/
00_Init_Initialization.conf
59 lines (44 loc) · 2.81 KB
/
00_Init_Initialization.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# ---------------------------------------------------------------
# Sliqua WAF based on Comodo ModSecurity Rules
# Copyright (C) 2016 Sliqua Enterprise Hosting, Inc.
# Copyright (C) 2015 Comodo Security solutions All rights reserved.
# Please see the enclosed LICENSE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# Comodo Web Application Firewall
# ----------------------------------------------------------------
SecComponentSignature "CWAF_Apache"
SecResponseBodyAccess Off
SecDefaultAction \
"phase:1,deny,log"
SecDefaultAction \
"phase:2,deny,log"
SecAction \
"id:210000,phase:1,pass,setvar:'tx.max_num_args=100000',nolog,t:'none'"
SecRule &TX:domain "@eq 0" \
"id:210002,phase:1,pass,setvar:'tx.domain=%{REQUEST_HEADERS.Host}',nolog,t:'none',rev:7,severity:2"
SecRule TX:domain "@pmf cwatch_managed_domains" \
"id:210005,phase:1,pass,setvar:'tx.mode=M',nolog,t:'none',t:'lowercase',skip:2,rev:7,severity:2"
SecRule TX:domain "@pmf cwatch_protected_domains" \
"id:210006,phase:1,pass,setvar:'tx.mode=P',nolog,t:'none',t:'lowercase',skip:1,rev:7,severity:2"
SecAction \
"id:210003,phase:1,pass,setvar:'tx.mode=F',nolog"
SecAction \
"id:210010,phase:1,pass,setvar:'tx.points_limit4=5',setvar:'tx.points_limit3=4',setvar:'tx.points_limit2=3',setvar:'tx.points_limit1=2',setvar:'tx.points=0',setvar:'tx.sqli_points=0',setvar:'tx.xss_points=0',setvar:'tx.incoming_points=0',setvar:'tx.outgoing_points=0',nolog,t:'none'"
SecAction \
"id:210020,phase:1,pass,setvar:'tx.incoming_points_limit=5',setvar:'tx.outgoing_points_limit=4',setvar:'tx.points_blocking=off',setvar:'tx.process_response=off',nolog,t:'none'"
SecAction \
"id:210030,phase:1,pass,setvar:'tx.brute_force_burst_time_slice=60',setvar:'tx.brute_force_counter_threshold=10',setvar:'tx.brute_force_block_timeout=300',nolog,t:'none'"
SecRule REQUEST_HEADERS:Content-Type "text/xml" \
"id:210050,chain,phase:1,pass,nolog,t:'none',t:'lowercase',rev:1,severity:2"
SecRule REQBODY_PROCESSOR "!@streq XML" \
"ctl:'requestBodyProcessor=XML'"
SecRule REQUEST_HEADERS:User-Agent "^(.{0,})$" \
"id:210060,phase:1,pass,setvar:'tx.ua_hash=%{matched_var}',nolog,t:'none',t:'sha1',t:'hexEncode',rev:1,severity:2"
SecRule REQUEST_HEADERS:x-forwarded-for "^\b([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\b" \
"id:210070,phase:1,capture,pass,setvar:'tx.real_ip=%{tx.1}',nolog,t:'none',rev:1,severity:2"
SecRule &TX:REAL_IP "!@eq 0" \
"id:210080,phase:1,pass,initcol:'global=global',initcol:'ip=%{tx.real_ip}_%{tx.ua_hash}',nolog,t:'none',rev:1,severity:2"
SecRule &TX:REAL_IP "@eq 0" \
"id:210090,phase:1,pass,initcol:'global=global',initcol:'ip=%{remote_addr}_%{tx.ua_hash}',setvar:'tx.real_ip=%{remote_addr}',nolog,t:'none',rev:1,severity:2"