SpiderLabs
diff --git a/‎rules/REQUEST-901-INITIALIZATION.conf‎
Lines changed: 12 additions & 12 deletions b/‎rules/REQUEST-901-INITIALIZATION.conf‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf‎
Lines changed: 25 additions & 25 deletions b/‎rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf‎
Lines changed: 25 additions & 25 deletions
@@ -53,10 +53,10 @@ SecComponentSignature "OWASP_CRS/3.0.2"
 SecRule &TX:crs_setup_version "@eq 0" \
     "id:901001,\
     phase:1,\
-    auditlog,\
-    log,\
     deny,\
     status:500,\
+    auditlog,\
+    log,\
     severity:CRITICAL,\
     msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions.'"
 
@@ -207,9 +207,9 @@ SecRule &TX:static_extensions "@eq 0" \
 SecAction \
     "id:901200,\
     phase:1,\
-    nolog,\
     pass,\
     t:none,\
+    nolog,\
     setvar:tx.anomaly_score=0,\
     setvar:tx.sql_injection_score=0,\
     setvar:tx.xss_score=0,\
@@ -235,20 +235,20 @@ SecAction \
 SecRule REQUEST_HEADERS:User-Agent "@rx ^.*$" \
     "id:901318, \
     phase:1, \
+    pass, \
     t:none,t:sha1,t:hexEncode, \
-    setvar:tx.ua_hash=%{matched_var}, \
     nolog, \
-    pass"
+    setvar:tx.ua_hash=%{matched_var}"
 
 SecAction \
     "id:901321, \
     phase:1, \
+    pass, \
     t:none, \
+    nolog, \
     initcol:global=global, \
     initcol:ip=%{remote_addr}_%{tx.ua_hash}, \
-    setvar:tx.real_ip=%{remote_addr}, \
-    nolog, \
-    pass"
+    setvar:tx.real_ip=%{remote_addr}"
 
 
 #
@@ -290,9 +290,9 @@ SecRule UNIQUE_ID "@rx ^." \
     "id:901410,\
     phase:1,\
     pass,\
-    nolog,\
     t:sha1,\
     t:hexEncode,\
+    nolog,\
     setvar:TX.sampling_rnd100=%{MATCHED_VAR}"
 
 SecRule DURATION "@rx (..)$" \
@@ -307,8 +307,8 @@ SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
     "id:901430,\
     phase:1,\
     pass,\
-    nolog,\
     capture,\
+    nolog,\
     setvar:TX.sampling_rnd100=%{TX.1}%{TX.2}"
 
 SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \
@@ -339,8 +339,8 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \
     pass,\
     log,\
     noauditlog,\
-    ctl:ruleEngine=off,\
     msg:'Sampling: Disable the rule engine based on sampling_percentage \
-%{TX.sampling_percentage} and random number %{TX.sampling_rnd100}.'"
+%{TX.sampling_percentage} and random number %{TX.sampling_rnd100}.', \
+    ctl:ruleEngine=off"
 
 SecMarker "END-SAMPLING"
@@ -65,9 +65,9 @@
 SecRule &TX:crs_exclusions_drupal|TX:crs_exclusions_drupal "@eq 0" \
     "id:9001000,\
     phase:2,\
+    pass,\
     t:none,\
     nolog,\
-    pass,\
     skipAfter:END-DRUPAL-RULE-EXCLUSIONS"
 
 
@@ -101,8 +101,8 @@ SecRule &TX:crs_exclusions_drupal|TX:crs_exclusions_drupal "@eq 0" \
 #
 SecAction "id:9001100,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES_NAMES,\
     ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES"
 
@@ -115,32 +115,32 @@ SecAction "id:9001100,\
 SecRule REQUEST_FILENAME "@endsWith /core/install.php" \
     "id:9001110,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:account[pass][pass1],\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:account[pass][pass2]"
 
 SecRule REQUEST_FILENAME "@endsWith /user/login" \
     "id:9001112,\
     phase:2,\
+    pass,\
     t:none,\
     nolog,\
-    pass,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:pass"
 
 SecRule REQUEST_FILENAME "@endsWith /admin/people/create" \
     "id:9001114,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:pass[pass1],\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:pass[pass2]"
 
 SecRule REQUEST_FILENAME "@rx /user/[0-9]+/edit$" \
     "id:9001116,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:current_pass,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:pass[pass1],\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:pass[pass2]"
@@ -160,15 +160,15 @@ SecRule REQUEST_FILENAME "@rx /user/[0-9]+/edit$" \
 SecRule REQUEST_FILENAME "@contains /admin/config/" \
     "id:9001122,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveById=942430"
 
 SecRule REQUEST_FILENAME "@endsWith /admin/config/people/accounts" \
     "id:9001124,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveById=920271,\
     ctl:ruleRemoveById=942440,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:user_mail_cancel_confirm_body,\
@@ -183,16 +183,16 @@ SecRule REQUEST_FILENAME "@endsWith /admin/config/people/accounts" \
 SecRule REQUEST_FILENAME "@endsWith /admin/config/development/configuration/single/import" \
     "id:9001126,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveById=920271,\
     ctl:ruleRemoveById=942440"
 
 SecRule REQUEST_FILENAME "@endsWith /admin/config/development/maintenance" \
     "id:9001128,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveById=942440"
 
 
@@ -207,8 +207,8 @@ SecRule REQUEST_FILENAME "@endsWith /admin/config/development/maintenance" \
 SecRule REQUEST_FILENAME "@endsWith /contextual/render" \
     "id:9001140,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetById=942130;ARGS:ids[]"
 
 
@@ -223,8 +223,8 @@ SecRule REQUEST_FILENAME "@endsWith /contextual/render" \
 #
 SecAction "id:9001160,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetById=942440;ARGS:form_build_id,\
     ctl:ruleRemoveTargetById=942450;ARGS:form_token,\
     ctl:ruleRemoveTargetById=942450;ARGS:form_build_id"
@@ -240,8 +240,8 @@ SecAction "id:9001160,\
 SecRule REQUEST_FILENAME "@endsWith /admin/config/content/formats/manage/full_html" \
     "id:9001170,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:editor[settings][toolbar][button_groups],\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:filters[filter_html][settings][allowed_html]"
 
@@ -257,8 +257,8 @@ SecRule REQUEST_FILENAME "@endsWith /admin/config/content/formats/manage/full_ht
 SecRule REQUEST_METHOD "@streq POST" \
     "id:'9001180',\
     phase:1,\
-    t:none,\
     pass,\
+    t:none,\
     nolog,\
     noauditlog,\
     chain"
@@ -270,8 +270,8 @@ SecRule REQUEST_METHOD "@streq POST" \
 SecRule REQUEST_METHOD "@streq POST" \
     "id:'9001182',\
     phase:1,\
-    t:none,\
     pass,\
+    t:none,\
     nolog,\
     noauditlog,\
     chain"
@@ -287,8 +287,8 @@ SecRule REQUEST_METHOD "@streq POST" \
 SecRule REQUEST_METHOD "@streq POST" \
     "id:'9001184',\
     phase:1,\
-    t:none,\
     pass,\
+    t:none,\
     nolog,\
     noauditlog,\
     chain"
@@ -315,68 +315,68 @@ SecRule REQUEST_METHOD "@streq POST" \
 SecRule REQUEST_FILENAME "@endsWith /node/add/article" \
     "id:9001200,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:body[0][value],\
     ctl:ruleRemoveTargetById=942410;ARGS:uid[0][target_id]"
 
 SecRule REQUEST_FILENAME "@endsWith /node/add/page" \
     "id:9001202,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:body[0][value],\
     ctl:ruleRemoveTargetById=942410;ARGS:uid[0][target_id]"
 
 SecRule REQUEST_FILENAME "@rx /node/[0-9]+/edit$" \
     "id:9001204,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:body[0][value],\
     ctl:ruleRemoveTargetById=942410;ARGS:uid[0][target_id],\
     ctl:ruleRemoveTargetById=932110;ARGS:destination"
 
 SecRule REQUEST_FILENAME "@endsWith /block/add" \
     "id:9001206,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:body[0][value]"
 
 SecRule REQUEST_FILENAME "@endsWith /admin/structure/block/block-content/manage/basic" \
     "id:9001208,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:description"
 
 SecRule REQUEST_FILENAME "@rx /editor/filter_xss/(?:full|basic)_html$" \
     "id:9001210,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:value"
 
 SecRule REQUEST_FILENAME "@rx /user/[0-9]+/contact$" \
     "id:9001212,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:message[0][value]"
 
 SecRule REQUEST_FILENAME "@endsWith /admin/config/development/maintenance" \
     "id:9001214,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:maintenance_mode_message"
 
 SecRule REQUEST_FILENAME "@endsWith /admin/config/services/rss-publishing" \
     "id:9001216,\
     phase:2,\
-    nolog,\
     pass,\
+    nolog,\
     ctl:ruleRemoveTargetByTag=CRS;ARGS:feed_description"