Fix all the rules to have proper IDs for ModSecurity 2.7.0.

Some things were broken before, now they are all valid.
Flameeyes · Oct 17, 2012 · 294873c · 294873c
1 parent bf0a998
commit 294873c
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 5 deletions.
diff --git a/optional/flameeyes_init.conf b/optional/flameeyes_init.conf
@@ -11,7 +11,7 @@
 SecRuleEngine On
 
 # Initialise the global collection of IP-based matches.
-SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}"
+SecAction "phase:1,t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr},id:430000"
 
 SecDataDir /var/cache/modsecurity
 

diff --git a/rules/flameeyes_00_settings.conf b/rules/flameeyes_00_settings.conf
@@ -4,11 +4,11 @@
 # Settings and prerequisites for the ruleset
 
 # By default expire IP-bound data on a week basis.
-SecAction "phase:1,t:none,nolog,setvar:tx.ip_expiration=259200,pass,id:430000"
+SecAction "phase:1,t:none,nolog,setvar:tx.ip_expiration=259200,pass,id:430010"
 
 # Since Amazon EC2 users will use dynamic IP addresses, there is no
 # reason to cache tests for a whole week. Instead do hourly checks
 # about them.
-SecRule REMOTE_HOST "@endsWith .amazonaws.com" "id:430001,setvar:tx.ip_expiration=3600,nolog"
+SecRule REMOTE_HOST "@endsWith .amazonaws.com" "id:430011,setvar:tx.ip_expiration=3600,nolog"
 
 SecComponentSignature "Flameeyes's Ruleset for ModSecurity"
diff --git a/rules/flameeyes_05_proxy.conf b/rules/flameeyes_05_proxy.conf
@@ -77,7 +77,7 @@ SecRule REMOTE_ADDR "@rbl all.s5h.net" \
 
 # This requires SecHttpBlKey to be set!
 SecRule REMOTE_ADDR "@rbl dnsbl.httpbl.org" \
-        "id:430542,phase:2,setvar:ip.flameeyes_is_openproxy=1,expirevar:ip.flameeyes_is_openproxy=%{TX.IP_EXPIRATION},msg:'%{REMOTE_ADDR} is blacklisted',skipAfter:FLAMEEYES_PROXY_REQUEST"
+        "id:430544,phase:2,setvar:ip.flameeyes_is_openproxy=1,expirevar:ip.flameeyes_is_openproxy=%{TX.IP_EXPIRATION},msg:'%{REMOTE_ADDR} is blacklisted',skipAfter:FLAMEEYES_PROXY_REQUEST"
 
 SecMarker FLAMEEYES_PROXY_REQUEST
 

diff --git a/rules/flameeyes_60_fake_browsers.conf b/rules/flameeyes_60_fake_browsers.conf
@@ -140,7 +140,7 @@ SecRule &REQUEST_HEADERS:x-ps3-browser "@eq 0"
 # at least. If the Accept header includes it, the request can't be
 # coming from IE.
 SecRule REQUEST_HEADERS:User-Agent "@pm msie" \
-	"id:436086,chain,phase:2,msg:'Fake Internet Explorer browser accepting WebP images',deny,status:403"
+	"id:436087,chain,phase:2,msg:'Fake Internet Explorer browser accepting WebP images',deny,status:403"
 SecRule REQUEST_HEADERS:Accept "@pm image/webp"
 
 SecMarker FLAMEEYES_END_FAKE_BROWSERS_HEADERS