Hub WAF rule

More info

1name: crowdsecurity/crs

2seclang_rules:

3 - SecRuleEngine On

4 - SecRequestBodyAccess On

5 - Secrule REQUEST_HEADERS:Content-Type "@rx ^application/x-www-form-urlencoded" "id:300,phase:1,pass,nolog,noauditlog,ctl:requestBodyProcessor=URLENCODED"

6 - Secrule REQUEST_HEADERS:Content-Type "@rx ^multipart/form-data" "id:301,phase:1,pass,nolog,noauditlog,ctl:requestBodyProcessor=MULTIPART"

7 - Secrule REQUEST_HEADERS:Content-Type "@rx ^application/xml" "id:302,phase:1,pass,nolog,noauditlog,ctl:requestBodyProcessor=XML"

8 - Secrule REQUEST_HEADERS:Content-Type "@rx ^application/json" "id:303,phase:1,pass,nolog,noauditlog,ctl:requestBodyProcessor=JSON"

9 - Secrule REQUEST_HEADERS:Content-Type "@rx ^text/xml" "id:304,phase:1,pass,nolog,noauditlog,ctl:requestBodyProcessor=XML"

10seclang_files_rules:

11 - crs-setup.conf

12 - crs-plugins/*/*-config.conf

13 - crs-plugins/*/*-before.conf

14 - REQUEST-901-INITIALIZATION.conf

15 - REQUEST-905-COMMON-EXCEPTIONS.conf

16 - REQUEST-911-METHOD-ENFORCEMENT.conf

17 - REQUEST-913-SCANNER-DETECTION.conf

18 - REQUEST-920-PROTOCOL-ENFORCEMENT.conf

19 - REQUEST-921-PROTOCOL-ATTACK.conf

20 - REQUEST-922-MULTIPART-ATTACK.conf

21 - REQUEST-930-APPLICATION-ATTACK-LFI.conf

22 - REQUEST-931-APPLICATION-ATTACK-RFI.conf

23 - REQUEST-932-APPLICATION-ATTACK-RCE.conf

24 - REQUEST-933-APPLICATION-ATTACK-PHP.conf

25 - REQUEST-934-APPLICATION-ATTACK-GENERIC.conf

26 - REQUEST-941-APPLICATION-ATTACK-XSS.conf

27 - REQUEST-942-APPLICATION-ATTACK-SQLI.conf

28 - REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf

29 - REQUEST-944-APPLICATION-ATTACK-JAVA.conf

30 - REQUEST-949-BLOCKING-EVALUATION.conf

31 - RESPONSE-950-DATA-LEAKAGES.conf

32 - RESPONSE-951-DATA-LEAKAGES-SQL.conf

33 - RESPONSE-952-DATA-LEAKAGES-JAVA.conf

34 - RESPONSE-953-DATA-LEAKAGES-PHP.conf

35 - RESPONSE-954-DATA-LEAKAGES-IIS.conf

36 - RESPONSE-955-WEB-SHELLS.conf

37 - RESPONSE-959-BLOCKING-EVALUATION.conf

38 - RESPONSE-980-CORRELATION.conf

39 - crs-plugins/*/*-after.conf

41data:

42 - source_url: https://hub-data.crowdsec.net/appsec/crs/crs-setup.conf

43 dest_file: crs-setup.conf

44 type: modsec

45 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-901-INITIALIZATION.conf

46 dest_file: REQUEST-901-INITIALIZATION.conf

47 type: modsec

48 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-905-COMMON-EXCEPTIONS.conf

49 dest_file: REQUEST-905-COMMON-EXCEPTIONS.conf

50 type: modsec

51 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-911-METHOD-ENFORCEMENT.conf

52 dest_file: REQUEST-911-METHOD-ENFORCEMENT.conf

53 type: modsec

54 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-913-SCANNER-DETECTION.conf

55 dest_file: REQUEST-913-SCANNER-DETECTION.conf

56 type: modsec

57 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf

58 dest_file: REQUEST-920-PROTOCOL-ENFORCEMENT.conf

59 type: modsec

60 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-921-PROTOCOL-ATTACK.conf

61 dest_file: REQUEST-921-PROTOCOL-ATTACK.conf

62 type: modsec

63 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-922-MULTIPART-ATTACK.conf

64 dest_file: REQUEST-922-MULTIPART-ATTACK.conf

65 type: modsec

66 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-930-APPLICATION-ATTACK-LFI.conf

67 dest_file: REQUEST-930-APPLICATION-ATTACK-LFI.conf

68 type: modsec

69 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-931-APPLICATION-ATTACK-RFI.conf

70 dest_file: REQUEST-931-APPLICATION-ATTACK-RFI.conf

71 type: modsec

72 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-932-APPLICATION-ATTACK-RCE.conf

73 dest_file: REQUEST-932-APPLICATION-ATTACK-RCE.conf

74 type: modsec

75 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-933-APPLICATION-ATTACK-PHP.conf

76 dest_file: REQUEST-933-APPLICATION-ATTACK-PHP.conf

77 type: modsec

78 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf

79 dest_file: REQUEST-934-APPLICATION-ATTACK-GENERIC.conf

80 type: modsec

81 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf

82 dest_file: REQUEST-941-APPLICATION-ATTACK-XSS.conf

83 type: modsec

84 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-942-APPLICATION-ATTACK-SQLI.conf

85 dest_file: REQUEST-942-APPLICATION-ATTACK-SQLI.conf

86 type: modsec

87 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf

88 dest_file: REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf

89 type: modsec

90 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-944-APPLICATION-ATTACK-JAVA.conf

91 dest_file: REQUEST-944-APPLICATION-ATTACK-JAVA.conf

92 type: modsec

93 - source_url: https://hub-data.crowdsec.net/appsec/crs/REQUEST-949-BLOCKING-EVALUATION.conf

94 dest_file: REQUEST-949-BLOCKING-EVALUATION.conf

95 type: modsec

96 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-950-DATA-LEAKAGES.conf

97 dest_file: RESPONSE-950-DATA-LEAKAGES.conf

98 type: modsec

99 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-951-DATA-LEAKAGES-SQL.conf

100 dest_file: RESPONSE-951-DATA-LEAKAGES-SQL.conf

101 type: modsec

102 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-952-DATA-LEAKAGES-JAVA.conf

103 dest_file: RESPONSE-952-DATA-LEAKAGES-JAVA.conf

104 type: modsec

105 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-953-DATA-LEAKAGES-PHP.conf

106 dest_file: RESPONSE-953-DATA-LEAKAGES-PHP.conf

107 type: modsec

108 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-954-DATA-LEAKAGES-IIS.conf

109 dest_file: RESPONSE-954-DATA-LEAKAGES-IIS.conf

110 type: modsec

111 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-955-WEB-SHELLS.conf

112 dest_file: RESPONSE-955-WEB-SHELLS.conf

113 type: modsec

114 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-959-BLOCKING-EVALUATION.conf

115 dest_file: RESPONSE-959-BLOCKING-EVALUATION.conf

116 type: modsec

117 - source_url: https://hub-data.crowdsec.net/appsec/crs/RESPONSE-980-CORRELATION.conf

118 dest_file: RESPONSE-980-CORRELATION.conf

119 type: modsec

120 - source_url: https://hub-data.crowdsec.net/appsec/crs/crawlers-user-agents.data

121 dest_file: crawlers-user-agents.data

122 type: modsec

123 - source_url: https://hub-data.crowdsec.net/appsec/crs/iis-errors.data

124 dest_file: iis-errors.data

125 type: modsec

126 - source_url: https://hub-data.crowdsec.net/appsec/crs/java-classes.data

127 dest_file: java-classes.data

128 type: modsec

129 - source_url: https://hub-data.crowdsec.net/appsec/crs/java-code-leakages.data

130 dest_file: java-code-leakages.data

131 type: modsec

132 - source_url: https://hub-data.crowdsec.net/appsec/crs/java-errors.data

133 dest_file: java-errors.data

134 type: modsec

135 - source_url: https://hub-data.crowdsec.net/appsec/crs/lfi-os-files.data

136 dest_file: lfi-os-files.data

137 type: modsec

138 - source_url: https://hub-data.crowdsec.net/appsec/crs/php-config-directives.data

139 dest_file: php-config-directives.data

140 type: modsec

141 - source_url: https://hub-data.crowdsec.net/appsec/crs/php-errors.data

142 dest_file: php-errors.data

143 type: modsec

144 - source_url: https://hub-data.crowdsec.net/appsec/crs/php-errors-pl2.data

145 dest_file: php-errors-pl2.data

146 type: modsec

147 - source_url: https://hub-data.crowdsec.net/appsec/crs/php-function-names-933150.data

148 dest_file: php-function-names-933150.data

149 type: modsec

150 - source_url: https://hub-data.crowdsec.net/appsec/crs/php-function-names-933151.data

151 dest_file: php-function-names-933151.data

152 type: modsec

153 - source_url: https://hub-data.crowdsec.net/appsec/crs/php-variables.data

154 dest_file: php-variables.data

155 type: modsec

156 - source_url: https://hub-data.crowdsec.net/appsec/crs/restricted-files.data

157 dest_file: restricted-files.data

158 type: modsec

159 - source_url: https://hub-data.crowdsec.net/appsec/crs/restricted-upload.data

160 dest_file: restricted-upload.data

161 type: modsec

162 - source_url: https://hub-data.crowdsec.net/appsec/crs/scanners-headers.data

163 dest_file: scanners-headers.data

164 type: modsec

165 - source_url: https://hub-data.crowdsec.net/appsec/crs/scanners-urls.data

166 dest_file: scanners-urls.data

167 type: modsec

168 - source_url: https://hub-data.crowdsec.net/appsec/crs/scanners-user-agents.data

169 dest_file: scanners-user-agents.data

170 type: modsec

171 - source_url: https://hub-data.crowdsec.net/appsec/crs/scripting-user-agents.data

172 dest_file: scripting-user-agents.data

173 type: modsec

174 - source_url: https://hub-data.crowdsec.net/appsec/crs/sql-errors.data

175 dest_file: sql-errors.data

176 type: modsec

177 - source_url: https://hub-data.crowdsec.net/appsec/crs/ssrf.data

178 dest_file: ssrf.data

179 type: modsec

180 - source_url: https://hub-data.crowdsec.net/appsec/crs/unix-shell.data

181 dest_file: unix-shell.data

182 type: modsec

183 - source_url: https://hub-data.crowdsec.net/appsec/crs/web-shells-php.data

184 dest_file: web-shells-php.data

185 type: modsec

186 - source_url: https://hub-data.crowdsec.net/appsec/crs/windows-powershell-commands.data

187 dest_file: windows-powershell-commands.data

188 type: modsec

Hub WAF rule

« crs »v0.6 by crowdsecurityWAF rule

« crs »
v0.6 by crowdsecurity
WAF rule