diff options
Diffstat (limited to '')
-rw-r--r-- | sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch b/sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch new file mode 100644 index 0000000000..2ff56de749 --- /dev/null +++ b/sca-cpp/trunk/patches/modsecurity-crs_2.2.2.patch @@ -0,0 +1,8 @@ +--- base_rules/modsecurity_crs_40_generic_attacks.conf ++++ base_rules/modsecurity_crs_40_generic_attacks.conf +164,165c164,165 +< SecRule ARGS "(?:ft|htt)ps?.*\?+$" \ +< "phase:2,rev:'2.2.2',t:none,t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,block,status:501,msg:'Remote File Inclusion Attack',id:'950119',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.rfi_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/RFI-%{matched_var_name}=%{tx.0}" +--- +> #SecRule ARGS "(?:ft|htt)ps?.*\?+$" \ +> # "phase:2,rev:'2.2.2',t:none,t:htmlEntityDecode,t:lowercase,capture,ctl:auditLogParts=+E,block,status:501,msg:'Remote File Inclusion Attack',id:'950119',severity:'2',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.rfi_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/RFI-%{matched_var_name}=%{tx.0}" |