Skip to content
This repository has been archived by the owner on May 14, 2020. It is now read-only.

Malicious file upload detection #1045

Closed
wants to merge 35 commits into from
Closed

Malicious file upload detection #1045

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
75e1cd2
Update .travis.yml
csanders-git Sep 20, 2017
519d67d
updating crs site location
csanders-git Nov 15, 2017
66b338a
Update date and add badges
fzipi Dec 1, 2017
9601725
Merge pull request #978 from SpiderLabs/readme-minors
lifeforms Dec 4, 2017
f11241c
Fix typo with extra bracket.
fzipi Dec 4, 2017
6a2b20c
Merge badges with v3.1/dev
fzipi Dec 4, 2017
6a42d99
Update REQUEST-920-PROTOCOL-ENFORCEMENT.conf
ihacku Dec 5, 2017
17d4317
Merge pull request #979 from ihacku/patch-1
dune73 Dec 7, 2017
a216353
Updated year.
fzipi Jan 2, 2018
bc774d1
PR994 remake
spartantri Mar 19, 2018
ee5ff53
Renumbered file upload rules
spartantri Mar 20, 2018
644798e
Missing \ added
spartantri Mar 20, 2018
41dbe04
Added 914245 to whitelist images within ARG
spartantri Mar 21, 2018
745622a
Increased 914245 from 6 to 12 byte capture
spartantri Mar 21, 2018
de1962e
Removed tailing whitespace from comment
spartantri Mar 21, 2018
b0a5205
Hybrid Paranoia Mode
spartantri Mar 21, 2018
34e7730
Stripped out hybrid stuff
spartantri Mar 22, 2018
2ce6b1b
Removed incompatiblities
spartantri Apr 4, 2018
3b34cad
Added PL3 rules for body processing
spartantri Apr 4, 2018
7832fdf
Conflict fix
spartantri Apr 4, 2018
b5de3ae
Removed duplicated rule
spartantri Apr 4, 2018
4b2676f
Conflict fix
spartantri Apr 4, 2018
c949e6e
Adjusted 914100,914110,914215,914220 and MZ rx
spartantri May 23, 2018
a1897a6
Adjusted comments and issues
spartantri Jun 14, 2018
8a29751
Adjusted conflict
spartantri Jun 14, 2018
0cc3314
Added comment to 901180
spartantri Jun 14, 2018
62d80ad
Removed comment to 901180
spartantri Jun 14, 2018
f9db75a
Changed 901180 SecAction to SecRule
spartantri Jun 20, 2018
2e2800f
Merge branch 'v3.1/dev' into v3.1/devFileUpload
spartantri Jun 20, 2018
76661d5
init v3.2 commit
csanders-git Jul 4, 2018
26f0be9
Merge branch 'v3.2/dev' into v3.2/dev
spartantri Jul 25, 2018
ec699bf
Moved skipAfter to first rule of chain
spartantri Jul 26, 2018
f844b85
Merge branch 'v3.1/devFileUpload' into v3.2/dev
spartantri Jul 26, 2018
416f2c8
Merge pull request #3 from SpiderLabs/v3.2/dev
spartantri Jul 26, 2018
aef6ebb
Disabled image upload checks
spartantri Aug 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
View file
Open in desktop
Expand Up @@ -28,4 +28,4 @@ branches:
- v3.0/master
- v3.1/dev
notifications:
irc: "chat.freenode.net#modsecurity"
irc: "chat.freenode.net#modsecurity"
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Expand Up @@ -7,7 +7,7 @@ The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection r

## CRS Resources

Please see the [OWASP ModSecurity Core Rule Set page](https://modsecurity.org/crs/) to get introduced to the CRS and view resources on installation, configuration, and working with the CRS.
Please see the [OWASP ModSecurity Core Rule Set page](https://coreruleset.org/) to get introduced to the CRS and view resources on installation, configuration, and working with the CRS.

## Contributing to the CRS

Expand Down
14 changes: 12 additions & 2 deletions crs-setup.conf.example
View file
Open in desktop
@@ -1,5 +1,5 @@
# ------------------------------------------------------------------------
# OWASP ModSecurity Core Rule Set ver.3.0.2
# OWASP ModSecurity Core Rule Set ver.3.2.0
# Copyright (c) 2006-2017 Trustwave and contributors. All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under
Expand Down Expand Up @@ -425,6 +425,16 @@ SecDefaultAction "phase:2,log,auditlog,pass"
# t:none,\
# setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'"

# Locations that will be inspected to enforce only images and documents uploads.
# Default: /wp-admin/upload.php /wp-admin/media-new.php
# Uncomment this rule to change the default set in 901180
#SecAction \
# "id:900270,\
# phase:1,\
# nolog,\
# pass,\
# t:none,\
# setvar:'tx.protected_uploads=#/wp-admin/upload.php# #/wp-admin/media-new.php#'"

#
# -- [[ HTTP Argument/Upload Limits ]] -----------------------------------------
Expand Down Expand Up @@ -802,4 +812,4 @@ SecAction \
nolog,\
pass,\
t:none,\
setvar:tx.crs_setup_version=302"
setvar:tx.crs_setup_version=310"
4 changes: 3 additions & 1 deletion rules/REQUEST-901-INITIALIZATION.conf
View file
Open in desktop
Expand Up @@ -202,7 +202,9 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \
nolog,\
setvar:'tx.enforce_bodyproc_urlencoded=0'"

SecAction \
# If a default protected_uploads variable is not set in crs-setup rule 900270
# then a generic default will be set here.
SecRule &TX:protected_uploads "@eq 0" \
"id:901180,\
phase:1,\
pass,\
Expand Down