1name: crowdsecurity/crs
2seclang_rules:
3 - SecRuleEngine On
4 - SecRequestBodyAccess On
5seclang_files_rules:
6 - crs-setup.conf
7 - crs-plugins/*/*-config.conf
8 - crs-plugins/*/*-before.conf
9 - REQUEST-901-INITIALIZATION.conf
10 - REQUEST-905-COMMON-EXCEPTIONS.conf
11 - REQUEST-911-METHOD-ENFORCEMENT.conf
12 - REQUEST-913-SCANNER-DETECTION.conf
13 - REQUEST-920-PROTOCOL-ENFORCEMENT.conf
14 - REQUEST-921-PROTOCOL-ATTACK.conf
15 - REQUEST-922-MULTIPART-ATTACK.conf
16 - REQUEST-930-APPLICATION-ATTACK-LFI.conf
17 - REQUEST-931-APPLICATION-ATTACK-RFI.conf
18 - REQUEST-932-APPLICATION-ATTACK-RCE.conf
19 - REQUEST-933-APPLICATION-ATTACK-PHP.conf
20 - REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
21 - REQUEST-941-APPLICATION-ATTACK-XSS.conf
22 - REQUEST-942-APPLICATION-ATTACK-SQLI.conf
23 - REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
24 - REQUEST-944-APPLICATION-ATTACK-JAVA.conf
25 - REQUEST-949-BLOCKING-EVALUATION.conf
26 - RESPONSE-950-DATA-LEAKAGES.conf
27 - RESPONSE-951-DATA-LEAKAGES-SQL.conf
28 - RESPONSE-952-DATA-LEAKAGES-JAVA.conf
29 - RESPONSE-953-DATA-LEAKAGES-PHP.conf
30 - RESPONSE-954-DATA-LEAKAGES-IIS.conf
31 - RESPONSE-955-WEB-SHELLS.conf
32 - RESPONSE-959-BLOCKING-EVALUATION.conf
33 - RESPONSE-980-CORRELATION.conf
34 - crs-plugins/*/*-after.conf
35
36data:
37  - source_url: https://hub-data.crowdsec.net/appsec/crs/crs-setup.conf
38    dest_file: crs-setup.conf
39    type: modsec
40  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-901-INITIALIZATION.conf
41    dest_file: REQUEST-901-INITIALIZATION.conf
42    type: modsec
43  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-905-COMMON-EXCEPTIONS.conf
44    dest_file: REQUEST-905-COMMON-EXCEPTIONS.conf
45    type: modsec
46  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-911-METHOD-ENFORCEMENT.conf
47    dest_file: REQUEST-911-METHOD-ENFORCEMENT.conf
48    type: modsec
49  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-913-SCANNER-DETECTION.conf
50    dest_file: REQUEST-913-SCANNER-DETECTION.conf
51    type: modsec
52  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
53    dest_file: REQUEST-920-PROTOCOL-ENFORCEMENT.conf
54    type: modsec
55  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-921-PROTOCOL-ATTACK.conf
56    dest_file: REQUEST-921-PROTOCOL-ATTACK.conf
57    type: modsec
58  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-922-MULTIPART-ATTACK.conf
59    dest_file: REQUEST-922-MULTIPART-ATTACK.conf
60    type: modsec
61  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-930-APPLICATION-ATTACK-LFI.conf
62    dest_file: REQUEST-930-APPLICATION-ATTACK-LFI.conf
63    type: modsec
64  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-931-APPLICATION-ATTACK-RFI.conf
65    dest_file: REQUEST-931-APPLICATION-ATTACK-RFI.conf
66    type: modsec
67  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-932-APPLICATION-ATTACK-RCE.conf
68    dest_file: REQUEST-932-APPLICATION-ATTACK-RCE.conf
69    type: modsec
70  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-933-APPLICATION-ATTACK-PHP.conf
71    dest_file: REQUEST-933-APPLICATION-ATTACK-PHP.conf
72    type: modsec
73  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
74    dest_file: REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
75    type: modsec
76  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf
77    dest_file: REQUEST-941-APPLICATION-ATTACK-XSS.conf
78    type: modsec
79  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-942-APPLICATION-ATTACK-SQLI.conf
80    dest_file: REQUEST-942-APPLICATION-ATTACK-SQLI.conf
81    type: modsec
82  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
83    dest_file: REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
84    type: modsec
85  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-944-APPLICATION-ATTACK-JAVA.conf
86    dest_file: REQUEST-944-APPLICATION-ATTACK-JAVA.conf
87    type: modsec
88  - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-949-BLOCKING-EVALUATION.conf
89    dest_file: REQUEST-949-BLOCKING-EVALUATION.conf
90    type: modsec
91  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-950-DATA-LEAKAGES.conf
92    dest_file: RESPONSE-950-DATA-LEAKAGES.conf
93    type: modsec
94  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-951-DATA-LEAKAGES-SQL.conf
95    dest_file: RESPONSE-951-DATA-LEAKAGES-SQL.conf
96    type: modsec
97  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-952-DATA-LEAKAGES-JAVA.conf
98    dest_file: RESPONSE-952-DATA-LEAKAGES-JAVA.conf
99    type: modsec
100  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-953-DATA-LEAKAGES-PHP.conf
101    dest_file: RESPONSE-953-DATA-LEAKAGES-PHP.conf
102    type: modsec
103  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-954-DATA-LEAKAGES-IIS.conf
104    dest_file: RESPONSE-954-DATA-LEAKAGES-IIS.conf
105    type: modsec
106  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-955-WEB-SHELLS.conf
107    dest_file: RESPONSE-955-WEB-SHELLS.conf
108    type: modsec
109  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-959-BLOCKING-EVALUATION.conf
110    dest_file: RESPONSE-959-BLOCKING-EVALUATION.conf
111    type: modsec
112  - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-980-CORRELATION.conf
113    dest_file: RESPONSE-980-CORRELATION.conf
114    type: modsec
115  - source_url: https://hub-data.crowdsec.net/appsec/crs/crawlers-user-agents.data
116    dest_file: crawlers-user-agents.data
117    type: modsec
118  - source_url: https://hub-data.crowdsec.net/appsec/crs/iis-errors.data
119    dest_file: iis-errors.data
120    type: modsec
121  - source_url: https://hub-data.crowdsec.net/appsec/crs/java-classes.data
122    dest_file: java-classes.data
123    type: modsec
124  - source_url: https://hub-data.crowdsec.net/appsec/crs/java-code-leakages.data
125    dest_file: java-code-leakages.data
126    type: modsec
127  - source_url: https://hub-data.crowdsec.net/appsec/crs/java-errors.data
128    dest_file: java-errors.data
129    type: modsec
130  - source_url: https://hub-data.crowdsec.net/appsec/crs/lfi-os-files.data
131    dest_file: lfi-os-files.data
132    type: modsec
133  - source_url: https://hub-data.crowdsec.net/appsec/crs/php-config-directives.data
134    dest_file: php-config-directives.data
135    type: modsec
136  - source_url: https://hub-data.crowdsec.net/appsec/crs/php-errors.data
137    dest_file: php-errors.data
138    type: modsec
139  - source_url: https://hub-data.crowdsec.net/appsec/crs/php-errors-pl2.data
140    dest_file: php-errors-pl2.data
141    type: modsec
142  - source_url: https://hub-data.crowdsec.net/appsec/crs/php-function-names-933150.data
143    dest_file: php-function-names-933150.data
144    type: modsec
145  - source_url: https://hub-data.crowdsec.net/appsec/crs/php-function-names-933151.data
146    dest_file: php-function-names-933151.data
147    type: modsec
148  - source_url: https://hub-data.crowdsec.net/appsec/crs/php-variables.data
149    dest_file: php-variables.data
150    type: modsec
151  - source_url: https://hub-data.crowdsec.net/appsec/crs/restricted-files.data
152    dest_file: restricted-files.data
153    type: modsec
154  - source_url: https://hub-data.crowdsec.net/appsec/crs/restricted-upload.data
155    dest_file: restricted-upload.data
156    type: modsec
157  - source_url: https://hub-data.crowdsec.net/appsec/crs/scanners-headers.data
158    dest_file: scanners-headers.data
159    type: modsec
160  - source_url: https://hub-data.crowdsec.net/appsec/crs/scanners-urls.data
161    dest_file: scanners-urls.data
162    type: modsec
163  - source_url: https://hub-data.crowdsec.net/appsec/crs/scanners-user-agents.data
164    dest_file: scanners-user-agents.data
165    type: modsec
166  - source_url: https://hub-data.crowdsec.net/appsec/crs/scripting-user-agents.data
167    dest_file: scripting-user-agents.data
168    type: modsec
169  - source_url: https://hub-data.crowdsec.net/appsec/crs/sql-errors.data
170    dest_file: sql-errors.data
171    type: modsec
172  - source_url: https://hub-data.crowdsec.net/appsec/crs/ssrf.data
173    dest_file: ssrf.data
174    type: modsec
175  - source_url: https://hub-data.crowdsec.net/appsec/crs/unix-shell.data
176    dest_file: unix-shell.data
177    type: modsec
178  - source_url: https://hub-data.crowdsec.net/appsec/crs/web-shells-php.data
179    dest_file: web-shells-php.data
180    type: modsec
181  - source_url: https://hub-data.crowdsec.net/appsec/crs/windows-powershell-commands.data
182    dest_file: windows-powershell-commands.data
183    type: modsec