This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP ModSec CRS Paranoia Mode Sibling 970003

From OWASP
Revision as of 09:31, 22 February 2016 by Zino (talk | contribs) (Created page with "''This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.'' == 970003 : SQL Error Leakage == {|- class=...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.

970003 : SQL Error Leakage

Original ID (2.2.x) Change Whitelisting
970003 Triggers anomaly score directly now none 
 #
 # -=[ SQL Error Leakage ]=-
 #
 # This is a paranoid sibling to 2.2.9 Rule 970003.
 # The rule now triggers the anomaly scoring instantly
 # instead of just setting tx.sql_error_match.
 #
 SecRule RESPONSE_BODY "@pmFromFile sql-errors.data" \
       "phase:response,\
       id:XXXXXX,\
       rev:'5',\
       ver:'OWASP_CRS/3.0.0',\
       pass,\
       nolog,\
       tag:'application-multi',\
       tag:'language-multi',\
       tag:'platform-multi',\
       tag:'attack-information disclosure',\
       setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
       t:none"
Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_ModSec_CRS_Paranoia_Mode_Sibling_970003&oldid=209373"