update version strings for 3.3.1

coreruleset · Dec 27, 2020 · f2d4136 · f2d4136
1 parent bbaf207
commit f2d4136
Show file tree

Hide file tree

Showing 34 changed files with 468 additions and 468 deletions.
diff --git a/crs-setup.conf.example b/crs-setup.conf.example
@@ -1,5 +1,5 @@
 # ------------------------------------------------------------------------
-# OWASP ModSecurity Core Rule Set ver.3.3.0
+# OWASP ModSecurity Core Rule Set ver.3.3.1
 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
@@ -333,10 +333,10 @@ SecDefaultAction "phase:2,log,auditlog,pass"
 # to enable early blocking. The variable tx.blocking_early is set to 0 by
 # default. Early blocking is thus disabled by default.
 #
-# Please note that blocking early will hide potential alerts from you. This 
+# Please note that blocking early will hide potential alerts from you. This
 # means that a payload that would appear in an alert in phase 2 (or phase 4)
-# does not get evaluated if the request is being blocked early. So when you 
-# disabled blocking early again at some point in the future, then new alerts 
+# does not get evaluated if the request is being blocked early. So when you
+# disabled blocking early again at some point in the future, then new alerts
 # from phase 2 might pop up.
 #SecAction \
 #  "id:900120,\
@@ -855,4 +855,4 @@ SecAction \
   nolog,\
   pass,\
   t:none,\
-  setvar:tx.crs_setup_version=330"
+  setvar:tx.crs_setup_version=331"
diff --git a/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example b/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example
@@ -1,5 +1,5 @@
 # ------------------------------------------------------------------------
-# OWASP ModSecurity Core Rule Set ver.3.3.0
+# OWASP ModSecurity Core Rule Set ver.3.3.1
 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under

diff --git a/rules/REQUEST-901-INITIALIZATION.conf b/rules/REQUEST-901-INITIALIZATION.conf
@@ -1,5 +1,5 @@
 # ------------------------------------------------------------------------
-# OWASP ModSecurity Core Rule Set ver.3.3.0
+# OWASP ModSecurity Core Rule Set ver.3.3.1
 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
@@ -25,7 +25,7 @@
 #
 # Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecComponentSignature
 #
-SecComponentSignature "OWASP_CRS/3.3.0"
+SecComponentSignature "OWASP_CRS/3.3.1"
 
 #
 # -=[ Default setup values ]=-
@@ -58,7 +58,7 @@ SecRule &TX:crs_setup_version "@eq 0" \
     log,\
     auditlog,\
     msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     severity:'CRITICAL'"
 
 
@@ -76,7 +76,7 @@ SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.inbound_anomaly_score_threshold=5'"
 
 # Default Outbound Anomaly Threshold Level (rule 900110 in setup.conf)
@@ -85,7 +85,7 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.outbound_anomaly_score_threshold=4'"
 
 # Default Paranoia Level (rule 900000 in setup.conf)
@@ -94,7 +94,7 @@ SecRule &TX:paranoia_level "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.paranoia_level=1'"
 
 # Default Executing Paranoia Level (rule 900000 in setup.conf)
@@ -103,7 +103,7 @@ SecRule &TX:executing_paranoia_level "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.executing_paranoia_level=%{TX.PARANOIA_LEVEL}'"
 
 # Default Sampling Percentage (rule 900400 in setup.conf)
@@ -112,7 +112,7 @@ SecRule &TX:sampling_percentage "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.sampling_percentage=100'"
 
 # Default Anomaly Scores (rule 900100 in setup.conf)
@@ -121,31 +121,31 @@ SecRule &TX:critical_anomaly_score "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.critical_anomaly_score=5'"
 
 SecRule &TX:error_anomaly_score "@eq 0" \
     "id:901141,\
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.error_anomaly_score=4'"
 
 SecRule &TX:warning_anomaly_score "@eq 0" \
     "id:901142,\
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.warning_anomaly_score=3'"
 
 SecRule &TX:notice_anomaly_score "@eq 0" \
     "id:901143,\
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.notice_anomaly_score=2'"
 
 # Default do_reput_block
@@ -154,7 +154,7 @@ SecRule &TX:do_reput_block "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.do_reput_block=0'"
 
 # Default block duration
@@ -163,7 +163,7 @@ SecRule &TX:reput_block_duration "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.reput_block_duration=300'"
 
 # Default HTTP policy: allowed_methods (rule 900200)
@@ -172,7 +172,7 @@ SecRule &TX:allowed_methods "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
 
 # Default HTTP policy: allowed_request_content_type (rule 900220)
@@ -181,7 +181,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain|'"
 
 # Default HTTP policy: allowed_request_content_type_charset (rule 900270)
@@ -190,7 +190,7 @@ SecRule &TX:allowed_request_content_type_charset "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.allowed_request_content_type_charset=utf-8|iso-8859-1|iso-8859-15|windows-1252'"
 
 # Default HTTP policy: allowed_http_versions (rule 900230)
@@ -199,7 +199,7 @@ SecRule &TX:allowed_http_versions "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'"
 
 # Default HTTP policy: restricted_extensions (rule 900240)
@@ -208,7 +208,7 @@ SecRule &TX:restricted_extensions "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'"
 
 # Default HTTP policy: restricted_headers (rule 900250)
@@ -217,7 +217,7 @@ SecRule &TX:restricted_headers "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /if/'"
 
 # Default HTTP policy: static_extensions (rule 900260)
@@ -226,7 +226,7 @@ SecRule &TX:static_extensions "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'"
 
 # Default enforcing of body processor URLENCODED
@@ -235,7 +235,7 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.enforce_bodyproc_urlencoded=0'"
 
 #
@@ -253,7 +253,7 @@ SecAction \
     pass,\
     t:none,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.anomaly_score=0',\
     setvar:'tx.anomaly_score_pl1=0',\
     setvar:'tx.anomaly_score_pl2=0',\
@@ -290,7 +290,7 @@ SecRule REQUEST_HEADERS:User-Agent "@rx ^.*$" \
     pass,\
     t:none,t:sha1,t:hexEncode,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'tx.ua_hash=%{MATCHED_VAR}'"
 
 SecAction \
@@ -299,7 +299,7 @@ SecAction \
     pass,\
     t:none,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     initcol:global=global,\
     initcol:ip=%{remote_addr}_%{tx.ua_hash},\
     setvar:'tx.real_ip=%{remote_addr}'"
@@ -320,7 +320,7 @@ SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \
     msg:'Enabling body inspection',\
     tag:'paranoia-level/1',\
     ctl:forceRequestBodyVariable=On,\
-    ver:'OWASP_CRS/3.3.0'"
+    ver:'OWASP_CRS/3.3.1'"
 
 # Force body processor URLENCODED
 SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \
@@ -331,7 +331,7 @@ SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \
     nolog,\
     noauditlog,\
     msg:'Enabling forced body inspection for ASCII content',\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     chain"
     SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \
         "ctl:requestBodyProcessor=URLENCODED"
@@ -370,7 +370,7 @@ SecRule TX:sampling_percentage "@eq 100" \
     phase:1,\
     pass,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     skipAfter:END-SAMPLING"
 
 SecRule UNIQUE_ID "@rx ^." \
@@ -379,7 +379,7 @@ SecRule UNIQUE_ID "@rx ^." \
     pass,\
     t:sha1,t:hexEncode,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'TX.sampling_rnd100=%{MATCHED_VAR}'"
 
 SecRule DURATION "@rx (..)$" \
@@ -388,7 +388,7 @@ SecRule DURATION "@rx (..)$" \
     pass,\
     capture,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'TX.sampling_rnd100=%{TX.sampling_rnd100}%{TX.1}'"
 
 SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
@@ -397,7 +397,7 @@ SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
     pass,\
     capture,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'"
 
 SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \
@@ -406,7 +406,7 @@ SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \
     pass,\
     capture,\
     nolog,\
-    ver:'OWASP_CRS/3.3.0',\
+    ver:'OWASP_CRS/3.3.1',\
     setvar:'TX.sampling_rnd100=%{TX.1}'"
 
 
@@ -431,7 +431,7 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \
     noauditlog,\
     msg:'Sampling: Disable the rule engine based on sampling_percentage %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\
     ctl:ruleEngine=Off,\
-    ver:'OWASP_CRS/3.3.0'"
+    ver:'OWASP_CRS/3.3.1'"
 
 SecMarker "END-SAMPLING"
 
@@ -449,4 +449,4 @@ SecRule TX:executing_paranoia_level "@lt %{tx.paranoia_level}" \
     t:none,\
     log,\
     msg:'Executing paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\
-    ver:'OWASP_CRS/3.3.0'"
+    ver:'OWASP_CRS/3.3.1'"