diff options
Diffstat (limited to 'files/mod_security/custom_rules/apache2-rules.conf')
| -rw-r--r-- | files/mod_security/custom_rules/apache2-rules.conf | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/files/mod_security/custom_rules/apache2-rules.conf b/files/mod_security/custom_rules/apache2-rules.conf new file mode 100644 index 0000000..eb2710e --- /dev/null +++ b/files/mod_security/custom_rules/apache2-rules.conf @@ -0,0 +1,57 @@ +#http://www.gotroot.com/mod_security+rules +# Special Application Security Rules for Apache 2.x +# For ModSecurity 2.x +# +# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/apache2-rules.conf +# +# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com) +# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved. +# Redistribution is strictly prohibited in any form, including whole or in part. +# +# Version: N-20061022-01 +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +# THE POSSIBILITY OF SUCH DAMAGE. + +#NOTE: These rules will only work for systems running Apache 2.x. + +#phpbb Session Cookie +SecRule REQUEST_COOKIES:sessionid "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D" +SecRule REQUEST_URI|ARGS|REQUEST_BODY "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D" + +#schema overflow attempt +SecRule REQUEST_URI|ARGS|REQUEST_BODY "\|3A\|///^[^\/]{14,}?\x3a\/\//U" + +#HappyMall Command Execution member_html.cgi +SecRule REQUEST_URI "/member_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" + +#HappyMall Command Execution normal_html.cgi +SecRule REQUEST_URI "/normal_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" + +#phpBB Remote Code Execution Attempt +SecRule REQUEST_URI "/viewtopic\.php\?" chain +SecRule REQUEST_URI|ARGS|REQUEST_BODY "highlight=.*(\'|\%[a-f0-9]{4})(\.|\/|\\|\%[a-f0-9]{4}).+?(\'|\%[a-f0-9]{4})" + +#XSS generic sig +SecRule REQUEST_URI|ARGS|REQUEST_BODY "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" + +#generic SQL injection sigs using PCRE +SecRule REQUEST_URI|ARGS|REQUEST_BODY "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52)/ix" + +##TWiki "rev" Shell Command Injection Vulnerability +SecRule REQUEST_URI "/TWikiUsers\?rev=\x20\x7C" + +##ATutor Multiple Vulnerabilities +SecRule REQUEST_URI "/(body_header\.inc|print)\.php\?section.*\x00" + +#faqmanager.cgi arbitrary file access attempt +SecRule REQUEST_URI "/faqmanager.cgi?toc=.*(\|00\||\x00)" |