D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
opt
/
bitninja-waf
/
etc
/
BitNinja
/
Filename :
402-DRUPAL-REMOTE-EXECUTION-PROTECTION.conf
back
Copy
# SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" "chain,id:402001,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block,\ severity:CRITICAL,\ msg:'Drupal Remote Code Execution - SA-CORE-2018-002: Block specific #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters',\ logdata:'Drupal RCE - SA-CORE-2018-002 Specific: Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'" SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)$|\[(?:\'|\")?#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)" \ "setvar:tx.bn_inbound_found=+1" SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "destination" "chain,id:402003,\ msg:'Drupal Remote Code Execution - SA-CORE-2018-004: Block all destination q[#',\ severity:CRITICAL,\ logdata:'Drupal RCE - SA-CORE-2018-004 Generic: Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'" SecRule ARGS|REQUEST_COOKIES "(\?q\[(\#|(%(25)*23))|(&|%(25)*26)q\[(%(25)*23))" \ setvar:tx.bn_inbound_found=+1"# GENERIC: Block all parameters starting with # SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" "chain,id:402002,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block,\ severity:CRITICAL,\ msg:'Drupal Remote Code Execution - SA-CORE-2018-002: Block all parameters starting with #',\ logdata:'Drupal RCE - SA-CORE-2018-002 Generic: Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'" SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#|\[(?:\'|\")?\#.*\]" \ "setvar:tx.bn_inbound_found=+1"