3.0.0',\ maturity:'9',\ accuracy:'9',\ block,\ msg:'Invalid character in request',\ id:'XXXXXX',\ severity:'ERROR',\ t:none,t:urlDecodeUni,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-protocol',\ tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.anomaly_score=+%{tx.error_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}"