D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
opt
/
bitninja-waf
/
etc
/
crs
/
rules
/
Filename :
RESPONSE-951-DATA-LEAKAGES-SQL.conf
back
Copy
# ------------------------------------------------------------------------ # OWASP ModSecurity Core Rule Set ver.3.0.2 # Copyright (c) 2006-2016 Trustwave and contributors. All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ # # -= Paranoia Level 0 (empty) =- (apply unconditionally) # SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:3,id:951011,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:4,id:951012,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 1 (default) =- (apply only when tx.paranoia_level is sufficiently high: 1 or higher) # # # -=[ SQL Error Leakages ]=- # # Ref: https://raw.github.com/sqlmapproject/sqlmap/master/xml/errors.xml # Ref: https://github.com/Arachni/arachni/tree/master/modules/audit/sqli/patterns # SecRule RESPONSE_BODY "@pmFromFile sql-errors.data" \ "phase:response,\ id:951100,\ rev:'5',\ ver:'OWASP_CRS/3.0.0',\ pass,\ nolog,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-multi',\ tag:'attack-disclosure',\ setvar:tx.sql_error_match=1,\ t:none" SecRule TX:sql_error_match "@eq 1" \ "msg:'Microsoft Access SQL Information Leakage',\ phase:response,\ id:951110,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-msaccess',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:JET Database Engine|Access Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'Oracle SQL Information Leakage',\ phase:response,\ id:951120,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-oracle',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:ORA-[0-9][0-9][0-9][0-9]|java\.sql\.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'DB2 SQL Information Leakage',\ phase:response,\ id:951130,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-db2',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:DB2 SQL error:|\[IBM\]\[CLI Driver\]\[DB2/6000\]|CLI Driver.*DB2|DB2 SQL error|db2_\w+\()" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'EMC SQL Information Leakage',\ phase:response,\ id:951140,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-emc',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:\[DM_QUERY_E_SYNTAX\]|has occurred in the vicinity of:)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'firebird SQL Information Leakage',\ phase:response,\ id:951150,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-firebird',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:Dynamic SQL Error)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'Frontbase SQL Information Leakage',\ phase:response,\ id:951160,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-frontbase',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:Exception (condition )?\d+\. Transaction rollback\.)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'hsqldb SQL Information Leakage',\ phase:response,\ id:951170,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-hsqldb',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:org\.hsqldb\.jdbc)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'informix SQL Information Leakage',\ phase:response,\ id:951180,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-informix',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:An illegal character has been found in the statement|com\.informix\.jdbc|Exception.*Informix)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'ingres SQL Information Leakage',\ phase:response,\ id:951190,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-ingres',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:Warning.*ingres_|Ingres SQLSTATE|Ingres\W.*Driver)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'interbase SQL Information Leakage',\ phase:response,\ id:951200,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-interbase',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:<b>Warning</b>: ibase_|Unexpected end of command in statement)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'maxDB SQL Information Leakage',\ phase:response,\ id:951210,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-maxdb',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:SQL error.*POS([0-9]+).*|Warning.*maxdb.*)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'mssql SQL Information Leakage',\ phase:response,\ id:951220,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-mssql',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:System\.Data\.OleDb\.OleDbException|\[Microsoft\]\[ODBC SQL Server Driver\]|\[Macromedia\]\[SQLServer JDBC Driver\]|\[SqlException|System\.Data\.SqlClient\.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query\(\)|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression\.|ADODB\.Field \(0x800A0BCD\)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[\-\_\ ]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*\WSystem\.Data\.SqlClient\.)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'mysql SQL Information Leakage',\ phase:response,\ id:951230,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-mysql',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:supplied argument is not a valid MySQL|Column count doesn't match value count at row|mysql_fetch_array\(\)|on MySQL result index|You have an error in your SQL syntax;|You have an error in your SQL syntax near|MySQL server version for the right syntax to use|\[MySQL\]\[ODBC|Column count doesn't match|Table '[^']+' doesn't exist|SQL syntax.*MySQL|Warning.*mysql_.*|valid MySQL result|MySqlClient\.)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'postgres SQL Information Leakage',\ phase:response,\ id:951240,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-pgsql',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:PostgreSQL query failed:|pg_query\(\) \[:|pg_exec\(\) \[:|PostgreSQL.*ERROR|Warning.*pg_.*|valid PostgreSQL result|Npgsql\.|PG::([a-zA-Z]*)Error|Supplied argument is not a valid PostgreSQL (?:.*?) resource|Unable to connect to PostgreSQL server)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'sqlite SQL Information Leakage',\ phase:response,\ id:951250,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-sqlite',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite\.Exception|System\.Data\.SQLite\.SQLiteException)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:sql_error_match "@eq 1" \ "msg:'Sybase SQL Information Leakage',\ phase:response,\ id:951260,\ rev:'1',\ ver:'OWASP_CRS/3.0.0',\ maturity:'7',\ accuracy:'9',\ t:none,\ capture,\ ctl:auditLogParts=+E,\ block,\ tag:'application-multi',\ tag:'language-multi',\ tag:'platform-sybase',\ tag:'attack-disclosure',\ tag:'OWASP_CRS/LEAKAGE/ERRORS_SQL',\ tag:'CWE-209',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ severity:'CRITICAL',\ chain" SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.*sybase.*|Sybase.*Server message.*)" \ "capture,\ setvar:'tx.msg=%{rule.msg}',\ setvar:tx.outbound_anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},\ setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\ setvar:tx.%{rule.id}-OWASP_CRS/LEAKAGE/ERRORS-%{matched_var_name}=%{tx.0}" SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:3,id:951013,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:4,id:951014,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 2 =- (apply only when tx.paranoia_level is sufficiently high: 2 or higher) # SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:3,id:951015,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:4,id:951016,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 3 =- (apply only when tx.paranoia_level is sufficiently high: 3 or higher) # SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:3,id:951017,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:4,id:951018,nolog,pass,skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 4 =- (apply only when tx.paranoia_level is sufficiently high: 4 or higher) # # # -= Paranoia Levels Finished =- # SecMarker "END-RESPONSE-951-DATA-LEAKAGES-SQL"