Skip to content

Commit

Permalink
Merge pull request #3264 from fzipi/release-3.3.5
Browse files Browse the repository at this point in the history
Signed-off-by: Felipe Zipitria <felipe.zipitria@owasp.org>
  • Loading branch information
fzipi committed Jul 21, 2023
2 parents 8331ecb + 736bad4 commit 0bd51ff
Show file tree
Hide file tree
Showing 35 changed files with 471 additions and 471 deletions.
2 changes: 1 addition & 1 deletion crs-setup.conf.example
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.3.5-dev
# OWASP ModSecurity Core Rule Set ver.3.3.5
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved.
#
Expand Down
2 changes: 1 addition & 1 deletion rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.3.5-dev
# OWASP ModSecurity Core Rule Set ver.3.3.5
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved.
#
Expand Down
72 changes: 36 additions & 36 deletions rules/REQUEST-901-INITIALIZATION.conf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.3.5-dev
# OWASP ModSecurity Core Rule Set ver.3.3.5
# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
# Copyright (c) 2021-2023 Core Rule Set project. All rights reserved.
#
Expand All @@ -26,7 +26,7 @@
#
# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecComponentSignature
#
SecComponentSignature "OWASP_CRS/3.3.5-dev"
SecComponentSignature "OWASP_CRS/3.3.5"

#
# -=[ Default setup values ]=-
Expand Down Expand Up @@ -59,7 +59,7 @@ SecRule &TX:crs_setup_version "@eq 0" \
log,\
auditlog,\
msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
severity:'CRITICAL'"


Expand All @@ -77,7 +77,7 @@ SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.inbound_anomaly_score_threshold=5'"

# Default Outbound Anomaly Threshold Level (rule 900110 in setup.conf)
Expand All @@ -86,7 +86,7 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.outbound_anomaly_score_threshold=4'"

# Default Paranoia Level (rule 900000 in setup.conf)
Expand All @@ -95,7 +95,7 @@ SecRule &TX:paranoia_level "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.paranoia_level=1'"

# Default Executing Paranoia Level (rule 900000 in setup.conf)
Expand All @@ -104,7 +104,7 @@ SecRule &TX:executing_paranoia_level "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.executing_paranoia_level=%{TX.PARANOIA_LEVEL}'"

# Default Sampling Percentage (rule 900400 in setup.conf)
Expand All @@ -113,7 +113,7 @@ SecRule &TX:sampling_percentage "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.sampling_percentage=100'"

# Default Anomaly Scores (rule 900100 in setup.conf)
Expand All @@ -122,31 +122,31 @@ SecRule &TX:critical_anomaly_score "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.critical_anomaly_score=5'"

SecRule &TX:error_anomaly_score "@eq 0" \
"id:901141,\
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.error_anomaly_score=4'"

SecRule &TX:warning_anomaly_score "@eq 0" \
"id:901142,\
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.warning_anomaly_score=3'"

SecRule &TX:notice_anomaly_score "@eq 0" \
"id:901143,\
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.notice_anomaly_score=2'"

# Default do_reput_block
Expand All @@ -155,7 +155,7 @@ SecRule &TX:do_reput_block "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.do_reput_block=0'"

# Default block duration
Expand All @@ -164,7 +164,7 @@ SecRule &TX:reput_block_duration "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.reput_block_duration=300'"

# Default HTTP policy: allowed_methods (rule 900200)
Expand All @@ -173,7 +173,7 @@ SecRule &TX:allowed_methods "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"

# Default HTTP policy: allowed_request_content_type (rule 900220)
Expand All @@ -182,7 +182,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'"

# Default HTTP policy: allowed_request_content_type_charset (rule 900270)
Expand All @@ -191,7 +191,7 @@ SecRule &TX:allowed_request_content_type_charset "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.allowed_request_content_type_charset=utf-8|iso-8859-1|iso-8859-15|windows-1252'"

# Default HTTP policy: allowed_http_versions (rule 900230)
Expand All @@ -200,7 +200,7 @@ SecRule &TX:allowed_http_versions "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'"

# Default HTTP policy: restricted_extensions (rule 900240)
Expand All @@ -209,7 +209,7 @@ SecRule &TX:restricted_extensions "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'"

# Default HTTP policy: restricted_headers (rule 900250)
Expand All @@ -218,7 +218,7 @@ SecRule &TX:restricted_headers "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.restricted_headers=/accept-charset/ /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/'"

# Default HTTP policy: static_extensions (rule 900260)
Expand All @@ -227,7 +227,7 @@ SecRule &TX:static_extensions "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'"

# Default enforcing of body processor URLENCODED
Expand All @@ -236,7 +236,7 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.enforce_bodyproc_urlencoded=0'"

# Default check for UTF8 encoding validation
Expand All @@ -245,7 +245,7 @@ SecRule &TX:crs_validate_utf8_encoding "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.crs_validate_utf8_encoding=0'"

# Default monitor_anomaly_score value
Expand All @@ -254,7 +254,7 @@ SecRule &TX:monitor_anomaly_score "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.monitor_anomaly_score=0'"

#
Expand All @@ -272,7 +272,7 @@ SecAction \
pass,\
t:none,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.anomaly_score=0',\
setvar:'tx.anomaly_score_pl1=0',\
setvar:'tx.anomaly_score_pl2=0',\
Expand Down Expand Up @@ -309,7 +309,7 @@ SecRule REQUEST_HEADERS:User-Agent "@rx ^.*$" \
pass,\
t:none,t:sha1,t:hexEncode,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'tx.ua_hash=%{MATCHED_VAR}'"

SecAction \
Expand All @@ -318,7 +318,7 @@ SecAction \
pass,\
t:none,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
initcol:global=global,\
initcol:ip=%{remote_addr}_%{tx.ua_hash},\
setvar:'tx.real_ip=%{remote_addr}'"
Expand All @@ -338,7 +338,7 @@ SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \
noauditlog,\
msg:'Enabling body inspection',\
ctl:forceRequestBodyVariable=On,\
ver:'OWASP_CRS/3.3.5-dev'"
ver:'OWASP_CRS/3.3.5'"

# Force body processor URLENCODED
SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \
Expand All @@ -349,7 +349,7 @@ SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \
nolog,\
noauditlog,\
msg:'Enabling forced body inspection for ASCII content',\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
chain"
SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \
"ctl:requestBodyProcessor=URLENCODED"
Expand Down Expand Up @@ -388,7 +388,7 @@ SecRule TX:sampling_percentage "@eq 100" \
phase:1,\
pass,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
skipAfter:END-SAMPLING"

SecRule UNIQUE_ID "@rx ^." \
Expand All @@ -397,7 +397,7 @@ SecRule UNIQUE_ID "@rx ^." \
pass,\
t:sha1,t:hexEncode,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'TX.sampling_rnd100=%{MATCHED_VAR}'"

SecRule DURATION "@rx (..)$" \
Expand All @@ -406,7 +406,7 @@ SecRule DURATION "@rx (..)$" \
pass,\
capture,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'TX.sampling_rnd100=%{TX.sampling_rnd100}%{TX.1}'"

SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
Expand All @@ -415,7 +415,7 @@ SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
pass,\
capture,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'"

SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \
Expand All @@ -424,7 +424,7 @@ SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \
pass,\
capture,\
nolog,\
ver:'OWASP_CRS/3.3.5-dev',\
ver:'OWASP_CRS/3.3.5',\
setvar:'TX.sampling_rnd100=%{TX.1}'"


Expand All @@ -449,7 +449,7 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \
noauditlog,\
msg:'Sampling: Disable the rule engine based on sampling_percentage %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\
ctl:ruleEngine=Off,\
ver:'OWASP_CRS/3.3.5-dev'"
ver:'OWASP_CRS/3.3.5'"

SecMarker "END-SAMPLING"

Expand All @@ -467,4 +467,4 @@ SecRule TX:executing_paranoia_level "@lt %{tx.paranoia_level}" \
t:none,\
log,\
msg:'Executing paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\
ver:'OWASP_CRS/3.3.5-dev'"
ver:'OWASP_CRS/3.3.5'"
Loading

0 comments on commit 0bd51ff

Please sign in to comment.