D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
opt
/
bitninja-waf
/
etc
/
crs
/
rules
/
Filename :
REQUEST-911-METHOD-ENFORCEMENT.conf
back
Copy
# ------------------------------------------------------------------------ # OWASP ModSecurity Core Rule Set ver.3.0.2 # Copyright (c) 2006-2016 Trustwave and contributors. All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ # # -= Paranoia Level 0 (empty) =- (apply unconditionally) # SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:1,id:911011,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:2,id:911012,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 1 (default) =- (apply only when tx.paranoia_level is sufficiently high: 1 or higher) # # # -=[ Allowed Request Methods ]=- # # tx.allowed_methods is defined in the crs-setup.conf file # SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" \ "msg:'Method is not allowed by policy',\ severity:'CRITICAL',\ id:911100,\ phase:request,\ block,\ rev:'2',\ ver:'OWASP_CRS/3.0.0',\ maturity:'9',\ accuracy:'9',\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-generic',\ tag:'OWASP_CRS/POLICY/METHOD_NOT_ALLOWED',\ tag:'WASCTC/WASC-15',\ tag:'OWASP_TOP_10/A6',\ tag:'OWASP_AppSensor/RE1',\ tag:'PCI/12.1',\ logdata:'%{matched_var}',\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/POLICY/METHOD_NOT_ALLOWED-%{matched_var_name}=%{matched_var}" SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:1,id:911013,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:2,id:911014,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 2 =- (apply only when tx.paranoia_level is sufficiently high: 2 or higher) # SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:1,id:911015,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:2,id:911016,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 3 =- (apply only when tx.paranoia_level is sufficiently high: 3 or higher) # SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:1,id:911017,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:2,id:911018,nolog,pass,skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 4 =- (apply only when tx.paranoia_level is sufficiently high: 4 or higher) # # # -= Paranoia Levels Finished =- # SecMarker "END-REQUEST-911-METHOD-ENFORCEMENT"