diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 271d31b2f..fe19c468e 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -47,7 +47,7 @@ body: label: BunkerWeb version description: What version of BunkerWeb are you running? placeholder: Version - value: 1.5.8 + value: 1.5.9 validations: required: true - type: dropdown diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 8971cde01..d38d96bc2 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -92,7 +92,7 @@ jobs: # Build cached image - name: Build image if: inputs.CACHE == true - uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0 + uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0 with: context: . file: ${{ inputs.DOCKERFILE }} @@ -105,7 +105,7 @@ jobs: # Build non-cached image - name: Build image if: inputs.CACHE != true - uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0 + uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0 with: context: . file: ${{ inputs.DOCKERFILE }} diff --git a/.github/workflows/linux-build.yml b/.github/workflows/linux-build.yml index 6770c86f3..f5f5dfdfe 100644 --- a/.github/workflows/linux-build.yml +++ b/.github/workflows/linux-build.yml @@ -94,7 +94,7 @@ jobs: # Build testing package image - name: Build package image if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui' - uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0 + uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0 with: context: . load: true @@ -106,7 +106,7 @@ jobs: # Build non-testing package image - name: Build package image if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev' - uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0 + uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0 with: context: . load: true @@ -142,7 +142,7 @@ jobs: images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }} - name: Build test image if: inputs.TEST == true - uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0 + uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0 with: context: . file: tests/linux/Dockerfile-${{ inputs.LINUX }} diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 0afab6d21..fca9206e6 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -70,7 +70,7 @@ jobs: images: bunkerity/${{ inputs.IMAGE }} # Build and push - name: Build and push - uses: docker/build-push-action@c382f710d39a5bb4e430307530a720f50c2d3318 # v6.0.0 + uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 # v6.2.0 with: context: . file: ${{ inputs.DOCKERFILE }} diff --git a/.github/workflows/push-github.yml b/.github/workflows/push-github.yml index 3ebaa8004..679b9dedc 100644 --- a/.github/workflows/push-github.yml +++ b/.github/workflows/push-github.yml @@ -51,7 +51,7 @@ jobs: # Create release - name: Create release if: inputs.VERSION != 'testing' - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 with: body: | Documentation : https://docs.bunkerweb.io/${{ inputs.VERSION }}/ @@ -75,7 +75,7 @@ jobs: # Create release - name: Create release if: inputs.VERSION == 'testing' - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 with: body: | **The testing version of BunkerWeb should not be used in production, please use the latest stable version instead.** diff --git a/.github/workflows/push-packagecloud.yml b/.github/workflows/push-packagecloud.yml index 260594ff9..242dce064 100644 --- a/.github/workflows/push-packagecloud.yml +++ b/.github/workflows/push-packagecloud.yml @@ -42,7 +42,7 @@ jobs: - name: Check out repository code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install ruby - uses: ruby/setup-ruby@3783f195e29b74ae398d7caca108814bbafde90e # v1.180.1 + uses: ruby/setup-ruby@af43264f2b94cc8451805dc51af7408f01de6471 # v1.182.0 with: ruby-version: "3.0" - name: Install packagecloud diff --git a/CHANGELOG.md b/CHANGELOG.md index 6291b273b..3c5c143e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Changelog -## v1.5.8 - ????/??/?? +## v1.5.9 - ????/??/?? + +- [BUGFIX] Fix compatibility issues with mysql 8.4+ version and the `backup` plugin by adding the `mariadb-connector-c` dependency to the scheduler Dockerfile (on alpine) +- [SECURITY] Update security headers in default pages and error pages for improved security +- [DEPS] Updated LuaJIT version to v2.1-20240626 +- [DEPS] Updated coreruleset-v4 version to v4.4.0 + +## v1.5.8 - 2024/06/19 - [LINUX] Support Fedora 40 and drop support of Fedora 39 - [BUGFIX] Fix potential errors when upgrading from a previous version diff --git a/README.md b/README.md index 614fb87fb..45493b090 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

- BunkerWeb logo + BunkerWeb logo

@@ -26,7 +26,7 @@ | 👨‍💻 Demo | - 🛡️ Examples + 🛡️ Examples | 💬 Chat | @@ -44,14 +44,14 @@ # BunkerWeb

- Overview banner + Overview banner

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). -Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.8/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. +Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.5.9/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. -BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.8/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.8/plugins/?utm_campaign=self&utm_source=github). +BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.5.9/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.5.9/plugins/?utm_campaign=self&utm_source=github). ## Why BunkerWeb ? @@ -76,7 +76,7 @@ A non-exhaustive list of security features : - **Block known bad IPs** with external blacklists and DNSBL - And much more ... -Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.8/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation. +Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.5.9/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation. ## Demo @@ -105,13 +105,13 @@ When using BunkerWeb you have the choice of the version you want to use : open-s Whether it's enhanced security, an enriched user experience, or technical supervision, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs. -Be it in the documentation or the user interface, the PRO features are annotated with a crown crow pro icon to distinguish them from those integrated into the open-source version. +Be it in the documentation or the user interface, the PRO features are annotated with a crown crow pro icon to distinguish them from those integrated into the open-source version. You can upgrade from the open-source version to the PRO one easily and at any time you want. The process is pretty straightforward : - Claim your [free trial on the BunkerWeb panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) - Once connected to the client area, copy your PRO license key -- Paste your private key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.5.8/web-ui/#upgrade-to-pro) or [specific setting](https://docs.bunkerweb.io/1.5.8/settings/#pro) +- Paste your private key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.5.9/web-ui/#upgrade-to-pro) or [specific setting](https://docs.bunkerweb.io/1.5.9/settings/#pro) Do not hesitate to visit the [BunkerWeb panel](https://panel.bunkerweb.io/knowledgebase?utm_campaign=self&utm_source=doc) or [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question regarding the PRO version. @@ -144,10 +144,10 @@ Community and social networks : # Concepts

- Concepts banner + Concepts banner

-You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.8/concepts/?utm_campaign=self&utm_source=github). +You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.5.9/concepts/?utm_campaign=self&utm_source=github). ## Integrations @@ -155,12 +155,12 @@ The first concept is the integration of BunkerWeb into the target environment. W The following integrations are officially supported : -- [Docker](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker) -- [Linux](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#linux) -- [Docker autoconf](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) -- [Kubernetes](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#kubernetes) -- [Swarm](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#swarm) -- [Microsoft Azure](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) +- [Docker](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#docker) +- [Linux](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#linux) +- [Docker autoconf](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) +- [Kubernetes](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#kubernetes) +- [Swarm](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#swarm) +- [Microsoft Azure](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) ## Settings @@ -192,7 +192,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap ## Custom configurations -Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.8/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges. +Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.5.9/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges. Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block). @@ -201,7 +201,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall ## Database

- Database model + Database model

State of the current configuration of BunkerWeb is stored in a backend database which contains the following data : @@ -230,7 +230,7 @@ In other words, the scheduler is the brain of BunkerWeb. ## BunkerWeb Cloud

- Docker banner + Docker banner

BunkerWeb Cloud is the easiest way to get started with BunkerWeb. It offers you a fully managed BunkerWeb service with no hassle. Think of a like a BunkerWeb-as-a-Service ! @@ -240,7 +240,7 @@ You will find more information about BunkerWeb Cloud beta [here](https://www.bun ## Docker

- Docker banner + Docker banner

We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity). @@ -251,46 +251,46 @@ Docker integration key concepts are : - **Scheduler** container to store configuration and execute jobs - **Networks** to expose ports for clients and connect to upstream web services -You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation. +You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation. ## Docker autoconf

- Docker autoconf banner + Docker autoconf banner

The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container. Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest. -You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation. +You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation. ## Swarm

- Swarm banner + Swarm banner

To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime. -Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix. +Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix. -You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation. +You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation. ## Kubernetes

- Kubernetes banner + Kubernetes banner

The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations. -You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation. +You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation. ## Linux

- Linux banner + Linux banner

List of supported Linux distros : @@ -304,21 +304,21 @@ List of supported Linux distros : Repositories of Linux packages for BunkerWeb are available on [PackageCloud](https://packagecloud.io/bunkerity/bunkerweb), they provide a bash script to automatically add and trust the repository (but you can also follow the [manual installation](https://packagecloud.io/bunkerity/bunkerweb/install) instructions if you prefer). -You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation. +You will find more information in the [Linux section](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#linux) of the documentation. ## Microsoft Azure

- Azure banner + Azure banner

-BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and a ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/misc/integrations/azure-arm-template.json). +BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and a ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.5.9/misc/integrations/azure-arm-template.json). -You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.5.8/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation. +You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.5.9/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation. # Quickstart guide -Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.8/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases : +Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.5.9/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases : - Protecting a single HTTP application - Protecting multiple HTTP application @@ -329,9 +329,9 @@ Once you have setup BunkerWeb with the integration of your choice, you can follo # Security tuning -BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.8/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives. +BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.5.9/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives. -You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.8/security-tuning/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.5.9/security-tuning/?utm_campaign=self&utm_source=github) of the documentation. # Settings @@ -341,13 +341,13 @@ As a general rule when multisite mode is enabled, if you want to apply settings When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example. -Check the [settings section](https://docs.bunkerweb.io/1.5.8/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list. +Check the [settings section](https://docs.bunkerweb.io/1.5.9/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list. # Web UI

- +

@@ -361,7 +361,7 @@ The "Web UI" is a web application that helps you manage your BunkerWeb instance - Monitor jobs execution - View the logs and search pattern -You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.8/web-ui/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.5.9/web-ui/?utm_campaign=self&utm_source=github) of the documentation. # Plugins @@ -379,7 +379,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug | **VirusTotal** | 1.5 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) | | **WebHook** | 1.5 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/slack](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) | -You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.8/plugins/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [plugins section](https://docs.bunkerweb.io/1.5.9/plugins/?utm_campaign=self&utm_source=github) of the documentation. # Support @@ -402,15 +402,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) # License -This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/LICENSE.md). +This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.5.9/LICENSE.md). # Contribute -If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/CONTRIBUTING.md) to get started. +If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.5.9/CONTRIBUTING.md) to get started. # Security policy -We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.8/SECURITY.md) for more information. +We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.5.9/SECURITY.md) for more information. # Stargazers over time diff --git a/docs/concepts.md b/docs/concepts.md index 543cad4bb..f0d8b683d 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -83,7 +83,7 @@ app3.example.com_USE_BAD_BEHAVIOR=no !!! info "Going further" - You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples) directory of the repository. + You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/examples) directory of the repository. ## Custom configurations @@ -97,7 +97,7 @@ By leveraging custom configurations, you unlock a world of possibilities to tail !!! info "Going further" - You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples) directory of the repository. + You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/examples) directory of the repository. ## Database diff --git a/docs/integrations.md b/docs/integrations.md index 6398ac129..6aaaae960 100644 --- a/docs/integrations.md +++ b/docs/integrations.md @@ -35,13 +35,13 @@ By accessing these prebuilt images from Docker Hub, you can quickly pull and run Whether you're conducting tests, developing applications, or deploying BunkerWeb in production, the Docker containerization option provides flexibility and ease of use. Embracing this method empowers you to take full advantage of BunkerWeb's features while leveraging the benefits of Docker technology. ```shell -docker pull bunkerity/bunkerweb:1.5.8 +docker pull bunkerity/bunkerweb:1.5.9 ``` Docker images are also available on [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) and can be downloaded using the `ghcr.io` repository address : ```shell -docker pull ghcr.io/bunkerity/bunkerweb:1.5.8 +docker pull ghcr.io/bunkerity/bunkerweb:1.5.9 ``` Alternatively, if you prefer a more hands-on approach, you have the option to build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb). Building the image from source gives you greater control and customization over the deployment process. However, please note that this method may take some time to complete, depending on your hardware configuration. @@ -71,7 +71,7 @@ When integrating BunkerWeb with Docker, there are key concepts to keep in mind, - **Networks**: Docker networks play a vital role in the integration of BunkerWeb. These networks serve two main purposes: exposing ports to clients and connecting to upstream web services. By exposing ports, BunkerWeb can accept incoming requests from clients, allowing them to access the protected web services. Additionally, by connecting to upstream web services, BunkerWeb can efficiently route and manage the traffic, providing enhanced security and performance. !!! info "Database backend" - Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) folder of the repository for more information. ### Environment variables @@ -81,7 +81,7 @@ Settings are passed to BunkerWeb using Docker environment variables : ... services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 labels: - "bunkerweb.INSTANCE=yes" environment: @@ -100,7 +100,7 @@ Please note that the `bunkerweb.INSTANCE` is mandatory to make sure the schedule The [scheduler](concepts.md#scheduler) is executed in its own container which is also available on Docker Hub : ```shell -docker pull bunkerity/bunkerweb-scheduler:1.5.8 +docker pull bunkerity/bunkerweb-scheduler:1.5.9 ``` Alternatively, you can build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb) (less coffee ☕ needed than BunkerWeb image) : @@ -117,7 +117,7 @@ A volume is needed to store the SQLite database that will be used by the schedul ... services: bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 volumes: - bw-data:/data ... @@ -179,7 +179,7 @@ You will need to create the Docker API proxy container, mount the socket and set ... services: bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 env: - DOCKER_HOST=tcp://bw-docker:2375 ... @@ -227,7 +227,7 @@ To secure the communication between the scheduler and BunkerWeb API, it is impor ... services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -236,7 +236,7 @@ services: - bw-universe ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 networks: - bw-universe - bw-docker @@ -266,7 +266,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -280,7 +280,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -371,12 +371,12 @@ To simplify the installation process, Linux package repositories for BunkerWeb a export UI_WIZARD=1 ``` - And finally install BunkerWeb 1.5.8 : + And finally install BunkerWeb 1.5.9 : ```shell curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \ sudo apt update && \ - sudo -E apt install -y bunkerweb=1.5.8 + sudo -E apt install -y bunkerweb=1.5.9 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command : @@ -418,12 +418,12 @@ To simplify the installation process, Linux package repositories for BunkerWeb a export UI_WIZARD=1 ``` - And finally install BunkerWeb 1.5.8 : + And finally install BunkerWeb 1.5.9 : ```shell curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.deb.sh | sudo bash && \ sudo apt update && \ - sudo -E apt install -y bunkerweb=1.5.8 + sudo -E apt install -y bunkerweb=1.5.9 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command : @@ -453,14 +453,14 @@ To simplify the installation process, Linux package repositories for BunkerWeb a export UI_WIZARD=1 ``` - And finally install BunkerWeb 1.5.8 : + And finally install BunkerWeb 1.5.9 : ```shell curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | \ sed 's/yum install -y pygpgme --disablerepo='\''bunkerity_bunkerweb'\''/yum install -y python-gnupg/g' | \ sed 's/pypgpme_check=`rpm -qa | grep -qw pygpgme`/python-gnupg_check=`rpm -qa | grep -qw python-gnupg`/g' | sudo bash && \ sudo dnf makecache && \ - sudo -E dnf install -y bunkerweb-1.5.8 + sudo -E dnf install -y bunkerweb-1.5.9 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command : @@ -504,13 +504,13 @@ To simplify the installation process, Linux package repositories for BunkerWeb a export UI_WIZARD=1 ``` - And finally install BunkerWeb 1.5.8 : + And finally install BunkerWeb 1.5.9 : ```shell sudo dnf install -y epel-release && \ curl -s https://packagecloud.io/install/repositories/bunkerity/bunkerweb/script.rpm.sh | sudo bash && \ sudo dnf check-update && \ - sudo -E dnf install -y bunkerweb-1.5.8 + sudo -E dnf install -y bunkerweb-1.5.9 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command : @@ -558,7 +558,7 @@ By adopting this approach, you can enjoy real-time reconfiguration of BunkerWeb The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](concepts.md#multisite-mode) of the documentation for more information. !!! info "Database backend" - Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) folder of the repository for more information. To enable automated configuration updates, include an additional container called `bw-autoconf` in the stack. This container hosts the autoconf service, which manages dynamic configuration changes for BunkerWeb. To support this functionality, use a dedicated "real" database backend (e.g., MariaDB, MySQL, or PostgreSQL) for synchronized configuration storage. By integrating `bw-autoconf` and a suitable database backend, you establish the infrastructure for seamless automated configuration management in BunkerWeb. @@ -567,7 +567,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -584,7 +584,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -597,7 +597,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -689,7 +689,7 @@ For an optimal setup, it is recommended to define BunkerWeb as a **[DaemonSet](h Given the presence of multiple BunkerWeb instances, it is necessary to establish a shared data store implemented as a [Redis](https://redis.io/) service. This Redis service will be utilized by the instances to cache and share data among themselves. Further information about the Redis settings can be found [here](settings.md#redis). !!! info "Database backend" - Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) folder of the repository for more information. Clustered database backends setup are out-of-the-scope of this documentation. @@ -750,7 +750,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -820,7 +820,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -847,7 +847,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -1010,7 +1010,7 @@ Since multiple instances of BunkerWeb are running, a shared data store implement As for the database volume, the documentation does not specify a specific approach. Choosing either a shared folder or a specific driver for the database volume is dependent on your unique use-case and is left as an exercise for the reader. !!! info "Database backend" - Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) folder of the repository for more information. Clustered database backends setup are out-of-the-scope of this documentation. @@ -1021,7 +1021,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -1051,7 +1051,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -1083,7 +1083,7 @@ services: - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 diff --git a/docs/plugins.md b/docs/plugins.md index a3447ea14..2c7128686 100644 --- a/docs/plugins.md +++ b/docs/plugins.md @@ -91,7 +91,7 @@ The first step is to install the plugin by putting the plugin files inside the c services: ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 volumes: - ./bw-data:/data ... @@ -128,7 +128,7 @@ The first step is to install the plugin by putting the plugin files inside the c services: ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 volumes: - ./bw-data:/data ... @@ -167,7 +167,7 @@ The first step is to install the plugin by putting the plugin files inside the c services: ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 volumes: - /shared/bw-plugins:/data/plugins ... @@ -214,7 +214,7 @@ The first step is to install the plugin by putting the plugin files inside the c serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -254,7 +254,7 @@ The first step is to install the plugin by putting the plugin files inside the c !!! tip "Existing plugins" - If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking). + If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking). What a plugin structure looks like : ``` @@ -524,7 +524,7 @@ end !!! tip "More examples" - If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/src/bw/lua/bunkerweb) of the repository. + If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/src/bw/lua/bunkerweb) of the repository. ### Jobs diff --git a/docs/quickstart-guide.md b/docs/quickstart-guide.md index 5a4d4ec8e..19aa6e7b7 100644 --- a/docs/quickstart-guide.md +++ b/docs/quickstart-guide.md @@ -6,7 +6,7 @@ !!! tip "Going further" - To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples) of the repository to get real-world examples. + To demonstrate the use of BunkerWeb, we will deploy a dummy "Hello World" web application as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/examples) of the repository to get real-world examples. ## Protect HTTP applications @@ -37,7 +37,7 @@ You will find more settings about reverse proxy in the [settings section](settin - bw-services bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -54,7 +54,7 @@ You will find more settings about reverse proxy in the [settings section](settin - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -295,7 +295,7 @@ You will find more settings about reverse proxy in the [settings section](settin - bw-services bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -315,7 +315,7 @@ You will find more settings about reverse proxy in the [settings section](settin - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -634,7 +634,7 @@ REAL_IP_HEADER=X-Forwarded-For ```yaml mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ... environment: - USE_REAL_IP=yes @@ -649,7 +649,7 @@ REAL_IP_HEADER=X-Forwarded-For ```yaml mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ... environment: - USE_REAL_IP=yes @@ -664,7 +664,7 @@ REAL_IP_HEADER=X-Forwarded-For ```yaml mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ... environment: - USE_REAL_IP=yes @@ -738,7 +738,7 @@ REAL_IP_HEADER=proxy_protocol ```yaml mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ... environment: - USE_REAL_IP=yes @@ -754,7 +754,7 @@ REAL_IP_HEADER=proxy_protocol ```yaml mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ... environment: - USE_REAL_IP=yes @@ -770,7 +770,7 @@ REAL_IP_HEADER=proxy_protocol ```yaml mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ... environment: - USE_REAL_IP=yes @@ -869,7 +869,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett - bw-services bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 # Keep it if you want to use Let's Encrypt automation - 10000:10000 # app1 @@ -891,7 +891,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -940,7 +940,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 # Keep it if you want to use Let's Encrypt automation - 10000:10000 # app1 @@ -998,7 +998,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: # Keep it if you want to use Let's Encrypt automation - published: 80 @@ -1142,7 +1142,7 @@ Some integrations provide more convenient ways to apply configurations, such as ```yaml ... mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 environment: - | CUSTOM_CONF_SERVER_HTTP_hello-world= @@ -1185,7 +1185,7 @@ Some integrations provide more convenient ways to apply configurations, such as ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 volumes: - ./bw-data:/data ... @@ -1255,7 +1255,7 @@ Some integrations provide more convenient ways to apply configurations, such as ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 volumes: - ./bw-data:/data ... @@ -1439,7 +1439,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma - bw-services bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 volumes: - ./www:/var/www/html ports: @@ -1462,7 +1462,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -1540,7 +1540,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 volumes: - ./www:/var/www/html labels: @@ -1554,7 +1554,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -1698,7 +1698,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 volumes: - /shared/www:/var/www/html ... @@ -1889,7 +1889,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 environment: - USE_IPv6=yes @@ -1934,7 +1934,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 environment: - USE_IPv6=yes diff --git a/docs/requirements.in b/docs/requirements.in index a812d8425..36ffcfc90 100644 --- a/docs/requirements.in +++ b/docs/requirements.in @@ -1,4 +1,4 @@ -mike==2.1.1 +mike==2.1.2 mkdocs-material[imaging]==9.5.27 mkdocs-print-site-plugin==2.5.0 pytablewriter==1.2.0 diff --git a/docs/requirements.txt b/docs/requirements.txt index 9e156d26c..be154a842 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -8,9 +8,9 @@ babel==2.15.0 \ --hash=sha256:08706bdad8d0a3413266ab61bd6c34d0c28d6e1e7badf40a2cebe67644e2e1fb \ --hash=sha256:8daf0e265d05768bc6c7a314cf1321e9a123afc328cc635c18622a2f30a04413 # via mkdocs-material -cairocffi==1.7.0 \ - --hash=sha256:1f29a8d41dbda4090c0aa33bcdea64f3b493e95f74a43ea107c4a8a7b7f632ef \ - --hash=sha256:7761863603894305f3160eca68452f373433ca8745ab7dd445bd2c6ce50dcab7 +cairocffi==1.7.1 \ + --hash=sha256:2e48ee864884ec4a3a34bfa8c9ab9999f688286eb714a15a43ec9d068c36557b \ + --hash=sha256:9803a0e11f6c962f3b0ae2ec8ba6ae45e957a146a004697a1ac1bbf16b073b3f # via cairosvg cairosvg==2.7.1 \ --hash=sha256:432531d72347291b9a9ebfb6777026b607563fd8719c46ee742db0aef7271ba0 \ @@ -200,9 +200,9 @@ idna==3.7 \ --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \ --hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0 # via requests -importlib-metadata==7.1.0 \ - --hash=sha256:30962b96c0c223483ed6cc7280e7f0199feb01a0e40cfae4d4450fc6fab1f570 \ - --hash=sha256:b78938b926ee8d5f020fc4772d487045805a55ddbad2ecf21c6d60938dc7fcd2 +importlib-metadata==8.0.0 \ + --hash=sha256:15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f \ + --hash=sha256:188bd24e4c346d3f0a933f275c2fec67050326a856b9a359881d7c2a697e8812 # via # markdown # mike @@ -303,9 +303,9 @@ mergedeep==1.3.4 \ # via # mkdocs # mkdocs-get-deps -mike==2.1.1 \ - --hash=sha256:0b1d01a397a423284593eeb1b5f3194e37169488f929b860c9bfe95c0d5efb79 \ - --hash=sha256:f39ed39f3737da83ad0adc33e9f885092ed27f8c9e7ff0523add0480352a2c22 +mike==2.1.2 \ + --hash=sha256:d59cc8054c50f9c8a046cfd47f9b700cf9ff1b2b19f420bd8812ca6f94fa8bd3 \ + --hash=sha256:d61d9b423ab412d634ca2bd520136d5114e3cc73f4bbd1aa6a0c6625c04918c0 # via -r requirements.in mkdocs==1.6.0 \ --hash=sha256:1eb5cb7676b7d89323e62b56235010216319217d4af5ddc543a91beb8d125ea7 \ @@ -608,9 +608,9 @@ requests==2.32.3 \ # importlib-resources # The following packages are considered to be unsafe in a requirements file: -setuptools==70.0.0 \ - --hash=sha256:54faa7f2e8d2d11bcd2c07bed282eef1046b5c080d1c32add737d7b5817b1ad4 \ - --hash=sha256:f211a66637b8fa059bb28183da127d4e86396c991a942b028c6650d4319c3fd0 +setuptools==70.1.1 \ + --hash=sha256:937a48c7cdb7a21eb53cd7f9b59e525503aa8abaf3584c730dc5f7a5bec3a650 \ + --hash=sha256:a58a8fde0541dab0419750bcc521fbdf8585f6e5cb41909df3a472ef7b81ca95 # via mkdocs-material six==1.16.0 \ --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \ diff --git a/docs/security-tuning.md b/docs/security-tuning.md index 0642805c4..01bc61026 100644 --- a/docs/security-tuning.md +++ b/docs/security-tuning.md @@ -256,7 +256,7 @@ ModSecurity is integrated and enabled by default alongside the OWASP Core Rule S You can choose between the following versions of the OWASP Core Rule Set : - **3** : The version [v3.3.5](https://github.com/coreruleset/coreruleset/releases/tag/v3.3.5) of the OWASP Core Rule Set (***default***) -- **4** : The version [v4.2.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.2.0) of the OWASP Core Rule Set +- **4** : The version [v4.4.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.4.0) of the OWASP Core Rule Set - **nightly** : The latest [nightly](https://github.com/coreruleset/coreruleset/releases/tag/nightly) build of the OWASP Core Rule Set which is updated every day !!! example "OWASP Core Rule Set's nightly build" @@ -605,7 +605,7 @@ You can quickly protect sensitive resources like the admin area for example, by ### Auth request -You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/examples). +You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/examples). **Auth request settings are related to reverse proxy rules.** diff --git a/docs/upgrading.md b/docs/upgrading.md index 8c65d696c..5d34fb277 100644 --- a/docs/upgrading.md +++ b/docs/upgrading.md @@ -128,16 +128,16 @@ ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 ... bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 ... bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 ... ``` @@ -170,7 +170,7 @@ Them, you can update BunkerWeb package : ```shell - sudo apt install -y bunkerweb=1.5.8 + sudo apt install -y bunkerweb=1.5.9 ``` To prevent upgrading BunkerWeb package when executing `apt upgrade`, you can use the following command : @@ -194,7 +194,7 @@ Them, you can update BunkerWeb package : ```shell - sudo dnf install -y bunkerweb-1.5.8 + sudo dnf install -y bunkerweb-1.5.9 ``` To prevent upgrading BunkerWeb package when executing `dnf upgrade`, you can use the following command : @@ -380,7 +380,7 @@ !!! warning "Read this if you were a 1.4.X user" - A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) folder of the repository. + A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) folder of the repository. ### Scheduler diff --git a/docs/web-ui.md b/docs/web-ui.md index 677e25a19..914ea9f97 100644 --- a/docs/web-ui.md +++ b/docs/web-ui.md @@ -31,7 +31,7 @@ Because the web UI is a web application, the recommended installation procedure * Do not open the web UI on the Internet without any further restrictions * Apply settings listed in the [security tuning section](security-tuning.md) of the documentation - **Please note that using HTTPS in front the web UI is mandatory since version 1.5.8 of BunkerWeb.** + **Please note that using HTTPS in front the web UI is mandatory since version 1.5.9 of BunkerWeb.** !!! info "Multisite mode" @@ -82,7 +82,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -98,7 +98,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -120,7 +120,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker environment: @@ -173,7 +173,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -190,7 +190,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -203,7 +203,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -238,7 +238,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 networks: bw-docker: bw-universe: @@ -280,7 +280,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -310,7 +310,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -338,7 +338,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -365,7 +365,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-universe bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -456,7 +456,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -529,7 +529,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -556,7 +556,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -641,7 +641,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -840,7 +840,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) of the repository. Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -849,7 +849,7 @@ After a successful login/password combination, you will be prompted to enter you services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -874,7 +874,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -896,7 +896,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker environment: @@ -962,7 +962,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) of the repository. Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -971,7 +971,7 @@ After a successful login/password combination, you will be prompted to enter you services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -988,7 +988,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -1001,7 +1001,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -1036,7 +1036,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 networks: bw-docker: bw-universe: @@ -1098,7 +1098,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) of the repository. Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -1107,7 +1107,7 @@ After a successful login/password combination, you will be prompted to enter you services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -1137,7 +1137,7 @@ After a successful login/password combination, you will be prompted to enter you - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -1165,7 +1165,7 @@ After a successful login/password combination, you will be prompted to enter you - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -1192,7 +1192,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-universe bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 environment: - DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database - DOCKER_HOST=tcp://bw-docker:2375 @@ -1247,7 +1247,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.8/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.5.9/misc/integrations) of the repository. Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -1302,7 +1302,7 @@ After a successful login/password combination, you will be prompted to enter you containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -1372,7 +1372,7 @@ After a successful login/password combination, you will be prompted to enter you serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -1399,7 +1399,7 @@ After a successful login/password combination, you will be prompted to enter you serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -1484,7 +1484,7 @@ After a successful login/password combination, you will be prompted to enter you serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 imagePullPolicy: Always env: - name: ADMIN_USERNAME diff --git a/examples/authelia/docker-compose.yml b/examples/authelia/docker-compose.yml index 313c38d0d..8507a2f81 100644 --- a/examples/authelia/docker-compose.yml +++ b/examples/authelia/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.4" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -44,7 +44,7 @@ services: - app2.example.com_REVERSE_PROXY_HEADERS=Remote-User $$user;Remote-Groups $$groups;Remote-Name $$name;Remote-Email $$email bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/authentik/docker-compose.yml b/examples/authentik/docker-compose.yml index 2ea761d45..09bd45618 100644 --- a/examples/authentik/docker-compose.yml +++ b/examples/authentik/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.4" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -53,7 +53,7 @@ services: - app2.example.com_REVERSE_PROXY_HEADERS=X-authentik-username $$authentik_username;X-authentik-groups $$authentik_groups;X-authentik-email $$authentik_email;X-authentik-name $$authentik_name;X-authentik-uid $$authentik_uid bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/behind-reverse-proxy/docker-compose.yml b/examples/behind-reverse-proxy/docker-compose.yml index e89935e03..f0c93bbda 100644 --- a/examples/behind-reverse-proxy/docker-compose.yml +++ b/examples/behind-reverse-proxy/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 environment: - SERVER_NAME=www.example.com # replace with your domains - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 @@ -24,7 +24,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/bigbluebutton/docker-compose.yml b/examples/bigbluebutton/docker-compose.yml index de73df8f5..893d97dab 100644 --- a/examples/bigbluebutton/docker-compose.yml +++ b/examples/bigbluebutton/docker-compose.yml @@ -27,7 +27,7 @@ services: ... mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -50,7 +50,7 @@ services: bw-universe: bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/certbot-dns-cloudflare/docker-compose.yml b/examples/certbot-dns-cloudflare/docker-compose.yml index 6e2028a8a..479c06f54 100644 --- a/examples/certbot-dns-cloudflare/docker-compose.yml +++ b/examples/certbot-dns-cloudflare/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -33,7 +33,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/certbot-dns-digitalocean/docker-compose.yml b/examples/certbot-dns-digitalocean/docker-compose.yml index 98ceb0c7b..3b1c9e675 100644 --- a/examples/certbot-dns-digitalocean/docker-compose.yml +++ b/examples/certbot-dns-digitalocean/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -33,7 +33,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/certbot-dns-google/docker-compose.yml b/examples/certbot-dns-google/docker-compose.yml index 03e358327..f9c5e151d 100644 --- a/examples/certbot-dns-google/docker-compose.yml +++ b/examples/certbot-dns-google/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -33,7 +33,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/certbot-dns-ovh/docker-compose.yml b/examples/certbot-dns-ovh/docker-compose.yml index 316f4f93e..af6aea582 100644 --- a/examples/certbot-dns-ovh/docker-compose.yml +++ b/examples/certbot-dns-ovh/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -33,7 +33,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/certbot-dns-route53/docker-compose.yml b/examples/certbot-dns-route53/docker-compose.yml index 73f9a49bc..0f1c667a9 100644 --- a/examples/certbot-dns-route53/docker-compose.yml +++ b/examples/certbot-dns-route53/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -33,7 +33,7 @@ services: - bw-services bbw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/cors/docker-compose.yml b/examples/cors/docker-compose.yml index 62769377e..ab17bf8f4 100644 --- a/examples/cors/docker-compose.yml +++ b/examples/cors/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -38,7 +38,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/docker-configs/docker-compose.yml b/examples/docker-configs/docker-compose.yml index ef823a05b..601ed117a 100644 --- a/examples/docker-configs/docker-compose.yml +++ b/examples/docker-configs/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -53,7 +53,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/drupal/docker-compose.yml b/examples/drupal/docker-compose.yml index 31b97bb66..a741c777a 100644 --- a/examples/drupal/docker-compose.yml +++ b/examples/drupal/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -28,7 +28,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/ghost/docker-compose.yml b/examples/ghost/docker-compose.yml index d91d1c520..c84db11ed 100644 --- a/examples/ghost/docker-compose.yml +++ b/examples/ghost/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -24,7 +24,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/gogs/docker-compose.yml b/examples/gogs/docker-compose.yml index 22648a096..82c6a59ae 100644 --- a/examples/gogs/docker-compose.yml +++ b/examples/gogs/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -28,7 +28,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/hardened/docker-compose.yml b/examples/hardened/docker-compose.yml index f0867c485..59321f074 100644 --- a/examples/hardened/docker-compose.yml +++ b/examples/hardened/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 # dropping all capabilities cap_drop: - ALL @@ -39,7 +39,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/joomla/docker-compose.yml b/examples/joomla/docker-compose.yml index 0ee3af136..3b470cacc 100644 --- a/examples/joomla/docker-compose.yml +++ b/examples/joomla/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -28,7 +28,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/load-balancer/docker-compose.yml b/examples/load-balancer/docker-compose.yml index 451bcdaaf..8a9a32f81 100644 --- a/examples/load-balancer/docker-compose.yml +++ b/examples/load-balancer/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -31,7 +31,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/magento/docker-compose.yml b/examples/magento/docker-compose.yml index 99c06cacf..30a683bbe 100644 --- a/examples/magento/docker-compose.yml +++ b/examples/magento/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -29,7 +29,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/mattermost/docker-compose.yml b/examples/mattermost/docker-compose.yml index 973c009f7..c64ecb748 100644 --- a/examples/mattermost/docker-compose.yml +++ b/examples/mattermost/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -44,7 +44,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/mongo-express/docker-compose.yml b/examples/mongo-express/docker-compose.yml index 3135e35fb..869dbaa03 100644 --- a/examples/mongo-express/docker-compose.yml +++ b/examples/mongo-express/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -27,7 +27,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/moodle/docker-compose.yml b/examples/moodle/docker-compose.yml index 079cf17d6..3193b09a2 100644 --- a/examples/moodle/docker-compose.yml +++ b/examples/moodle/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -25,7 +25,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/nextcloud/docker-compose.yml b/examples/nextcloud/docker-compose.yml index b6d427ec2..e36f8870a 100644 --- a/examples/nextcloud/docker-compose.yml +++ b/examples/nextcloud/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -54,7 +54,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index 104e793f8..93936883f 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -26,7 +26,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/php-cookie-flags/docker-compose.yml b/examples/php-cookie-flags/docker-compose.yml index b622083f0..a9376cead 100644 --- a/examples/php-cookie-flags/docker-compose.yml +++ b/examples/php-cookie-flags/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -31,7 +31,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/php-multisite/docker-compose.yml b/examples/php-multisite/docker-compose.yml index cf44f7797..c909dc9a7 100644 --- a/examples/php-multisite/docker-compose.yml +++ b/examples/php-multisite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -34,7 +34,7 @@ services: - net-app2 bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/php-singlesite/docker-compose.yml b/examples/php-singlesite/docker-compose.yml index fea3dd9d8..ff2c042ab 100644 --- a/examples/php-singlesite/docker-compose.yml +++ b/examples/php-singlesite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -30,7 +30,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/prestashop/docker-compose.yml b/examples/prestashop/docker-compose.yml index f398cf985..4b5b58c19 100644 --- a/examples/prestashop/docker-compose.yml +++ b/examples/prestashop/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -28,7 +28,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/proxy-protocol/docker-compose.yml b/examples/proxy-protocol/docker-compose.yml index ed97f79bd..b3f72d4f2 100644 --- a/examples/proxy-protocol/docker-compose.yml +++ b/examples/proxy-protocol/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 environment: - SERVER_NAME=www.example.com # replace with your domains - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 @@ -27,7 +27,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/radarr/docker-compose.yml b/examples/radarr/docker-compose.yml index 8cb1cc926..8a450dc59 100644 --- a/examples/radarr/docker-compose.yml +++ b/examples/radarr/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.5" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -34,7 +34,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/redmine/docker-compose.yml b/examples/redmine/docker-compose.yml index 4be6d6639..d8e036db7 100644 --- a/examples/redmine/docker-compose.yml +++ b/examples/redmine/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -24,7 +24,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/reverse-proxy-multisite/docker-compose.yml b/examples/reverse-proxy-multisite/docker-compose.yml index cf0be5922..ef299f93a 100644 --- a/examples/reverse-proxy-multisite/docker-compose.yml +++ b/examples/reverse-proxy-multisite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -27,7 +27,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/reverse-proxy-singlesite/docker-compose.yml b/examples/reverse-proxy-singlesite/docker-compose.yml index 4d9d9a3d7..43f5dbd2e 100644 --- a/examples/reverse-proxy-singlesite/docker-compose.yml +++ b/examples/reverse-proxy-singlesite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -32,7 +32,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/reverse-proxy-websocket/docker-compose.yml b/examples/reverse-proxy-websocket/docker-compose.yml index 469d17c19..737620526 100644 --- a/examples/reverse-proxy-websocket/docker-compose.yml +++ b/examples/reverse-proxy-websocket/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -25,7 +25,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/stream-multisite/docker-compose.yml b/examples/stream-multisite/docker-compose.yml index 547e9c971..f7c78adf3 100644 --- a/examples/stream-multisite/docker-compose.yml +++ b/examples/stream-multisite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 # required to resolve let's encrypt challenges - 10000:10000 # app1 without SSL/TLS @@ -33,7 +33,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/syslog/docker-compose.yml b/examples/syslog/docker-compose.yml index 61f4d9e87..44a957de5 100644 --- a/examples/syslog/docker-compose.yml +++ b/examples/syslog/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 logging: driver: syslog options: @@ -28,7 +28,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 logging: driver: syslog options: diff --git a/examples/tomcat/docker-compose.yml b/examples/tomcat/docker-compose.yml index ad205bbe6..ce274f2b3 100644 --- a/examples/tomcat/docker-compose.yml +++ b/examples/tomcat/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -23,7 +23,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/tor-hidden-service/docker-compose.yml b/examples/tor-hidden-service/docker-compose.yml index 54756c9da..150d9ed12 100644 --- a/examples/tor-hidden-service/docker-compose.yml +++ b/examples/tor-hidden-service/docker-compose.yml @@ -12,7 +12,7 @@ services: - bw-universe mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 environment: - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 # disable common security measures based on IP @@ -34,7 +34,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/examples/web-ui/docker-compose.wizard.yml b/examples/web-ui/docker-compose.wizard.yml index 08967dbd7..8aaecbda4 100644 --- a/examples/web-ui/docker-compose.wizard.yml +++ b/examples/web-ui/docker-compose.wizard.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -23,7 +23,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -45,7 +45,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker environment: diff --git a/examples/web-ui/docker-compose.yml b/examples/web-ui/docker-compose.yml index 723757358..a0b9fa91c 100644 --- a/examples/web-ui/docker-compose.yml +++ b/examples/web-ui/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -28,7 +28,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -50,7 +50,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker environment: diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml index bfd3a9c41..7ffaaf132 100644 --- a/examples/wordpress/docker-compose.yml +++ b/examples/wordpress/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -25,7 +25,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - mybunker environment: diff --git a/misc/integrations/autoconf.mariadb.ui.yml b/misc/integrations/autoconf.mariadb.ui.yml index ade095ca3..6fde8c815 100644 --- a/misc/integrations/autoconf.mariadb.ui.yml +++ b/misc/integrations/autoconf.mariadb.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -19,7 +19,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -67,7 +67,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 networks: bw-docker: bw-universe: diff --git a/misc/integrations/autoconf.mariadb.yml b/misc/integrations/autoconf.mariadb.yml index f8de36bf6..0d88ce374 100644 --- a/misc/integrations/autoconf.mariadb.yml +++ b/misc/integrations/autoconf.mariadb.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -19,7 +19,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/autoconf.mysql.ui.yml b/misc/integrations/autoconf.mysql.ui.yml index 3a76846a0..1b2c3e874 100644 --- a/misc/integrations/autoconf.mysql.ui.yml +++ b/misc/integrations/autoconf.mysql.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -19,7 +19,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -67,7 +67,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 networks: bw-docker: bw-universe: diff --git a/misc/integrations/autoconf.mysql.yml b/misc/integrations/autoconf.mysql.yml index 1ebc86c9e..32a048723 100644 --- a/misc/integrations/autoconf.mysql.yml +++ b/misc/integrations/autoconf.mysql.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -19,7 +19,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/autoconf.postgres.ui.yml b/misc/integrations/autoconf.postgres.ui.yml index a81349da0..a805d9342 100644 --- a/misc/integrations/autoconf.postgres.ui.yml +++ b/misc/integrations/autoconf.postgres.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -19,7 +19,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -66,7 +66,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 networks: bw-docker: bw-universe: diff --git a/misc/integrations/autoconf.postgres.yml b/misc/integrations/autoconf.postgres.yml index 4bbb384fa..7fe5bdd49 100644 --- a/misc/integrations/autoconf.postgres.yml +++ b/misc/integrations/autoconf.postgres.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -19,7 +19,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/autoconf.ui.yml b/misc/integrations/autoconf.ui.yml index 0d8621def..e9d40c4d3 100644 --- a/misc/integrations/autoconf.ui.yml +++ b/misc/integrations/autoconf.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -56,7 +56,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 networks: bw-docker: bw-universe: diff --git a/misc/integrations/autoconf.yml b/misc/integrations/autoconf.yml index 8f7821f17..30d84c89f 100644 --- a/misc/integrations/autoconf.yml +++ b/misc/integrations/autoconf.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 depends_on: - bunkerweb - bw-docker @@ -32,7 +32,7 @@ services: - bw-docker bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/docker.mariadb.ui.yml b/misc/integrations/docker.mariadb.ui.yml index 9ad63f501..0fa3bca63 100644 --- a/misc/integrations/docker.mariadb.ui.yml +++ b/misc/integrations/docker.mariadb.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -27,7 +27,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -49,7 +49,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker environment: diff --git a/misc/integrations/docker.mariadb.yml b/misc/integrations/docker.mariadb.yml index ab544b998..a805a2aeb 100644 --- a/misc/integrations/docker.mariadb.yml +++ b/misc/integrations/docker.mariadb.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/docker.mysql.ui.yml b/misc/integrations/docker.mysql.ui.yml index ef535e47e..f50b06e6e 100644 --- a/misc/integrations/docker.mysql.ui.yml +++ b/misc/integrations/docker.mysql.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -27,7 +27,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -49,7 +49,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker environment: diff --git a/misc/integrations/docker.mysql.yml b/misc/integrations/docker.mysql.yml index 68b08ae23..aeb3486ec 100644 --- a/misc/integrations/docker.mysql.yml +++ b/misc/integrations/docker.mysql.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/docker.postgres.ui.yml b/misc/integrations/docker.postgres.ui.yml index aa7c3928c..114dd2b97 100644 --- a/misc/integrations/docker.postgres.ui.yml +++ b/misc/integrations/docker.postgres.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -28,7 +28,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -50,7 +50,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker environment: diff --git a/misc/integrations/docker.postgres.yml b/misc/integrations/docker.postgres.yml index 3bce5323b..6696c3979 100644 --- a/misc/integrations/docker.postgres.yml +++ b/misc/integrations/docker.postgres.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/docker.ui.yml b/misc/integrations/docker.ui.yml index f77ed0a2f..928fb5418 100644 --- a/misc/integrations/docker.ui.yml +++ b/misc/integrations/docker.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -23,7 +23,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker @@ -46,7 +46,7 @@ services: - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 depends_on: - bw-docker volumes: diff --git a/misc/integrations/docker.yml b/misc/integrations/docker.yml index c26c28d43..1d5b2f493 100644 --- a/misc/integrations/docker.yml +++ b/misc/integrations/docker.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - 80:8080 - 443:8443 @@ -16,7 +16,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 depends_on: - bunkerweb - bw-docker diff --git a/misc/integrations/k8s.mariadb.ui.yml b/misc/integrations/k8s.mariadb.ui.yml index 6839514b6..153a7fec6 100644 --- a/misc/integrations/k8s.mariadb.ui.yml +++ b/misc/integrations/k8s.mariadb.ui.yml @@ -48,7 +48,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -118,7 +118,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -145,7 +145,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -230,7 +230,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 imagePullPolicy: Always env: - name: ADMIN_USERNAME diff --git a/misc/integrations/k8s.mariadb.yml b/misc/integrations/k8s.mariadb.yml index 9e0166c9b..24c9532e8 100644 --- a/misc/integrations/k8s.mariadb.yml +++ b/misc/integrations/k8s.mariadb.yml @@ -59,7 +59,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -129,7 +129,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -156,7 +156,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/k8s.mysql.ui.yml b/misc/integrations/k8s.mysql.ui.yml index c841f0bd4..f5700e31b 100644 --- a/misc/integrations/k8s.mysql.ui.yml +++ b/misc/integrations/k8s.mysql.ui.yml @@ -48,7 +48,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -118,7 +118,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -145,7 +145,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -230,7 +230,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 imagePullPolicy: Always env: - name: ADMIN_USERNAME diff --git a/misc/integrations/k8s.mysql.yml b/misc/integrations/k8s.mysql.yml index 5fc9f60a7..43a7b8a6f 100644 --- a/misc/integrations/k8s.mysql.yml +++ b/misc/integrations/k8s.mysql.yml @@ -48,7 +48,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -118,7 +118,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -144,7 +144,7 @@ spec: spec: containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/k8s.postgres.ui.yml b/misc/integrations/k8s.postgres.ui.yml index c1c7201b4..7552d57ba 100644 --- a/misc/integrations/k8s.postgres.ui.yml +++ b/misc/integrations/k8s.postgres.ui.yml @@ -48,7 +48,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -118,7 +118,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -145,7 +145,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -230,7 +230,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 imagePullPolicy: Always env: - name: ADMIN_USERNAME diff --git a/misc/integrations/k8s.postgres.yml b/misc/integrations/k8s.postgres.yml index ca509024c..301248496 100644 --- a/misc/integrations/k8s.postgres.yml +++ b/misc/integrations/k8s.postgres.yml @@ -48,7 +48,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -118,7 +118,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -144,7 +144,7 @@ spec: spec: containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/swarm.mariadb.ui.yml b/misc/integrations/swarm.mariadb.ui.yml index 0b70249e8..9d11441c3 100644 --- a/misc/integrations/swarm.mariadb.ui.yml +++ b/misc/integrations/swarm.mariadb.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -32,7 +32,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -60,7 +60,7 @@ services: - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -87,7 +87,7 @@ services: - bw-universe bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 environment: - DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database - DOCKER_HOST=tcp://bw-docker:2375 diff --git a/misc/integrations/swarm.mariadb.yml b/misc/integrations/swarm.mariadb.yml index 3ac421040..fd7a4ef2c 100644 --- a/misc/integrations/swarm.mariadb.yml +++ b/misc/integrations/swarm.mariadb.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -32,7 +32,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -64,7 +64,7 @@ services: - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 diff --git a/misc/integrations/swarm.mysql.ui.yml b/misc/integrations/swarm.mysql.ui.yml index d963b1f66..31770943b 100644 --- a/misc/integrations/swarm.mysql.ui.yml +++ b/misc/integrations/swarm.mysql.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -32,7 +32,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -60,7 +60,7 @@ services: - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -87,7 +87,7 @@ services: - bw-universe bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 environment: - DATABASE_URI=mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db # Remember to set a stronger password for the database - DOCKER_HOST=tcp://bw-docker:2375 diff --git a/misc/integrations/swarm.mysql.yml b/misc/integrations/swarm.mysql.yml index 0a95c2d25..962cebd37 100644 --- a/misc/integrations/swarm.mysql.yml +++ b/misc/integrations/swarm.mysql.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -32,7 +32,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -60,7 +60,7 @@ services: - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 diff --git a/misc/integrations/swarm.postgres.ui.yml b/misc/integrations/swarm.postgres.ui.yml index 9e5678b93..c859d62ae 100644 --- a/misc/integrations/swarm.postgres.ui.yml +++ b/misc/integrations/swarm.postgres.ui.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -32,7 +32,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -60,7 +60,7 @@ services: - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -86,7 +86,7 @@ services: - bw-universe bw-ui: - image: bunkerity/bunkerweb-ui:1.5.8 + image: bunkerity/bunkerweb-ui:1.5.9 environment: - DATABASE_URI=postgresql://bunkerweb:changeme@bw-db:5432/db - DOCKER_HOST=tcp://bw-docker:2375 diff --git a/misc/integrations/swarm.postgres.yml b/misc/integrations/swarm.postgres.yml index b12d26082..2555d961e 100644 --- a/misc/integrations/swarm.postgres.yml +++ b/misc/integrations/swarm.postgres.yml @@ -2,7 +2,7 @@ version: "3.5" services: bunkerweb: - image: bunkerity/bunkerweb:1.5.8 + image: bunkerity/bunkerweb:1.5.9 ports: - published: 80 target: 8080 @@ -32,7 +32,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.5.8 + image: bunkerity/bunkerweb-autoconf:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 @@ -60,7 +60,7 @@ services: - "node.role == manager" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.5.8 + image: bunkerity/bunkerweb-scheduler:1.5.9 environment: - SWARM_MODE=yes - DOCKER_HOST=tcp://bw-docker:2375 diff --git a/misc/update-version.sh b/misc/update-version.sh index 059802c13..541a7ef4d 100755 --- a/misc/update-version.sh +++ b/misc/update-version.sh @@ -44,7 +44,7 @@ sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" .github/ISSUE_TEMPLATE/bug_report.yml # pyproject sed -i "s@${OLD_VERSION}@${NEW_VERSION}@g" pyproject.toml # Dockerfiles -sed -i "s@LABEL version.*@LABEL version \"$NEW_VERSION\"@g" src/bw/Dockerfile -sed -i "s@LABEL version.*@LABEL version \"$NEW_VERSION\"@g" src/scheduler/Dockerfile -sed -i "s@LABEL version.*@LABEL version \"$NEW_VERSION\"@g" src/ui/Dockerfile -sed -i "s@LABEL version.*@LABEL version \"$NEW_VERSION\"@g" src/autoconf/Dockerfile +sed -i "s@LABEL version.*@LABEL version=\"$NEW_VERSION\"@g" src/bw/Dockerfile +sed -i "s@LABEL version.*@LABEL version=\"$NEW_VERSION\"@g" src/scheduler/Dockerfile +sed -i "s@LABEL version.*@LABEL version=\"$NEW_VERSION\"@g" src/ui/Dockerfile +sed -i "s@LABEL version.*@LABEL version=\"$NEW_VERSION\"@g" src/autoconf/Dockerfile diff --git a/pyproject.toml b/pyproject.toml index 6a2fa300d..34d82e518 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [project] name = "BunkerWeb" description = "Make your web services secure by default !" -version = "1.5.8" +version = "1.5.9" authors = [ { name = "Bunkerity", email = "contact@bunkerity.com" } ] diff --git a/src/VERSION b/src/VERSION index fa5512aec..66e67504f 100644 --- a/src/VERSION +++ b/src/VERSION @@ -1 +1 @@ -1.5.8 \ No newline at end of file +1.5.9 \ No newline at end of file diff --git a/src/autoconf/Dockerfile b/src/autoconf/Dockerfile index af33af5e5..6ee050eea 100644 --- a/src/autoconf/Dockerfile +++ b/src/autoconf/Dockerfile @@ -1,4 +1,4 @@ -FROM python:3.12.4-alpine3.19@sha256:ef3397d09070efd36583e83d2619cf8006158641e5b6b629d4d92a9778f5aa1c as builder +FROM python:3.12.4-alpine3.19@sha256:ef3397d09070efd36583e83d2619cf8006158641e5b6b629d4d92a9778f5aa1c AS builder # Export var for specific actions on linux/arm/v7 ARG TARGETPLATFORM @@ -64,10 +64,10 @@ RUN apk add --no-cache bash && \ RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366 RUN apk add --no-cache "libcrypto3>=3.1.5-r0" "libssl3>=3.1.5-r0" # CVE-2024-4603 -LABEL maintainer "Bunkerity " -LABEL version "1.5.8" -LABEL url "https://www.bunkerweb.io" -LABEL bunkerweb.type "autoconf" +LABEL maintainer="Bunkerity " +LABEL version="1.5.9" +LABEL url="https://www.bunkerweb.io" +LABEL bunkerweb.type="autoconf" VOLUME /data diff --git a/src/bw/Dockerfile b/src/bw/Dockerfile index a010323c2..65be9ce0b 100644 --- a/src/bw/Dockerfile +++ b/src/bw/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.26.1-alpine-slim@sha256:3df0d85b2e46d4195e7436c22694ef65944c48624282292cadfbf58ee0ad34ce AS builder +FROM nginx:1.26.1-alpine-slim@sha256:ce01dacf330fdcbc3c93926291ab027396e7e9680a4180318b06e86525d1aa9f AS builder # Install temporary requirements for the dependencies RUN apk add --no-cache bash autoconf libtool automake geoip-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev gd-dev gnupg brotli-dev openssl-dev patch readline-dev yajl yajl-dev yajl-tools py3-pip @@ -42,7 +42,7 @@ COPY src/common/utils utils COPY src/VERSION VERSION COPY misc/*.ascii misc/ -FROM nginx:1.26.1-alpine-slim@sha256:3df0d85b2e46d4195e7436c22694ef65944c48624282292cadfbf58ee0ad34ce +FROM nginx:1.26.1-alpine-slim@sha256:ce01dacf330fdcbc3c93926291ab027396e7e9680a4180318b06e86525d1aa9f # Set default umask to prevent huge recursive chmod increasing the final image size RUN umask 027 @@ -70,11 +70,11 @@ RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl & # Fix CVEs RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42366 -LABEL maintainer "Bunkerity " -LABEL version "1.5.8" -LABEL url "https://www.bunkerweb.io" -LABEL bunkerweb.type "bunkerweb" -LABEL bunkerweb.INSTANCE "bunkerweb" +LABEL maintainer="Bunkerity " +LABEL version="1.5.9" +LABEL url="https://www.bunkerweb.io" +LABEL bunkerweb.type="bunkerweb" +LABEL bunkerweb.INSTANCE="bunkerweb" EXPOSE 8080/tcp 8443/tcp 8443/udp diff --git a/src/common/confs/default-server-http.conf b/src/common/confs/default-server-http.conf index b15ababeb..4048c3f49 100644 --- a/src/common/confs/default-server-http.conf +++ b/src/common/confs/default-server-http.conf @@ -74,11 +74,16 @@ server { .. nonce_script .. "'; style-src 'nonce-" .. nonce_style - .. "'; base-uri 'none'; img-src 'self' data:; font-src 'self' data:; require-trusted-types-for 'script';" + .. "'; frame-ancestors 'none'; base-uri 'none'; img-src 'self' data:; font-src 'self' data:; require-trusted-types-for 'script';" -- Remove server header ngx.header["Server"] = nil + -- Override HSTS header + if ngx.var.scheme == "https" then + ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" + end + -- Render template render("index.html", { nonce_style = nonce_style, diff --git a/src/common/core/antibot/antibot.lua b/src/common/core/antibot/antibot.lua index 387cf8522..b8e941ae0 100644 --- a/src/common/core/antibot/antibot.lua +++ b/src/common/core/antibot/antibot.lua @@ -70,6 +70,7 @@ function antibot:header() .. self.ctx.bw.antibot_nonce_script .. "'", ["style-src"] = "'self' 'nonce-" .. self.ctx.bw.antibot_nonce_style .. "'", + ["frame-ancestors"] = "'none'", ["require-trusted-types-for"] = "'script'", } if self.session_data.type == "recaptcha" then diff --git a/src/common/core/errors/errors.lua b/src/common/core/errors/errors.lua index 2cca3ee32..d46cf0b48 100644 --- a/src/common/core/errors/errors.lua +++ b/src/common/core/errors/errors.lua @@ -89,16 +89,30 @@ function errors:render_template(code) local nonce_script = rand(16) local nonce_style = rand(16) - -- Override headers - local header = "Content-Security-Policy" - if self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes" then - header = header .. "-Report-Only" - end - ngx.header[header] = "default-src 'none'; form-action 'self'; script-src 'strict-dynamic' 'nonce-" + -- Override CSP header + --luacheck: ignore 631 + ngx.header["Content-Security-Policy"] = "default-src 'none'; script-src http: https: 'unsafe-inline' 'strict-dynamic' 'nonce-" .. nonce_script - .. "' 'unsafe-inline' http: https:; img-src 'self' data:; style-src 'self' 'nonce-" + .. "'; style-src 'nonce-" .. nonce_style - .. "'; font-src 'self' data:; base-uri 'self'; require-trusted-types-for 'script';" + --luacheck: ignore 631 + .. "'; frame-ancestors 'none'; base-uri 'none'; img-src 'self' data:; font-src 'self' data:; require-trusted-types-for 'script';" + + -- Remove server header + ngx.header["Server"] = nil + + -- Override HSTS header + local ssl + + if self.ctx.bw and self.ctx.bw.scheme == "https" then + ssl = true + else + ssl = ngx.var.scheme == "https" + end + + if ssl then + ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" + end -- Render template render("error.html", { diff --git a/src/common/core/misc/confs/default-server-http/page.conf b/src/common/core/misc/confs/default-server-http/page.conf index c98d1b18a..9c2f29d1b 100644 --- a/src/common/core/misc/confs/default-server-http/page.conf +++ b/src/common/core/misc/confs/default-server-http/page.conf @@ -20,13 +20,18 @@ location / { local nonce_style = rand(16) -- Override CSP header - ngx.header["Content-Security-Policy"] = "default-src 'none'; form-action 'self'; img-src 'self' data:; style-src 'self' 'nonce-" + ngx.header["Content-Security-Policy"] = "default-src 'none'; frame-ancestors 'none'; form-action 'self'; img-src 'self' data:; style-src 'self' 'nonce-" .. nonce_style .. "'; font-src 'self' data:; base-uri 'self'; require-trusted-types-for 'script';" -- Remove server header ngx.header["Server"] = nil + -- Override HSTS header + if ngx.var.scheme == "https" then + ngx.header["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload" + end + -- Render template render("default.html", { nonce_style = nonce_style, diff --git a/src/common/core/modsecurity/files/coreruleset-v4/.changes-pending.md b/src/common/core/modsecurity/files/coreruleset-v4/.changes-pending.md deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/common/core/modsecurity/files/coreruleset-v4/.github/create-changelog-prs.py b/src/common/core/modsecurity/files/coreruleset-v4/.github/create-changelog-prs.py deleted file mode 100755 index 761cc3d5d..000000000 --- a/src/common/core/modsecurity/files/coreruleset-v4/.github/create-changelog-prs.py +++ /dev/null @@ -1,356 +0,0 @@ -#! /usr/bin/env python - -import argparse -import subprocess -import json -import datetime -import sys -import os -import re -from inspect import getframeinfo, currentframe - -DEVELOPERS = {} -CHANGELOG_LABEL = "changelog-pr" - - -def get_pr(repository: str, number: int) -> dict: - command = f"""gh pr view \ - --repo "{repository}" \ - "{number}" \ - --json mergeCommit,mergedBy,title,author,headRefName,baseRefName,number,body - """ - with subprocess.Popen( - command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) as proc: - pr_json, errors = proc.communicate() - if proc.returncode != 0: - print_errors(errors) - sys.exit(1) - return json.loads(pr_json) - - -def get_prs( - repository: str, start_date: datetime.date, end_date: datetime.date, dry_run: bool -) -> (list, list): - print(f"Fetching merged PRs from {start_date} through {end_date}") - options = ['--merged-at "{start_date}..{end_date}"'] - all_prs = fetch_prs(repository, options, dry_run) - - print(f"Fetching open changelog PRs from {start_date} through {end_date}") - options = ["--state open"] - all_prs.extend(fetch_prs(repository, options, dry_run)) - prs = [] - changelog_prs = [] - for result in all_prs: - if CHANGELOG_LABEL in [label["name"] for label in result["labels"]]: - changelog_prs.append(get_pr(repository, result["number"])) - else: - prs.append(get_pr(repository, result["number"])) - - return (prs, changelog_prs) - - -def fetch_prs(repository: str, options: list[str], dry_run: bool) -> list[dict]: - command = f"""gh search prs \ - --repo "{repository}" \ - --json number,labels \ - """ - for option in options: - command += " " + option - - if dry_run: - print(command) - return [] - - with subprocess.Popen( - command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) as proc: - prs_json, errors = proc.communicate() - if proc.returncode != 0: - print_errors(errors) - sys.exit(1) - return json.loads(prs_json) - - -def parse_prs(prs: list) -> dict: - pr_map = {} - for pr in prs: - merged_by = pr["mergedBy"]["login"] - if merged_by not in pr_map: - pr_list = [] - pr_map[merged_by] = pr_list - else: - pr_list = pr_map[merged_by] - pr_list.append(pr) - return pr_map - - -def create_prs( - repository: str, - merged_by_prs_map: dict, - changelog_prs: list, - start_date: datetime.date, - end_date: datetime.date, - dry_run: bool, -): - for author in merged_by_prs_map.keys(): - create_pr( - repository, - author, - merged_by_prs_map[author], - changelog_prs, - start_date, - end_date, - dry_run, - ) - - -def create_pr( - repository: str, - merged_by: str, - prs: list, - changelog_prs: list, - start_date: datetime.date, - end_date: datetime.date, - dry_run: bool, -): - if len(prs) == 0: - return - - print(f"Creating changelog PR for @{merged_by}") - - base_branch = prs[0]["baseRefName"] - checkout_base(base_branch, dry_run) - pr_branch_name = create_pr_branch(start_date, end_date, merged_by, dry_run) - pr_body, changelog_lines = generate_content(prs, merged_by) - create_commit(changelog_lines, dry_run) - push_pr_branch(pr_branch_name, dry_run) - - print("\tCreating PR...") - command = f"""gh pr create \ - --repo "{repository}" \ - --assignee "{merged_by}" \ - --base "{base_branch}" \ - --label "{CHANGELOG_LABEL}" \ - --title "chore: changelog updates since {start_date}, merged by @{merged_by}" \ - --body-file - - """ - - if dry_run: - print(command) - return - - with subprocess.Popen( - command, - shell=True, - stdin=subprocess.PIPE, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) as proc: - outs, errors = proc.communicate(input=pr_body.encode()) - if proc.returncode != 0: - print_errors(errors) - sys.exit(1) - print(f"Created PR: {outs.decode()}") - - -def checkout_base(base_ref: str, dry_run: bool): - print("\tChecking out base ref ...") - command = f"git checkout {base_ref}" - - if dry_run: - print(command) - return - - with subprocess.Popen( - command, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) as proc: - outs, errors = proc.communicate() - if proc.returncode != 0: - print_errors(errors) - sys.exit(1) - - -def create_commit(changelog_lines: str, dry_run: bool): - print("\tCreating commit...") - - if dry_run: - print("Changelogs to append:") - print(changelog_lines) - else: - with open(".changes-pending.md", "a", encoding="utf-8") as changelog: - changelog.write(changelog_lines) - - command = "git commit .changes-pending.md -m 'Add pending changelog entries'" - if dry_run: - print(command) - else: - with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc: - _, errors = proc.communicate() - if proc.returncode != 0: - print_errors(errors) - sys.exit(1) - - -def generate_content(prs: list, merged_by: str) -> (str, str): - print("\tGenerating PR content...") - changelog_lines = "" - pr_body = f"This PR was auto-generated to update the changelog with the following entries, merged by @{merged_by}:\n```\n" - pr_links = "" - for pr in prs: - pr_number = pr["number"] - pr_title = pr["title"] - pr_author = get_pr_author_name(pr["author"]["login"]) - new_line = f" * {pr_title} ({pr_author}) [#{pr_number}]\n" - pr_body += new_line - pr_links += f"- #{pr_number}\n" - - changelog_lines += new_line - pr_body += "```\n\n" + pr_links - - return pr_body, changelog_lines - - -def get_pr_author_name(login: str) -> str: - if len(DEVELOPERS) == 0: - parse_contributors() - - return DEVELOPERS[login] if login in DEVELOPERS else f"@{login}" - - -def parse_contributors(): - regex = re.compile(r"^\s*?-\s*?\[([^]]+)\]\s*?\(http.*/([^/]+)\s*?\)") - with open("CONTRIBUTORS.md", "rt", encoding="utf-8") as handle: - line = handle.readline() - while not ("##" in line and "Contributors" in line): - match = regex.match(line) - if match: - DEVELOPERS[match.group(2)] = match.group(1) - line = handle.readline() - - -def create_pr_branch( - start_date: datetime.date, - end_date: datetime.date, - author: str, - dry_run: bool, -) -> str: - print("\tCreating branch...") - branch_name = f"changelog-updates-{start_date}-{end_date}-{author}" - command = f"git checkout -b {branch_name}" - - if dry_run: - print(command) - else: - with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc: - _, errors = proc.communicate() - if proc.returncode != 0: - print_errors(errors) - sys.exit(1) - - return branch_name - - -def push_pr_branch(branch_name: str, dry_run: bool): - print("\tPushing branch...") - command = f"git push -u origin {branch_name}" - - if dry_run: - print(command) - else: - with subprocess.Popen(command, shell=True, stderr=subprocess.PIPE) as proc: - _, errors = proc.communicate() - if proc.returncode != 0: - print_errors(errors) - sys.exit(1) - - -def run(): - # disable pager - os.environ["GH_PAGER"] = "" - # set variables for Git - os.environ["GIT_AUTHOR_NAME"] = "changelog-pr-bot" - os.environ["GIT_AUTHOR_EMAIL"] = "dummy@coreruleset.org" - os.environ["GIT_COMMITTER_NAME"] = "changelog-pr-bot" - os.environ["GIT_COMMITTER_EMAIL"] = "dummy@coreruleset.org" - - args = parse_command_line() - from_date = ( - args.from_date - if args.from_date is not None - else args.to_date - datetime.timedelta(days=7) - ) - run_workflow(args.source, args.target, from_date, args.to_date, args.dry_run) - - -def run_workflow( - source_repository: str, - target_repository: str, - start_date: datetime.date, - end_date: datetime.date, - dry_run: bool, -): - prs, changelog_prs = get_prs(source_repository, start_date, end_date, dry_run) - prs_length = len(prs) - print(f"Found {prs_length} PRs") - if prs_length == 0: - return - - prs = filter_prs(prs, changelog_prs) - - merged_by_prs_map = parse_prs(prs) - create_prs( - target_repository, - merged_by_prs_map, - changelog_prs, - start_date, - end_date, - dry_run, - ) - - -def filter_prs(prs: list, changelog_prs: list) -> list: - filtered_prs = [] - for pr in prs: - found = False - for cpr in changelog_prs: - for line in cpr["body"].splitlines(): - if line.endswith(f"[#{pr['number']}]"): - print( - f"PR {pr['number']} was processed in a previous run. Skipping..." - ) - found = True - break - if found: - break - if not found: - filtered_prs.append(pr) - return filtered_prs - - -def print_errors(errors: str): - print(f"{getframeinfo(currentframe().f_back).lineno}:", errors) - - -def parse_command_line(): - parser = argparse.ArgumentParser() - parser.add_argument("--source", default="coreruleset/coreruleset") - parser.add_argument("--target", default="coreruleset/coreruleset") - # the cron schedule for the workflow uses UTC - parser.add_argument("--from", type=datetime.date.fromisoformat, dest="from_date") - parser.add_argument( - "--to", - type=datetime.date.fromisoformat, - default=datetime.datetime.now(datetime.timezone.utc).date(), - dest="to_date", - ) - parser.add_argument("--dry-run", action="store_true") - - return parser.parse_args() - - -if __name__ == "__main__": - run() diff --git a/src/common/core/modsecurity/files/coreruleset-v4/.github/workflows/update-changelog.yaml b/src/common/core/modsecurity/files/coreruleset-v4/.github/workflows/update-changelog.yaml deleted file mode 100644 index ab1603442..000000000 --- a/src/common/core/modsecurity/files/coreruleset-v4/.github/workflows/update-changelog.yaml +++ /dev/null @@ -1,42 +0,0 @@ -name: Create changelog PRs - -# default token permissions: none -permissions: {} - -on: - workflow_dispatch: - schedule: - - cron: '0 4 * * Sun' # run on Sundays at 4 AM UTC - -jobs: - create-changelog-prs: - permissions: - contents: write - pull-requests: write - runs-on: ubuntu-latest - steps: - - name: "Checkout repo" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2 - - - name: Set up Python 3 - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 - with: - python-version: 3.12 - - - name: Check GH API rate limits - run: | - gh api -i repos/coreruleset/coreruleset/releases/latest | grep -i "x-ratelimit" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: "Run script" - run: ".github/create-changelog-prs.py" - env: - # Required for the use of the gh CLI in the script - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Check GH API rate limits - run: | - gh api -i repos/coreruleset/coreruleset/releases/latest | grep -i "x-ratelimit" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md b/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md index 136a54a9d..3c88ae2e9 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md +++ b/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md @@ -8,6 +8,16 @@ ## Nightly builds New changelog entries are written to `.changes-pending.md`. They will be moved to the main changelog before a release. +## Version 4.4.0 - 2024-06-23 + +### 🆕 New features and detections 🎉 +* fix: ignore checking compressed response body by @azurit in https://github.com/coreruleset/coreruleset/pull/3712 + +### 🧰 Other Changes +* fix(934140): update regex by @fzipi in https://github.com/coreruleset/coreruleset/pull/3731 +* fix: replacing t:UrlDecode with t:UrlDecodeUni (921240 PL1, 932170 PL1, 932171 PL1, 932190 PL3, 932190 PL1, 933211 PL3, 941310 PL1, 941350 PL1) by @azurit in https://github.com/coreruleset/coreruleset/pull/3713 +* feat: skip response rules if data are compressed by @azurit in https://github.com/coreruleset/coreruleset/pull/3742 + ## Version 4.3.0 - 2024-05-24 ### 🆕 New features and detections 🎉 diff --git a/src/common/core/modsecurity/files/coreruleset-v4/crs-setup.conf.example b/src/common/core/modsecurity/files/coreruleset-v4/crs-setup.conf.example index 46b6cefc4..5818dbc39 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/crs-setup.conf.example +++ b/src/common/core/modsecurity/files/coreruleset-v4/crs-setup.conf.example @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -181,7 +181,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.blocking_paranoia_level=1" @@ -209,7 +209,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.detection_paranoia_level=1" @@ -235,7 +235,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.enforce_bodyproc_urlencoded=1" @@ -270,7 +270,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.critical_anomaly_score=5,\ # setvar:tx.error_anomaly_score=4,\ # setvar:tx.warning_anomaly_score=3,\ @@ -324,7 +324,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.inbound_anomaly_score_threshold=5,\ # setvar:tx.outbound_anomaly_score_threshold=4" @@ -385,7 +385,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.reporting_level=4" @@ -417,7 +417,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.early_blocking=1" @@ -438,7 +438,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.enable_default_collections=1" @@ -466,7 +466,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" # Content-Types that a client is allowed to send in a request. @@ -496,7 +496,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # nolog,\ # tag:'OWASP_CRS',\ # ctl:ruleRemoveById=920420,\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # chain" # SecRule REQUEST_URI "@rx ^/foo/bar" \ # "t:none" @@ -510,7 +510,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" # Allowed HTTP versions. @@ -526,7 +526,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'" # Forbidden file extensions. @@ -550,7 +550,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'" # Restricted request headers. @@ -595,7 +595,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'" # # [ Extended ] @@ -621,7 +621,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:'tx.restricted_headers_extended=/accept-charset/'" # Content-Types charsets that a client is allowed to send in a request. @@ -635,7 +635,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'" # @@ -661,7 +661,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.max_num_args=255" # Block request if the length of any argument name is too high @@ -675,7 +675,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.arg_name_length=100" # Block request if the length of any argument value is too high @@ -689,7 +689,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.arg_length=400" # Block request if the total length of all combined arguments is too high @@ -703,7 +703,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.total_arg_length=64000" # Block request if the file size of any individual uploaded file is too high @@ -717,7 +717,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.max_file_size=1048576" # Block request if the total size of all combined uploaded files is too high @@ -731,7 +731,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.combined_file_sizes=1048576" @@ -771,7 +771,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # pass,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.sampling_percentage=100" @@ -792,7 +792,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.3.0',\ +# ver:'OWASP_CRS/4.4.0',\ # setvar:tx.crs_validate_utf8_encoding=1" @@ -814,5 +814,5 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ - setvar:tx.crs_setup_version=430" + ver:'OWASP_CRS/4.4.0',\ + setvar:tx.crs_setup_version=440" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/934140.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/934140.ra index ec33ac562..53505e01a 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/934140.ra +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/934140.ra @@ -1,4 +1,15 @@ ##! Please refer to the documentation at ##! https://coreruleset.org/docs/development/regex_assembly/. -\@\{.*\} +##! The text describes a performance issue with a simple regular expression "@{.*}" used for searching. The problem arises because the ".*" part matches any character zero or more times, which can lead to inefficient searching in some engines. + +##! We want to reduce the possibility of impacting performance by removing the strings we can match before the one we are looking, "@{" +##! This regex avoids the double backtracking problem and ensures it finds the first "@{" efficiently. + +##! The prefix here to prevent backtracking is: +##! - something that is not an '@' +##! - or something that is an '@', but is not followed by '{' + +##!^ ^(?:[^@]|@[^{])* + +@+{.*} diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example index 058386bc1..69366e658 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf index 8f9a55de3..c90bef4d9 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -26,7 +26,7 @@ # # Ref: https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#seccomponentsignature # -SecComponentSignature "OWASP_CRS/4.3.0" +SecComponentSignature "OWASP_CRS/4.4.0" # # -=[ Default setup values ]=- @@ -60,7 +60,7 @@ SecRule &TX:crs_setup_version "@eq 0" \ auditlog,\ msg:'ModSecurity CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL'" @@ -79,7 +79,7 @@ SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.inbound_anomaly_score_threshold=5'" # Default Outbound Anomaly Threshold Level (rule 900110 in crs-setup.conf) @@ -89,7 +89,7 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.outbound_anomaly_score_threshold=4'" # Default Reporting Level (rule 900115 in crs-setup.conf) @@ -99,7 +99,7 @@ SecRule &TX:reporting_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.reporting_level=4'" # Default Early Blocking (rule 900120 in crs-setup.conf) @@ -109,7 +109,7 @@ SecRule &TX:early_blocking "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.early_blocking=0'" # Default Blocking Paranoia Level (rule 900000 in crs-setup.conf) @@ -119,7 +119,7 @@ SecRule &TX:blocking_paranoia_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_paranoia_level=1'" # Default Detection Paranoia Level (rule 900001 in crs-setup.conf) @@ -129,7 +129,7 @@ SecRule &TX:detection_paranoia_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_paranoia_level=%{TX.blocking_paranoia_level}'" # Default Sampling Percentage (rule 900400 in crs-setup.conf) @@ -139,7 +139,7 @@ SecRule &TX:sampling_percentage "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.sampling_percentage=100'" # Default Anomaly Scores (rule 900100 in crs-setup.conf) @@ -149,7 +149,7 @@ SecRule &TX:critical_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.critical_anomaly_score=5'" SecRule &TX:error_anomaly_score "@eq 0" \ @@ -158,7 +158,7 @@ SecRule &TX:error_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.error_anomaly_score=4'" SecRule &TX:warning_anomaly_score "@eq 0" \ @@ -167,7 +167,7 @@ SecRule &TX:warning_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.warning_anomaly_score=3'" SecRule &TX:notice_anomaly_score "@eq 0" \ @@ -176,7 +176,7 @@ SecRule &TX:notice_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.notice_anomaly_score=2'" # Default HTTP policy: allowed_methods (rule 900200 in crs-setup.conf) @@ -186,7 +186,7 @@ SecRule &TX:allowed_methods "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" # Default HTTP policy: allowed_request_content_type (rule 900220 in crs-setup.conf) @@ -196,7 +196,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" # Default HTTP policy: allowed_request_content_type_charset (rule 900280 in crs-setup.conf) @@ -206,7 +206,7 @@ SecRule &TX:allowed_request_content_type_charset "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'" # Default HTTP policy: allowed_http_versions (rule 900230 in crs-setup.conf) @@ -216,7 +216,7 @@ SecRule &TX:allowed_http_versions "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'" # Default HTTP policy: restricted_extensions (rule 900240 in crs-setup.conf) @@ -226,7 +226,7 @@ SecRule &TX:restricted_extensions "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'" # Default HTTP policy: restricted_headers_basic (rule 900250 in crs-setup.conf) @@ -236,7 +236,7 @@ SecRule &TX:restricted_headers_basic "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'" # Default HTTP policy: restricted_headers_extended (rule 900255 in crs-setup.conf) @@ -246,7 +246,7 @@ SecRule &TX:restricted_headers_extended "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.restricted_headers_extended=/accept-charset/'" # Default enforcing of body processor URLENCODED (rule 900010 in crs-setup.conf) @@ -256,7 +256,7 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.enforce_bodyproc_urlencoded=0'" # Default check for UTF8 encoding validation (rule 900950 in crs-setup.conf) @@ -266,7 +266,7 @@ SecRule &TX:crs_validate_utf8_encoding "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.crs_validate_utf8_encoding=0'" # @@ -284,7 +284,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=0',\ setvar:'tx.detection_inbound_anomaly_score=0',\ setvar:'tx.inbound_anomaly_score_pl1=0',\ @@ -318,7 +318,7 @@ SecAction \ # Disable collection initialization by default (see rule 900130 in crs-setup.conf) # The creation of the IP and the GLOBAL collection is not being tested as -# of this writing due to limits in ftw and our testing setup. +# of this writing due to limits in ftw and our testing setup. # Proper testing would involve the checking of a variable in the said collections. SecRule TX:ENABLE_DEFAULT_COLLECTIONS "@eq 1" \ "id:901320,\ @@ -326,7 +326,7 @@ SecRule TX:ENABLE_DEFAULT_COLLECTIONS "@eq 1" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.ua_hash=%{REQUEST_HEADERS.User-Agent}',\ chain" SecRule TX:ua_hash "@unconditionalMatch" \ @@ -350,7 +350,7 @@ SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ msg:'Enabling body inspection',\ tag:'OWASP_CRS',\ ctl:forceRequestBodyVariable=On,\ - ver:'OWASP_CRS/4.3.0'" + ver:'OWASP_CRS/4.4.0'" # Force body processor URLENCODED SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \ @@ -362,7 +362,7 @@ SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \ noauditlog,\ msg:'Enabling forced body inspection for ASCII content',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ chain" SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ "ctl:requestBodyProcessor=URLENCODED" @@ -402,7 +402,7 @@ SecRule TX:sampling_percentage "@eq 100" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ skipAfter:END-SAMPLING" SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \ @@ -413,7 +413,7 @@ SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \ t:sha1,t:hexEncode,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'" # @@ -438,7 +438,7 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \ msg:'Sampling: Disable the rule engine based on sampling_percentage %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\ tag:'OWASP_CRS',\ ctl:ruleRemoveByTag=OWASP_CRS,\ - ver:'OWASP_CRS/4.3.0'" + ver:'OWASP_CRS/4.4.0'" SecMarker "END-SAMPLING" @@ -457,4 +457,4 @@ SecRule TX:detection_paranoia_level "@lt %{tx.blocking_paranoia_level}" \ log,\ msg:'Detection paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0'" + ver:'OWASP_CRS/4.4.0'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf index 7cc3b93f6..456261bfc 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -25,7 +25,7 @@ SecRule REQUEST_LINE "@streq GET /" \ tag:'platform-apache',\ tag:'attack-generic',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ chain" SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ "t:none,\ @@ -46,7 +46,7 @@ SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ tag:'platform-apache',\ tag:'attack-generic',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ chain" SecRule REQUEST_HEADERS:User-Agent "@endsWith (internal dummy connection)" \ "t:none,\ diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf index d3d62a9ab..c4e582e96 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -39,31 +39,31 @@ SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/274',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf index 26df0b749..6f0ee4f71 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -51,29 +51,29 @@ SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/224/541/310',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf index f63ab2d1e..ebf444c49 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -23,8 +23,8 @@ # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -64,7 +64,7 @@ SecRule REQUEST_LINE "!@rx (?i)^(?:get /[^#\?]*(?:\?[^\s\x0b#]*)?(?:#[^\s\x0b]*) tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" @@ -119,7 +119,7 @@ SecRule FILES|FILES_NAMES "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[a tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -148,7 +148,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^\d+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -182,7 +182,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Content-Length "!@rx ^0?$" \ @@ -207,7 +207,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \ @@ -247,7 +247,7 @@ SecRule REQUEST_PROTOCOL "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule REQUEST_METHOD "@streq POST" \ @@ -277,7 +277,7 @@ SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule &REQUEST_HEADERS:Content-Length "!@eq 0" \ @@ -315,7 +315,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx (\d+)-(\d+)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule TX:2 "@lt %{tx.1}" \ @@ -347,7 +347,7 @@ SecRule REQUEST_HEADERS:Connection "@rx \b(?:keep-alive|close),\s?(?:keep-alive| tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" @@ -388,7 +388,7 @@ SecRule REQUEST_URI_RAW "@rx \x25" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_URI_RAW "@rx ^(.*)/(?:[^\?]+)?(\?.*)?$" \ @@ -422,7 +422,7 @@ SecRule REQUEST_BASENAME "!@rx ^.*%.*\.[^\s\x0b\.]+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule TX:0 "@validateUrlEncoding" \ @@ -453,7 +453,7 @@ SecRule TX:CRS_VALIDATE_UTF8_ENCODING "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "@validateUtf8Encoding" \ @@ -497,7 +497,7 @@ SecRule REQUEST_URI|REQUEST_BODY "@rx (?i)%uff[0-9a-f]{2}" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" @@ -553,7 +553,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 1-255" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -585,7 +585,7 @@ SecRule &REQUEST_HEADERS:Host "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',\ skipAfter:END-HOST-CHECK" @@ -604,7 +604,7 @@ SecRule REQUEST_HEADERS:Host "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -644,7 +644,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \ @@ -669,7 +669,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \ @@ -702,7 +702,7 @@ SecRule REQUEST_HEADERS:User-Agent "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'NOTICE',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.notice_anomaly_score}'" @@ -739,7 +739,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'NOTICE',\ chain" SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \ @@ -784,7 +784,7 @@ SecRule REQUEST_HEADERS:Host "@rx (?:^([\d.]+|\[[\da-f:]+\]|[\da-f:]+)(:[\d]+)?$ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" @@ -816,7 +816,7 @@ SecRule &TX:MAX_NUM_ARGS "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule &ARGS "@gt %{tx.max_num_args}" \ @@ -841,7 +841,7 @@ SecRule &TX:ARG_NAME_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule ARGS_NAMES "@gt %{tx.arg_name_length}" \ @@ -868,7 +868,7 @@ SecRule &TX:ARG_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule ARGS "@gt %{tx.arg_length}" \ @@ -892,7 +892,7 @@ SecRule &TX:TOTAL_ARG_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}" \ @@ -917,7 +917,7 @@ SecRule &TX:MAX_FILE_SIZE "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)multipart/form-data" \ @@ -943,7 +943,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}" \ @@ -983,7 +983,7 @@ SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+*-]+(?:\s?;\s?(?:action|bounda tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -1006,7 +1006,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.content_type=|%{tx.0}|',\ chain" @@ -1034,7 +1034,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*[\"']?([^;\"'\s]+)" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.content_type_charset=|%{tx.1}|',\ chain" @@ -1061,7 +1061,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset.*?charset" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -1083,7 +1083,7 @@ SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -1106,7 +1106,7 @@ SecRule REQUEST_BASENAME "@rx \.([^.]+)$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.extension=.%{tx.1}/',\ chain" @@ -1133,7 +1133,7 @@ SecRule REQUEST_FILENAME "@rx \.[^.~]+~(?:/.*|)$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -1187,7 +1187,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.header_name_920450_%{tx.0}=/%{tx.0}/',\ chain" @@ -1221,7 +1221,7 @@ SecRule REQUEST_HEADERS:Accept-Encoding "@gt 100" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -1253,7 +1253,7 @@ SecRule REQUEST_HEADERS:Accept "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\* tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -1276,7 +1276,7 @@ SecRule REQBODY_PROCESSOR "!@streq JSON" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?i)\x5cu[0-9a-f]{4}" \ @@ -1300,7 +1300,7 @@ SecRule REQUEST_URI_RAW "@contains #" \ tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -1332,13 +1332,13 @@ SecRule &REQUEST_HEADERS:Content-Type "@gt 1" \ tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -1377,7 +1377,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule REQUEST_BASENAME "!@endsWith .pdf" \ @@ -1401,7 +1401,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){63}" \ @@ -1422,7 +1422,7 @@ SecRule ARGS "@rx %[0-9a-fA-F]{2}" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/120',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}'" @@ -1444,7 +1444,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 9,10,13, tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1471,7 +1471,7 @@ SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'NOTICE',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.notice_anomaly_score}'" @@ -1493,7 +1493,7 @@ SecRule FILES_NAMES|FILES "@rx ['\";=]" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1518,7 +1518,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \ @@ -1545,7 +1545,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.header_name_920451_%{tx.0}=/%{tx.0}/',\ chain" @@ -1572,7 +1572,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)application/x-www-form-urlencoded tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule REQUEST_BODY "@rx \x25" \ @@ -1580,8 +1580,8 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)application/x-www-form-urlencoded SecRule REQUEST_BODY "@validateUrlEncoding" \ "setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -1606,7 +1606,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteR tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1640,7 +1640,7 @@ SecRule &REQUEST_HEADERS:Accept "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^(?:OPTIONS|CONNECT)$" \ @@ -1673,7 +1673,7 @@ SecRule &REQUEST_HEADERS:x-up-devcap-post-charset "@ge 1" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:User-Agent "@rx ^(?i)up" \ @@ -1726,7 +1726,7 @@ SecRule &REQUEST_HEADERS:Cache-Control "@gt 0" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Cache-Control "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:\s*\,\s*|$)){1,7}$" \ @@ -1757,12 +1757,12 @@ SecRule REQUEST_HEADERS:Accept-Encoding "!@rx br|compress|deflate|(?:pack200-)?g tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -1785,7 +1785,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \ tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ chain" SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){6}" \ @@ -1812,7 +1812,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteRange 38,44-46,48-58,61,65-90 tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" @@ -1833,7 +1833,7 @@ SecRule REQUEST_HEADERS|!REQUEST_HEADERS:User-Agent|!REQUEST_HEADERS:Referer|!RE tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" @@ -1859,7 +1859,7 @@ SecRule REQUEST_HEADERS:Sec-Fetch-User|REQUEST_HEADERS:Sec-CH-UA-Mobile "!@rx ^( tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" @@ -1903,7 +1903,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?:^|[^\x5c])\x5c[cdegh tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/153/267',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf index d16474e5b..83f42d1dc 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -46,7 +46,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_BODY|XML:/* "@rx (?:get|post|head|options|connec tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -78,7 +78,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -99,7 +99,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -133,7 +133,7 @@ SecRule REQUEST_HEADERS_NAMES|REQUEST_HEADERS "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/273',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -161,7 +161,7 @@ SecRule ARGS_NAMES "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -182,7 +182,7 @@ SecRule ARGS_GET_NAMES|ARGS_GET "@rx [\n\r]+(?:\s|location|refresh|(?:set-)?cook tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -208,7 +208,7 @@ SecRule REQUEST_FILENAME "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -241,7 +241,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/136',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -274,7 +274,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?(?:applicati tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -290,7 +290,7 @@ SecRule REQUEST_URI "@rx unix:[^|]*\|" \ phase:1,\ block,\ capture,\ - t:none,t:urlDecode,t:lowercase,\ + t:none,t:urlDecodeUni,t:lowercase,\ msg:'mod_proxy attack attempt detected',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -300,13 +300,13 @@ SecRule REQUEST_URI "@rx unix:[^|]*\|" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -333,7 +333,7 @@ SecRule ARGS_GET "@rx [\n\r]" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -369,13 +369,13 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?\b(?:((?:tex tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -405,7 +405,7 @@ SecRule &REQUEST_HEADERS:Range "@gt 0" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -439,7 +439,7 @@ SecRule ARGS_NAMES "@rx ." \ tag:'attack-protocol',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'TX.paramcounter_%{MATCHED_VAR_NAME}=+1'" SecRule TX:/paramcounter_.*/ "@gt 1" \ @@ -455,7 +455,7 @@ SecRule TX:/paramcounter_.*/ "@gt 1" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS_NAMES "@rx TX:paramcounter_(.*)" \ @@ -500,15 +500,15 @@ SecRule ARGS_NAMES "@rx (][^\]]+$|][^\]]+\[)" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -548,7 +548,7 @@ SecRule ARGS_NAMES "@rx \[" \ tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf index 62298d661..89b063025 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -38,7 +38,7 @@ SecRule &MULTIPART_PART_HEADERS:_charset_ "!@eq 0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.922100_charset=|%{ARGS._charset_}|',\ chain" @@ -69,7 +69,7 @@ SecRule MULTIPART_PART_HEADERS "@rx ^content-type\s*:\s*(.*)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/272/220',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule TX:1 "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*(?:[\s\x0b]*,[\s\x0b]*(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*)*$" \ @@ -92,6 +92,6 @@ SecRule MULTIPART_PART_HEADERS "@rx content-transfer-encoding:(.*)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/272/220',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf index c8cf35247..68f8360e2 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -47,7 +47,7 @@ SecRule REQUEST_URI_RAW|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML: tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}'" @@ -79,7 +79,7 @@ SecRule REQUEST_URI|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML:/* " tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ @@ -110,7 +110,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -137,15 +137,15 @@ SecRule REQUEST_FILENAME "@pmFromFile restricted-files.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -175,22 +175,22 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@pmFromFile lfi-os-f tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf index a4693843a..a12a62379 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -17,8 +17,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -49,7 +49,7 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?)://(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3 tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -69,7 +69,7 @@ SecRule QUERY_STRING|REQUEST_BODY "@rx (?i)(?:\binclude\s*\([^)]*|mosConfig_abso tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -89,15 +89,15 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?).*?\?+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -128,7 +128,7 @@ SecRule ARGS "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|it tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\ chain" @@ -158,7 +158,7 @@ SecRule REQUEST_FILENAME "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\ chain" @@ -167,16 +167,16 @@ SecRule REQUEST_FILENAME "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf index bfeb6dd72..fc9416560 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -134,7 +134,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -194,7 +194,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -227,7 +227,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -261,7 +261,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -304,7 +304,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -351,7 +351,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -432,7 +432,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -491,7 +491,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.932260_matched_var_name=%{matched_var_name}',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -528,7 +528,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -569,7 +569,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -589,7 +589,7 @@ SecRule REQUEST_HEADERS|REQUEST_LINE "@rx ^\(\s*\)\s+{" \ phase:1,\ block,\ capture,\ - t:none,t:urlDecode,\ + t:none,t:urlDecodeUni,\ msg:'Remote Command Execution: Shellshock (CVE-2014-6271)',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -600,7 +600,7 @@ SecRule REQUEST_HEADERS|REQUEST_LINE "@rx ^\(\s*\)\s+{" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -610,7 +610,7 @@ SecRule ARGS_NAMES|ARGS|FILES_NAMES "@rx ^\(\s*\)\s+{" \ phase:2,\ block,\ capture,\ - t:none,t:urlDecode,t:urlDecodeUni,\ + t:none,t:urlDecodeUni,\ msg:'Remote Command Execution: Shellshock (CVE-2014-6271)',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -621,7 +621,7 @@ SecRule ARGS_NAMES|ARGS|FILES_NAMES "@rx ^\(\s*\)\s+{" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -663,7 +663,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -697,7 +697,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -791,7 +791,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -828,14 +828,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -894,7 +894,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -927,7 +927,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx \$(?:\((?:.*|\(. tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -976,7 +976,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.932200_matched_var_name=%{matched_var_name}',\ chain" @@ -1018,7 +1018,7 @@ SecRule REQUEST_HEADERS:Referer "@rx ^[^#]+" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.932205_matched_var_name=%{matched_var_name}',\ chain" @@ -1061,7 +1061,7 @@ SecRule REQUEST_HEADERS:Referer "@rx ^[^\.]*?(?:['\*\?\x5c`][^\n/]+/|/[^/]+?['\* tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.932206_matched_var_name=%{matched_var_name}',\ chain" @@ -1094,7 +1094,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1157,7 +1157,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|XML: tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.932240_matched_var_name=%{matched_var_name}',\ chain" @@ -1199,7 +1199,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1240,7 +1240,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1272,7 +1272,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1306,7 +1306,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1368,7 +1368,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1430,7 +1430,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)(?:^|b[\"'\) tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1465,14 +1465,14 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@pmFromFile unix-she tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -1531,7 +1531,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1588,7 +1588,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)\b(?:7z[arx] tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1645,7 +1645,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1670,7 +1670,7 @@ SecRule ARGS "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)" \ phase:2,\ block,\ capture,\ - t:none,t:urlDecode,t:urlDecodeUni,t:normalizePath,t:cmdLine,\ + t:none,t:urlDecodeUni,t:normalizePath,t:cmdLine,\ msg:'Remote Command Execution: Wildcard bypass technique attempt',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -1681,7 +1681,7 @@ SecRule ARGS "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1715,7 +1715,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1748,7 +1748,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1781,7 +1781,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1814,14 +1814,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf index 89d605630..0b3c4648e 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -59,7 +59,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -100,7 +100,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -124,7 +124,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.933120_matched_var=%{MATCHED_VAR}',\ setvar:'tx.933120_matched_var_name=%{MATCHED_VAR_NAME}',\ @@ -155,7 +155,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -191,7 +191,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -227,7 +227,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -294,7 +294,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -346,7 +346,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -401,7 +401,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -456,7 +456,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -493,7 +493,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F phase:2,\ block,\ capture,\ - t:none,t:urlDecode,t:replaceComments,t:removeWhitespace,\ + t:none,t:urlDecodeUni,t:replaceComments,t:removeWhitespace,\ msg:'PHP Injection Attack: Variable Function Call Found',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -503,13 +503,13 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -546,7 +546,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.933151_matched_var=%{MATCHED_VAR}',\ setvar:'tx.933151_matched_var_name=%{MATCHED_VAR_NAME}',\ @@ -561,8 +561,8 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -604,7 +604,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -648,7 +648,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -690,7 +690,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -719,7 +719,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -744,7 +744,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F phase:2,\ block,\ capture,\ - t:none,t:urlDecode,t:replaceComments,t:removeWhitespace,\ + t:none,t:urlDecodeUni,t:replaceComments,t:removeWhitespace,\ msg:'PHP Injection Attack: Variable Function Call Found',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -754,14 +754,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf index 23e4953e7..d999ebe5e 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -65,7 +65,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -100,7 +100,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/664',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -135,7 +135,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1/180/77',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -167,7 +167,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -198,7 +198,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -228,13 +228,13 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -256,7 +256,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -308,7 +308,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/664',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -324,7 +324,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F # (consult https://coreruleset.org/docs/development/regex_assembly/ for details): # crs-toolchain regex update 934140 # -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx @\{.*\}" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx ^(?:[^@]|@[^\{])*@+\{.*\}" \ "id:934140,\ phase:2,\ block,\ @@ -340,20 +340,20 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf index 81e277b07..3a382762c 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -62,7 +62,7 @@ SecRule REQUEST_FILENAME "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-12 nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetByTag=xss-perf-disable;REQUEST_FILENAME,\ - ver:'OWASP_CRS/4.3.0'" + ver:'OWASP_CRS/4.4.0'" # @@ -94,7 +94,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -121,7 +121,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -151,7 +151,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -180,7 +180,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -213,7 +213,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -238,7 +238,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -265,7 +265,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -292,7 +292,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -314,7 +314,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -336,7 +336,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -358,7 +358,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -380,7 +380,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -402,7 +402,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -424,7 +424,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -446,7 +446,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -468,7 +468,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -490,7 +490,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -512,7 +512,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -534,7 +534,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -583,7 +583,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME phase:2,\ block,\ capture,\ - t:none,t:lowercase,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\ + t:none,t:lowercase,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,\ msg:'US-ASCII Malformed Encoding XSS Filter - Attack Detected',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -594,7 +594,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "@rx (?:\xbc\s*/\s*[^\xbe>]*[\xbe>])|(?:<\s*/\s*[^\xbe]*\xbe)" \ @@ -612,7 +612,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME phase:2,\ block,\ capture,\ - t:none,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\ + t:none,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,\ msg:'UTF-7 Encoding IE XSS - Attack Detected',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ @@ -623,7 +623,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -665,7 +665,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -693,7 +693,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|REQU tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -725,7 +725,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -755,14 +755,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -786,7 +786,7 @@ SecRule REQUEST_FILENAME|REQUEST_HEADERS:Referer "@detectXSS" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -820,7 +820,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -846,7 +846,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -874,7 +874,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -962,7 +962,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -984,7 +984,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1009,7 +1009,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1042,23 +1042,23 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf index f9cb0f937..e0d18c976 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -59,7 +59,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ @@ -90,7 +90,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -123,7 +123,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -166,7 +166,7 @@ SecRule REQUEST_BASENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -192,7 +192,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -218,7 +218,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -242,7 +242,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -268,7 +268,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -294,7 +294,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -315,7 +315,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -336,7 +336,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -362,7 +362,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -388,7 +388,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -417,7 +417,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -443,7 +443,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -482,7 +482,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -523,7 +523,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ @@ -560,7 +560,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -589,7 +589,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -618,14 +618,14 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -658,7 +658,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx (?i)!=|&&|\|\||>[=>]|<(?:<| tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -699,7 +699,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.942130_matched_var_name=%{matched_var_name}',\ chain" @@ -735,7 +735,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.942131_matched_var_name=%{matched_var_name}',\ @@ -772,7 +772,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -815,7 +815,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -844,7 +844,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -873,7 +873,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -899,7 +899,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -925,7 +925,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -951,7 +951,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -985,7 +985,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1014,7 +1014,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1039,7 +1039,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1069,7 +1069,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1101,7 +1101,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1127,7 +1127,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1153,7 +1153,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1179,7 +1179,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1210,7 +1210,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1239,7 +1239,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1268,7 +1268,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1309,7 +1309,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1327,7 +1327,7 @@ SecRule ARGS_GET:fbclid "@rx [a-zA-Z0-9_-]{61,61}" \ nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetById=942440;ARGS:fbclid,\ - ver:'OWASP_CRS/4.3.0'" + ver:'OWASP_CRS/4.4.0'" # # -=[ Exclusion rule for 942440 ]=- @@ -1342,7 +1342,7 @@ SecRule ARGS_GET:gclid "@rx [a-zA-Z0-9_-]{91,91}" \ nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetById=942440;ARGS:gclid,\ - ver:'OWASP_CRS/4.3.0'" + ver:'OWASP_CRS/4.4.0'" # # -=[ Detect SQL Comment Sequences ]=- @@ -1396,7 +1396,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "!@rx ^ey[\-0-9A-Z_a-z]+\.ey[\-0-9A-Z_a-z]+\.[\-0-9A-Z_a-z]+$" \ @@ -1427,7 +1427,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1474,7 +1474,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1501,7 +1501,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1534,7 +1534,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.942521_matched_var_name=%{matched_var_name}',\ chain" @@ -1562,7 +1562,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ^.*?\x5c['\"`](?:.*?['\"`])?\s*(?:and|or)\b" tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1600,7 +1600,7 @@ SecRule REQUEST_BASENAME|REQUEST_FILENAME "@detectSQLi" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1632,7 +1632,7 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)\b(?:a(?:dd( tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1662,15 +1662,15 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)create[\s\x0 tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -1702,7 +1702,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1726,7 +1726,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1766,7 +1766,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1795,7 +1795,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1825,7 +1825,7 @@ SecRule ARGS "@rx \W{4}" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}'" @@ -1873,7 +1873,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1902,14 +1902,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -1936,7 +1936,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1965,7 +1965,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf index 2b273f6d8..ada1b12da 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -43,7 +43,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.session_fixation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -64,7 +64,7 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.943110_matched_var_name=%{matched_var_name}',\ chain" @@ -91,7 +91,7 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.943120_matched_var_name=%{matched_var_name}',\ chain" @@ -102,24 +102,24 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf index b75755f6a..92f0e93ab 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -13,8 +13,8 @@ # # Many rules check request bodies, use "SecRequestBodyAccess On" to enable it on main modsecurity configuration file. -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -46,7 +46,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -79,7 +79,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* "@rx (?:unmarshaller|base64data|java\.)" \ @@ -104,7 +104,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "@rx (?:runtime|processbuilder)" \ @@ -136,7 +136,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -174,7 +174,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -222,14 +222,14 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -260,7 +260,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -292,7 +292,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -313,7 +313,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -334,7 +334,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -358,7 +358,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -383,14 +383,14 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -417,14 +417,14 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -453,7 +453,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf index 73b4e6928..e5a4f68a5 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -24,7 +24,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ @@ -34,7 +34,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ @@ -44,7 +44,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ @@ -54,7 +54,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ @@ -64,7 +64,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ @@ -74,7 +74,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ @@ -84,7 +84,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ @@ -94,7 +94,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" # at start of phase 2, we reset the aggregate scores to 0 to prevent duplicate counting of per-PL scores @@ -106,7 +106,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=0'" SecAction \ @@ -116,7 +116,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=0'" # Summing up the blocking and detection anomaly scores in phase 2 @@ -128,7 +128,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ @@ -138,7 +138,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ @@ -148,7 +148,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ @@ -158,7 +158,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ @@ -168,7 +168,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ @@ -178,7 +178,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ @@ -188,7 +188,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ @@ -198,7 +198,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" @@ -217,7 +217,7 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh msg:'Inbound Anomaly Score Exceeded in phase 1 (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\ tag:'anomaly-evaluation',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ chain" SecRule TX:EARLY_BLOCKING "@eq 1" @@ -230,34 +230,34 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\ tag:'anomaly-evaluation',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.3.0'" + ver:'OWASP_CRS/4.4.0'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf index 052aa1d01..88f73b000 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -21,10 +21,18 @@ # -= Paranoia Level 0 (empty) =- (apply unconditionally) # +# Skip all rules if RESPONSE_BODY is compressed. +SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ + "id:950010,\ + phase:4,\ + pass,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.4.0',\ + skipAfter:END-RESPONSE-950-DATA-LEAKAGES" - -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -48,7 +56,7 @@ SecRule RESPONSE_BODY "@rx (?:<(?:TITLE>Index of.*?Index of.*?Inde tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54/127',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" @@ -80,13 +88,13 @@ SecRule RESPONSE_BODY "@rx ^#\!\s?/" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -110,22 +118,22 @@ SecRule RESPONSE_STATUS "@rx ^5\d{2}$" \ tag:'OWASP_CRS',\ tag:'capec/1000/152',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf index b743b521a..c18ba8e4f 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -12,10 +12,18 @@ # -= Paranoia Level 0 (empty) =- (apply unconditionally) # +# Skip all rules if RESPONSE_BODY is compressed. +SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ + "id:951010,\ + phase:4,\ + pass,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.4.0',\ + skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" - -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -38,7 +46,7 @@ SecRule RESPONSE_BODY "!@pmFromFile sql-errors.data" \ tag:'attack-disclosure',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ skipAfter:END-SQL-ERROR-MATCH-PL1" SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])" \ @@ -56,7 +64,7 @@ SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Micr tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -81,7 +89,7 @@ SecRule RESPONSE_BODY "@rx (?i)\bORA-[0-9][0-9][0-9][0-9][0-9]:|java\.sql\.SQLEx tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -101,7 +109,7 @@ SecRule RESPONSE_BODY "@rx (?i:DB2 SQL error:|\[IBM\]\[CLI Driver\]\[DB2/6000\]| tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -121,7 +129,7 @@ SecRule RESPONSE_BODY "@rx (?i:\[DM_QUERY_E_SYNTAX\]|has occurred in the vicinit tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -141,7 +149,7 @@ SecRule RESPONSE_BODY "@rx (?i)Dynamic SQL Error" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -161,7 +169,7 @@ SecRule RESPONSE_BODY "@rx (?i)Exception (?:condition )?\d+\. Transaction rollba tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -181,7 +189,7 @@ SecRule RESPONSE_BODY "@rx (?i)org\.hsqldb\.jdbc" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -201,7 +209,7 @@ SecRule RESPONSE_BODY "@rx (?i:An illegal character has been found in the statem tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -221,7 +229,7 @@ SecRule RESPONSE_BODY "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|Ingres\W.*Driver tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -241,7 +249,7 @@ SecRule RESPONSE_BODY "@rx (?i:Warning: ibase_|Unexpected end of command tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -261,7 +269,7 @@ SecRule RESPONSE_BODY "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -281,7 +289,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:System\.Data\.OleDb\.OleDbException|\[Microsof tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -306,7 +314,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:supplied argument is not a valid |SQL syntax.* tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -331,7 +339,7 @@ SecRule RESPONSE_BODY "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -351,7 +359,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/J tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -371,7 +379,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*S tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -379,24 +387,24 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*S SecMarker "END-SQL-ERROR-MATCH-PL1" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf index 0460050d1..f1237cb43 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -12,10 +12,18 @@ # -= Paranoia Level 0 (empty) =- (apply unconditionally) # +# Skip all rules if RESPONSE_BODY is compressed. +SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ + "id:952010,\ + phase:4,\ + pass,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.4.0',\ + skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" - -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -39,7 +47,7 @@ SecRule RESPONSE_BODY "@pmFromFile java-code-leakages.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" @@ -64,30 +72,30 @@ SecRule RESPONSE_BODY "@pmFromFile java-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf index 0e75412fa..a43584694 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -12,10 +12,18 @@ # -= Paranoia Level 0 (empty) =- (apply unconditionally) # +# Skip all rules if RESPONSE_BODY is compressed. +SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ + "id:953010,\ + phase:4,\ + pass,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.4.0',\ + skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" - -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -39,7 +47,7 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" @@ -64,7 +72,7 @@ SecRule RESPONSE_BODY "@rx (?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scan tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" @@ -90,13 +98,13 @@ SecRule RESPONSE_BODY "@rx (?i)<\?(?:=|php)?\s+" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -123,21 +131,21 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors-pl2.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf index d1062b7fd..e94ae3f16 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -12,10 +12,18 @@ # -= Paranoia Level 0 (empty) =- (apply unconditionally) # +# Skip all rules if RESPONSE_BODY is compressed. +SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ + "id:954010,\ + phase:4,\ + pass,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.4.0',\ + skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" - -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -37,7 +45,7 @@ SecRule RESPONSE_BODY "@rx [a-z]:\x5cinetpub\b" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" @@ -58,7 +66,7 @@ SecRule RESPONSE_BODY "@rx (?:Microsoft OLE DB Provider for SQL Server(?: tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" @@ -82,7 +90,7 @@ SecRule RESPONSE_BODY "@pmFromFile iis-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" @@ -104,7 +112,7 @@ SecRule RESPONSE_STATUS "!@rx ^404$" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'ERROR',\ chain" SecRule RESPONSE_BODY "@rx \bServer Error in.{0,50}?\bApplication\b" \ @@ -114,24 +122,24 @@ SecRule RESPONSE_STATUS "!@rx ^404$" \ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf index 730dc7224..cd3deb53e 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.3.0 +# OWASP CRS ver.4.4.0 # Copyright (c) 2006-2020 Trustwave and contributors. (not) All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -12,10 +12,18 @@ # -= Paranoia Level 0 (empty) =- (apply unconditionally) # +# Skip all rules if RESPONSE_BODY is compressed. +SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ + "id:955010,\ + phase:4,\ + pass,\ + nolog,\ + tag:'OWASP_CRS',\ + ver:'OWASP_CRS/4.4.0',\ + skipAfter:END-RESPONSE-955-WEB-SHELLS" - -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.3.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -36,7 +44,7 @@ SecRule RESPONSE_BODY "@pmFromFile web-shells-php.data" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -55,7 +63,7 @@ SecRule RESPONSE_BODY "@rx (r57 Shell Version [0-9.]+|r57 tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -74,7 +82,7 @@ SecRule RESPONSE_BODY "@rx ^<html><head><meta http-equiv='Content-Type' content= tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -93,7 +101,7 @@ SecRule RESPONSE_BODY "@rx B4TM4N SH3LL.*Mini Shell.*Developed By LameHacker" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -131,7 +139,7 @@ SecRule RESPONSE_BODY "@rx \.:: .* ~ Ashiyane V [0-9.]+ ::\." \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -150,7 +158,7 @@ SecRule RESPONSE_BODY "@rx Symlink_Sa [0-9.]+" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -169,7 +177,7 @@ SecRule RESPONSE_BODY "@rx CasuS [0-9.]+ by MafiABoY" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -188,7 +196,7 @@ SecRule RESPONSE_BODY "@rx ^\r\n\r\nGRP WebShell [0-9.]+ " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -207,7 +215,7 @@ SecRule RESPONSE_BODY "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>\n$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -226,7 +234,7 @@ SecRule RESPONSE_BODY "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ - " tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -245,7 +253,7 @@ SecRule RESPONSE_BODY "@rx ^<!DOCTYPE html>\n<html>\n<!-- By Artyum .*<title>Web tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -264,7 +272,7 @@ SecRule RESPONSE_BODY "@rx <title>lama's'hell v. [0-9.]+" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -283,7 +291,7 @@ SecRule RESPONSE_BODY "@rx ^ *\n[ ]+\n[ ]+lostDC - " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -302,7 +310,7 @@ SecRule RESPONSE_BODY "@rx ^<title>PHP Web Shell\r\n\r\n\r\n tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -321,7 +329,7 @@ SecRule RESPONSE_BODY "@rx ^\n\n
\n\nRu24PostWebShell " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -361,7 +369,7 @@ SecRule RESPONSE_BODY "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King\r\n\r\n\n\n\n\ng00nshell v[0-9.]+ " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -420,7 +428,7 @@ SecRule RESPONSE_BODY "@contains <title>punkholicshell" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -439,7 +447,7 @@ SecRule RESPONSE_BODY "@rx ^\n \n azrail [0- tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -458,7 +466,7 @@ SecRule RESPONSE_BODY "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.3.0',\ + ver:'OWASP_CRS/4.4.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -477,7 +485,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\n<title>.*? ~ Shell I\n\n