@@ -74,25 +74,25 @@ DRS 2.1 includes 17 rule groups, as shown in the following table. Each group con
7474> [ !NOTE]
7575> DRS 2.1 is only available on Azure Front Door Premium.
7676
77- | Rule group| Description|
78- | ---| ---|
79- | [ General] ( #general-21 ) | General group|
80- | [ METHOD-ENFORCEMENT] ( #drs911-21 ) | Lock-down methods (PUT, PATCH)|
81- | [ PROTOCOL-ENFORCEMENT] ( #drs920-21 ) | Protect against protocol and encoding issues|
82- | [ PROTOCOL-ATTACK] ( #drs921-21 ) | Protect against header injection, request smuggling, and response splitting|
83- | [ APPLICATION-ATTACK-LFI] ( #drs930-21 ) | Protect against file and path attacks|
84- | [ APPLICATION-ATTACK-RFI] ( #drs931-21 ) | Protect against remote file inclusion (RFI) attacks|
85- | [ APPLICATION-ATTACK-RCE] ( #drs932-21 ) | Protect again remote code execution attacks|
86- | [ APPLICATION-ATTACK-PHP] ( #drs933-21 ) | Protect against PHP-injection attacks|
87- | [ APPLICATION-ATTACK-NodeJS] ( #drs934-21 ) | Protect against Node JS attacks|
88- | [ APPLICATION-ATTACK-XSS] ( #drs941-21 ) | Protect against cross-site scripting attacks|
89- | [ APPLICATION-ATTACK-SQLI] ( #drs942-21 ) | Protect against SQL-injection attacks|
90- | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-21 ) | Protect against session-fixation attacks|
91- | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-21 ) | Protect against JAVA attacks|
92- | [ MS-ThreatIntel-WebShells] ( #drs9905-21 ) | Protect against Web shell attacks|
93- | [ MS-ThreatIntel-AppSec] ( #drs9903-21 ) | Protect against AppSec attacks|
94- | [ MS-ThreatIntel-SQLI] ( #drs99031-21 ) | Protect against SQLI attacks|
95- | [ MS-ThreatIntel-CVEs] ( #drs99001-21 ) | Protect against CVE attacks|
77+ | Rule group| Managed rule group ID | Description|
78+ | ---| ---| --- |
79+ | [ General] ( #general-21 ) | General| General group|
80+ | [ METHOD-ENFORCEMENT] ( #drs911-21 ) | METHOD-ENFORCEMENT | Lock-down methods (PUT, PATCH)|
81+ | [ PROTOCOL-ENFORCEMENT] ( #drs920-21 ) | PROTOCOL-ENFORCEMENT | Protect against protocol and encoding issues|
82+ | [ PROTOCOL-ATTACK] ( #drs921-21 ) | PROTOCOL-ATTACK | Protect against header injection, request smuggling, and response splitting|
83+ | [ APPLICATION-ATTACK-LFI] ( #drs930-21 ) | LFI | Protect against file and path attacks|
84+ | [ APPLICATION-ATTACK-RFI] ( #drs931-21 ) | RFI | Protect against remote file inclusion (RFI) attacks|
85+ | [ APPLICATION-ATTACK-RCE] ( #drs932-21 ) | RCE | Protect again remote code execution attacks|
86+ | [ APPLICATION-ATTACK-PHP] ( #drs933-21 ) | PHP | Protect against PHP-injection attacks|
87+ | [ APPLICATION-ATTACK-NodeJS] ( #drs934-21 ) | NODEJS | Protect against Node JS attacks|
88+ | [ APPLICATION-ATTACK-XSS] ( #drs941-21 ) | XSS | Protect against cross-site scripting attacks|
89+ | [ APPLICATION-ATTACK-SQLI] ( #drs942-21 ) | SQLI | Protect against SQL-injection attacks|
90+ | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-21 ) | FIX | Protect against session-fixation attacks|
91+ | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-21 ) | JAVA | Protect against JAVA attacks|
92+ | [ MS-ThreatIntel-WebShells] ( #drs9905-21 ) | MS-ThreatIntel-WebShells | Protect against Web shell attacks|
93+ | [ MS-ThreatIntel-AppSec] ( #drs9903-21 ) | MS-ThreatIntel-AppSec | Protect against AppSec attacks|
94+ | [ MS-ThreatIntel-SQLI] ( #drs99031-21 ) | MS-ThreatIntel-SQLI | Protect against SQLI attacks|
95+ | [ MS-ThreatIntel-CVEs] ( #drs99001-21 ) | MS-ThreatIntel-CVEs | Protect against CVE attacks|
9696
9797#### Disabled rules
9898
@@ -120,58 +120,58 @@ DRS 2.0 includes 17 rule groups, as shown in the following table. Each group con
120120> [ !NOTE]
121121> DRS 2.0 is only available on Azure Front Door Premium.
122122
123- | Rule group| Description|
124- | ---| ---|
125- | [ General] ( #general-20 ) | General group|
126- | [ METHOD-ENFORCEMENT] ( #drs911-20 ) | Lock-down methods (PUT, PATCH)|
127- | [ PROTOCOL-ENFORCEMENT] ( #drs920-20 ) | Protect against protocol and encoding issues|
128- | [ PROTOCOL-ATTACK] ( #drs921-20 ) | Protect against header injection, request smuggling, and response splitting|
129- | [ APPLICATION-ATTACK-LFI] ( #drs930-20 ) | Protect against file and path attacks|
130- | [ APPLICATION-ATTACK-RFI] ( #drs931-20 ) | Protect against remote file inclusion (RFI) attacks|
131- | [ APPLICATION-ATTACK-RCE] ( #drs932-20 ) | Protect again remote code execution attacks|
132- | [ APPLICATION-ATTACK-PHP] ( #drs933-20 ) | Protect against PHP-injection attacks|
133- | [ APPLICATION-ATTACK-NodeJS] ( #drs934-20 ) | Protect against Node JS attacks|
134- | [ APPLICATION-ATTACK-XSS] ( #drs941-20 ) | Protect against cross-site scripting attacks|
135- | [ APPLICATION-ATTACK-SQLI] ( #drs942-20 ) | Protect against SQL-injection attacks|
136- | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-20 ) | Protect against session-fixation attacks|
137- | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-20 ) | Protect against JAVA attacks|
138- | [ MS-ThreatIntel-WebShells] ( #drs9905-20 ) | Protect against Web shell attacks|
139- | [ MS-ThreatIntel-AppSec] ( #drs9903-20 ) | Protect against AppSec attacks|
140- | [ MS-ThreatIntel-SQLI] ( #drs99031-20 ) | Protect against SQLI attacks|
141- | [ MS-ThreatIntel-CVEs] ( #drs99001-20 ) | Protect against CVE attacks|
123+ | Rule group| Managed rule group ID | Description|
124+ | ---| ---| --- |
125+ | [ General] ( #general-20 ) | General| General group|
126+ | [ METHOD-ENFORCEMENT] ( #drs911-20 ) | METHOD-ENFORCEMENT | Lock-down methods (PUT, PATCH)|
127+ | [ PROTOCOL-ENFORCEMENT] ( #drs920-20 ) | PROTOCOL-ENFORCEMENT | Protect against protocol and encoding issues|
128+ | [ PROTOCOL-ATTACK] ( #drs921-20 ) | PROTOCOL-ATTACK | Protect against header injection, request smuggling, and response splitting|
129+ | [ APPLICATION-ATTACK-LFI] ( #drs930-20 ) | LFI | Protect against file and path attacks|
130+ | [ APPLICATION-ATTACK-RFI] ( #drs931-20 ) | RFI | Protect against remote file inclusion (RFI) attacks|
131+ | [ APPLICATION-ATTACK-RCE] ( #drs932-20 ) | RCE | Protect again remote code execution attacks|
132+ | [ APPLICATION-ATTACK-PHP] ( #drs933-20 ) | PHP | Protect against PHP-injection attacks|
133+ | [ APPLICATION-ATTACK-NodeJS] ( #drs934-20 ) | NODEJS | Protect against Node JS attacks|
134+ | [ APPLICATION-ATTACK-XSS] ( #drs941-20 ) | XSS | Protect against cross-site scripting attacks|
135+ | [ APPLICATION-ATTACK-SQLI] ( #drs942-20 ) | SQLI | Protect against SQL-injection attacks|
136+ | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-20 ) | FIX | Protect against session-fixation attacks|
137+ | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-20 ) | JAVA | Protect against JAVA attacks|
138+ | [ MS-ThreatIntel-WebShells] ( #drs9905-20 ) | MS-ThreatIntel-WebShells | Protect against Web shell attacks|
139+ | [ MS-ThreatIntel-AppSec] ( #drs9903-20 ) | MS-ThreatIntel-AppSec | Protect against AppSec attacks|
140+ | [ MS-ThreatIntel-SQLI] ( #drs99031-20 ) | MS-ThreatIntel-SQLI | Protect against SQLI attacks|
141+ | [ MS-ThreatIntel-CVEs] ( #drs99001-20 ) | MS-ThreatIntel-CVEs | Protect against CVE attacks|
142142
143143### DRS 1.1
144- | Rule group| Description|
145- | ---| ---|
146- | [ PROTOCOL-ATTACK] ( #drs921-11 ) | Protect against header injection, request smuggling, and response splitting|
147- | [ APPLICATION-ATTACK-LFI] ( #drs930-11 ) | Protect against file and path attacks|
148- | [ APPLICATION-ATTACK-RFI] ( #drs931-11 ) | Protection against remote file inclusion attacks|
149- | [ APPLICATION-ATTACK-RCE] ( #drs932-11 ) | Protection against remote command execution|
150- | [ APPLICATION-ATTACK-PHP] ( #drs933-11 ) | Protect against PHP-injection attacks|
151- | [ APPLICATION-ATTACK-XSS] ( #drs941-11 ) | Protect against cross-site scripting attacks|
152- | [ APPLICATION-ATTACK-SQLI] ( #drs942-11 ) | Protect against SQL-injection attacks|
153- | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-11 ) | Protect against session-fixation attacks|
154- | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-11 ) | Protect against JAVA attacks|
155- | [ MS-ThreatIntel-WebShells] ( #drs9905-11 ) | Protect against Web shell attacks|
156- | [ MS-ThreatIntel-AppSec] ( #drs9903-11 ) | Protect against AppSec attacks|
157- | [ MS-ThreatIntel-SQLI] ( #drs99031-11 ) | Protect against SQLI attacks|
158- | [ MS-ThreatIntel-CVEs] ( #drs99001-11 ) | Protect against CVE attacks|
144+ | Rule group| Managed rule group ID | Description|
145+ | ---| ---| --- |
146+ | [ PROTOCOL-ATTACK] ( #drs921-11 ) | PROTOCOL-ATTACK | Protect against header injection, request smuggling, and response splitting|
147+ | [ APPLICATION-ATTACK-LFI] ( #drs930-11 ) | LFI | Protect against file and path attacks|
148+ | [ APPLICATION-ATTACK-RFI] ( #drs931-11 ) | RFI | Protection against remote file inclusion attacks|
149+ | [ APPLICATION-ATTACK-RCE] ( #drs932-11 ) | RCE | Protection against remote command execution|
150+ | [ APPLICATION-ATTACK-PHP] ( #drs933-11 ) | PHP | Protect against PHP-injection attacks|
151+ | [ APPLICATION-ATTACK-XSS] ( #drs941-11 ) | XSS | Protect against cross-site scripting attacks|
152+ | [ APPLICATION-ATTACK-SQLI] ( #drs942-11 ) | SQLI | Protect against SQL-injection attacks|
153+ | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-11 ) | FIX | Protect against session-fixation attacks|
154+ | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-11 ) | JAVA | Protect against JAVA attacks|
155+ | [ MS-ThreatIntel-WebShells] ( #drs9905-11 ) | MS-ThreatIntel-WebShells | Protect against Web shell attacks|
156+ | [ MS-ThreatIntel-AppSec] ( #drs9903-11 ) | MS-ThreatIntel-AppSec | Protect against AppSec attacks|
157+ | [ MS-ThreatIntel-SQLI] ( #drs99031-11 ) | MS-ThreatIntel-SQLI | Protect against SQLI attacks|
158+ | [ MS-ThreatIntel-CVEs] ( #drs99001-11 ) | MS-ThreatIntel-CVEs | Protect against CVE attacks|
159159
160160### DRS 1.0
161161
162- | Rule group| Description|
163- | ---| ---|
164- | [ PROTOCOL-ATTACK] ( #drs921-10 ) | Protect against header injection, request smuggling, and response splitting|
165- | [ APPLICATION-ATTACK-LFI] ( #drs930-10 ) | Protect against file and path attacks|
166- | [ APPLICATION-ATTACK-RFI] ( #drs931-10 ) | Protection against remote file inclusion attacks|
167- | [ APPLICATION-ATTACK-RCE] ( #drs932-10 ) | Protection against remote command execution|
168- | [ APPLICATION-ATTACK-PHP] ( #drs933-10 ) | Protect against PHP-injection attacks|
169- | [ APPLICATION-ATTACK-XSS] ( #drs941-10 ) | Protect against cross-site scripting attacks|
170- | [ APPLICATION-ATTACK-SQLI] ( #drs942-10 ) | Protect against SQL-injection attacks|
171- | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-10 ) | Protect against session-fixation attacks|
172- | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-10 ) | Protect against JAVA attacks|
173- | [ MS-ThreatIntel-WebShells] ( #drs9905-10 ) | Protect against Web shell attacks|
174- | [ MS-ThreatIntel-CVEs] ( #drs99001-10 ) | Protect against CVE attacks|
162+ | Rule group| Managed rule group ID | Description|
163+ | ---| ---| --- |
164+ | [ PROTOCOL-ATTACK] ( #drs921-10 ) | PROTOCOL-ATTACK | Protect against header injection, request smuggling, and response splitting|
165+ | [ APPLICATION-ATTACK-LFI] ( #drs930-10 ) | LFI | Protect against file and path attacks|
166+ | [ APPLICATION-ATTACK-RFI] ( #drs931-10 ) | RFI | Protection against remote file inclusion attacks|
167+ | [ APPLICATION-ATTACK-RCE] ( #drs932-10 ) | RCE | Protection against remote command execution|
168+ | [ APPLICATION-ATTACK-PHP] ( #drs933-10 ) | PHP | Protect against PHP-injection attacks|
169+ | [ APPLICATION-ATTACK-XSS] ( #drs941-10 ) | XSS | Protect against cross-site scripting attacks|
170+ | [ APPLICATION-ATTACK-SQLI] ( #drs942-10 ) | SQLI | Protect against SQL-injection attacks|
171+ | [ APPLICATION-ATTACK-SESSION-FIXATION] ( #drs943-10 ) | FIX | Protect against session-fixation attacks|
172+ | [ APPLICATION-ATTACK-SESSION-JAVA] ( #drs944-10 ) | JAVA | Protect against JAVA attacks|
173+ | [ MS-ThreatIntel-WebShells] ( #drs9905-10 ) | MS-ThreatIntel-WebShells | Protect against Web shell attacks|
174+ | [ MS-ThreatIntel-CVEs] ( #drs99001-10 ) | MS-ThreatIntel-CVEs | Protect against CVE attacks|
175175
176176### Bot rules
177177
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments