2222#
2323
2424
25- SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:1, id:920011,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
26- SecRule TX:PARANOIA_LEVEL "@lt 1" "phase:2, id:920012,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
25+ SecRule TX:PARANOIA_LEVEL "@lt 1" "id:920011,phase:1 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
26+ SecRule TX:PARANOIA_LEVEL "@lt 1" "id:920012,phase:2 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
2727#
2828# -= Paranoia Level 1 (default) =- (apply only when tx.paranoia_level is sufficiently high: 1 or higher)
2929#
@@ -57,8 +57,8 @@ SecRule REQUEST_LINE "!@rx ^(?i:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+
5757 tag:'attack-protocol',\
5858 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ',\
5959 tag:'CAPEC-272',\
60- ver:'OWASP_CRS/3.0.0',\
6160 rev:2,\
61+ ver:'OWASP_CRS/3.0.0',\
6262 severity:'WARNING',\
6363 setvar:'tx.msg=%{rule.msg}',\
6464 setvar:'tx.anomaly_score=+%{tx.notice_anomaly_score}',\
@@ -108,8 +108,8 @@ SecRule FILES_NAMES|FILES "@rx (?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:
108108 tag:'attack-protocol',\
109109 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ',\
110110 tag:'CAPEC-272',\
111- ver:'OWASP_CRS/3.0.0',\
112111 rev:1,\
112+ ver:'OWASP_CRS/3.0.0',\
113113 severity:'CRITICAL',\
114114 setvar:'tx.msg=%{rule.msg}',\
115115 setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
@@ -143,8 +143,8 @@ SecRule REQBODY_ERROR "!@eq 0" \
143143 tag:'attack-protocol',\
144144 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ',\
145145 tag:'CAPEC-272',\
146- ver:'OWASP_CRS/3.0.0',\
147146 rev:1,\
147+ ver:'OWASP_CRS/3.0.0',\
148148 severity:'CRITICAL',\
149149 setvar:'tx.msg=%{rule.msg}',\
150150 setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
@@ -186,8 +186,8 @@ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
186186 tag:'attack-protocol',\
187187 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ',\
188188 tag:'CAPEC-272',\
189- ver:'OWASP_CRS/3.0.0',\
190189 rev:1,\
190+ ver:'OWASP_CRS/3.0.0',\
191191 severity:'CRITICAL',\
192192 setvar:'tx.msg=%{rule.msg}',\
193193 setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
@@ -253,8 +253,8 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \
253253 tag:'attack-protocol',\
254254 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ',\
255255 tag:'CAPEC-272',\
256- ver:'OWASP_CRS/3.0.0',\
257256 rev:1,\
257+ ver:'OWASP_CRS/3.0.0',\
258258 severity:'CRITICAL',\
259259 chain"
260260 SecRule REQUEST_HEADERS:Content-Length "!@rx ^0?$" \
@@ -280,8 +280,8 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \
280280 tag:'attack-protocol',\
281281 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ',\
282282 tag:'CAPEC-272',\
283- ver:'OWASP_CRS/3.1.0',\
284283 rev:1,\
284+ ver:'OWASP_CRS/3.1.0',\
285285 severity:'CRITICAL',\
286286 chain"
287287 SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \
@@ -314,8 +314,8 @@ SecRule REQUEST_METHOD "@rx ^POST$" \
314314 tag:'attack-protocol',\
315315 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ',\
316316 tag:'CAPEC-272',\
317- ver:'OWASP_CRS/3.0.0',\
318317 rev:1,\
318+ ver:'OWASP_CRS/3.0.0',\
319319 severity:'WARNING',\
320320 chain"
321321 SecRule &REQUEST_HEADERS:Content-Length "@eq 0" \
@@ -1106,8 +1106,8 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \
11061106 setvar:'tx.%{rule.id}-OWASP_CRS/POLICY/HEADERS_RESTRICTED-%{matched_var_name}=%{matched_var}'"
11071107
11081108
1109- SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:1, id:920013,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1110- SecRule TX:PARANOIA_LEVEL "@lt 2" "phase:2, id:920014,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1109+ SecRule TX:PARANOIA_LEVEL "@lt 2" "id:920013,phase:1 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1110+ SecRule TX:PARANOIA_LEVEL "@lt 2" "id:920014,phase:2 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
11111111#
11121112# -= Paranoia Level 2 =- (apply only when tx.paranoia_level is sufficiently high: 2 or higher)
11131113#
@@ -1307,16 +1307,16 @@ SecRule FILES_NAMES|FILES "@rx ['\";=]" \
13071307 tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ',\
13081308 tag:'CAPEC-272',\
13091309 tag:'paranoia-level/2',\
1310- ver:'OWASP_CRS/3.0.0',\
13111310 rev:1,\
1311+ ver:'OWASP_CRS/3.0.0',\
13121312 severity:'CRITICAL',\
13131313 setvar:'tx.msg=%{rule.msg}',\
13141314 setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
13151315 setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ-%{matched_var_name}=%{matched_var}'"
13161316
13171317
1318- SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:1, id:920015,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1319- SecRule TX:PARANOIA_LEVEL "@lt 3" "phase:2, id:920016,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1318+ SecRule TX:PARANOIA_LEVEL "@lt 3" "id:920015,phase:1 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1319+ SecRule TX:PARANOIA_LEVEL "@lt 3" "id:920016,phase:2 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
13201320#
13211321# -= Paranoia Level 3 =- (apply only when tx.paranoia_level is sufficiently high: 3 or higher)
13221322#
@@ -1344,8 +1344,8 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteR
13441344 setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}'"
13451345
13461346
1347- SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:1, id:920017,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1348- SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:2, id:920018,nolog ,pass,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1347+ SecRule TX:PARANOIA_LEVEL "@lt 4" "id:920017,phase:1 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
1348+ SecRule TX:PARANOIA_LEVEL "@lt 4" "id:920018,phase:2 ,pass,nolog ,skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT"
13491349#
13501350# -= Paranoia Level 4 =- (apply only when tx.paranoia_level is sufficiently high: 4 or higher)
13511351#
0 commit comments