Rollback quoting skipAfter

Author: fzipi

rules/REQUEST-901-INITIALIZATION.conf

@@ -284,7 +284,7 @@ SecRule TX:sampling_percentage "@eq 100" \
     phase:1,\
     pass,\
     nolog,\
-    skipAfter:'END-SAMPLING'"
+    skipAfter:END-SAMPLING"
 
 SecRule UNIQUE_ID "@rx ^." \
     "id:901410,\

rules/REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf

@@ -68,7 +68,7 @@ SecRule &TX:crs_exclusions_drupal|TX:crs_exclusions_drupal "@eq 0" \
     pass,\
     t:none,\
     nolog,\
-    skipAfter:'END-DRUPAL-RULE-EXCLUSIONS'"
+    skipAfter:END-DRUPAL-RULE-EXCLUSIONS"
 
 
 # [ Table of Contents ]

rules/REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf

@@ -22,15 +22,15 @@ SecRule &TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress "@eq 0" \
     pass,\
     t:none,\
     nolog,\
-    skipAfter:'END-WORDPRESS'"
+    skipAfter:END-WORDPRESS"
 
 SecRule &TX:crs_exclusions_wordpress|TX:crs_exclusions_wordpress "@eq 0" \
     "id:9002001,\
     phase:2,\
     pass,\
     t:none,\
     nolog,\
-    skipAfter:'END-WORDPRESS'"
+    skipAfter:END-WORDPRESS"
 
 
 #
@@ -193,15 +193,15 @@ SecRule REQUEST_FILENAME "!@contains /wp-admin/" \
     pass,\
     t:none,\
     nolog,\
-    skipAfter:'END-WORDPRESS-ADMIN'"
+    skipAfter:END-WORDPRESS-ADMIN"
 
 SecRule REQUEST_FILENAME "!@contains /wp-admin/" \
     "id:9002401,\
     phase:2,\
     pass,\
     t:none,\
     nolog,\
-    skipAfter:'END-WORDPRESS-ADMIN'"
+    skipAfter:END-WORDPRESS-ADMIN"
 
 
 #

rules/REQUEST-910-IP-REPUTATION.conf

@@ -42,7 +42,7 @@ SecRule TX:DO_REPUT_BLOCK "@eq 1" \
     setvar:'tx.msg=%{rule.msg}',\
     severity:'CRITICAL',\
     chain,\
-    skipAfter:'BEGIN-REQUEST-BLOCKING-EVAL'"
+    skipAfter:BEGIN-REQUEST-BLOCKING-EVAL"
     SecRule IP:REPUT_BLOCK_FLAG "@eq 1" \
         "setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
         setvar:'tx.%{rule.id}-AUTOMATION/MALICIOUS-%{matched_var_name}=%{matched_var}'"
@@ -122,7 +122,7 @@ SecRule IP:PREVIOUS_RBL_CHECK "@eq 1" \
     tag:'language-multi',\
     tag:'platform-multi',\
     tag:'attack-reputation-ip',\
-    skipAfter:'END-RBL-LOOKUP'"
+    skipAfter:END-RBL-LOOKUP"
 
 #
 # Check Client IP against ProjectHoneypot's HTTP Blacklist
@@ -144,7 +144,7 @@ SecRule &TX:block_suspicious_ip "@eq 0" \
     t:none,\
     nolog,\
     chain,\
-    skipAfter:'END-RBL-CHECK'"
+    skipAfter:END-RBL-CHECK"
     SecRule &TX:block_harvester_ip "@eq 0" \
         "chain"
         SecRule &TX:block_spammer_ip "@eq 0" \
@@ -182,7 +182,7 @@ SecRule TX:block_search_ip "@eq 1" \
     tag:'attack-reputation-ip',\
     severity:'CRITICAL',\
     chain,\
-    skipAfter:'END-RBL-CHECK'"
+    skipAfter:END-RBL-CHECK"
     SecRule TX:httpbl_msg "@rx Search Engine" \
         "setvar:'tx.msg=%{rule.msg}',\
         setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
@@ -205,7 +205,7 @@ SecRule TX:block_spammer_ip "@eq 1" \
     tag:'attack-reputation-ip',\
     severity:'CRITICAL',\
     chain,\
-    skipAfter:'END-RBL-CHECK'"
+    skipAfter:END-RBL-CHECK"
     SecRule TX:httpbl_msg "@rx (?i)^.*? spammer .*?$" \
         "setvar:'tx.msg=%{rule.msg}',\
         setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
@@ -228,7 +228,7 @@ SecRule TX:block_suspicious_ip "@eq 1" \
     tag:'attack-reputation-ip',\
     severity:'CRITICAL',\
     chain,\
-    skipAfter:'END-RBL-CHECK'"
+    skipAfter:END-RBL-CHECK"
     SecRule TX:httpbl_msg "@rx (?i)^.*? suspicious .*?$" \
         "setvar:'tx.msg=%{rule.msg}',\
         setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\
@@ -251,7 +251,7 @@ SecRule TX:block_harvester_ip "@eq 1" \
     tag:'attack-reputation-ip',\
     severity:'CRITICAL',\
     chain,\
-    skipAfter:'END-RBL-CHECK'"
+    skipAfter:END-RBL-CHECK"
     SecRule TX:httpbl_msg "@rx (?i)^.*? harvester .*?$" \
         "setvar:'tx.msg=%{rule.msg}',\
         setvar:'tx.anomaly_score=+%{tx.critical_anomaly_score}',\

rules/REQUEST-912-DOS-PROTECTION.conf

@@ -70,7 +70,7 @@ SecRule &TX:dos_burst_time_slice "@eq 0" \
     t:none,\
     nolog,\
     chain,\
-    skipAfter:'END-DOS-PROTECTION-CHECKS'"
+    skipAfter:END-DOS-PROTECTION-CHECKS"
     SecRule &TX:dos_counter_threshold "@eq 0" \
         "chain"
         SecRule &TX:dos_block_timeout "@eq 0"
@@ -82,7 +82,7 @@ SecRule &TX:dos_burst_time_slice "@eq 0" \
     t:none,\
     nolog,\
     chain,\
-    skipAfter:'END-DOS-PROTECTION-CHECKS'"
+    skipAfter:END-DOS-PROTECTION-CHECKS"
     SecRule &TX:dos_counter_threshold "@eq 0" \
         "chain"
         SecRule &TX:dos_block_timeout "@eq 0"
@@ -152,7 +152,7 @@ SecRule IP:DOS_BLOCK "@eq 1" \
     tag:'language-multi',\
     tag:'platform-multi',\
     tag:'attack-dos',\
-    skipAfter:'END-DOS-PROTECTION-CHECKS'"
+    skipAfter:END-DOS-PROTECTION-CHECKS"
 
 
 #

rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf

@@ -613,7 +613,7 @@ SecRule &REQUEST_HEADERS:Host "@eq 0" \
     setvar:'tx.msg=%{rule.msg}',\
     setvar:'tx.anomaly_score=+%{tx.warning_anomaly_score}',\
     setvar:'tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}',\
-    skipAfter:'END-HOST-CHECK'"
+    skipAfter:END-HOST-CHECK"
 
 
 SecRule REQUEST_HEADERS:Host "@rx ^$" \

rules/RESPONSE-980-CORRELATION.conf

@@ -31,7 +31,7 @@ SecRule &TX:'/LEAKAGE\\\/ERRORS/' "@ge 1" \
     tag:'event-correlation',\
     severity:'EMERGENCY',\
     chain,\
-    skipAfter:'END-CORRELATION'"
+    skipAfter:END-CORRELATION"
     SecRule &TX:'/WEB_ATTACK/' "@ge 1" "t:none"
 
 #
@@ -47,7 +47,7 @@ SecRule &TX:'/AVAILABILITY\\\/APP_NOT_AVAIL/' "@ge 1" \
     severity:'ALERT',\
     tag:'event-correlation',\
     chain,\
-    skipAfter:'END-CORRELATION'"
+    skipAfter:END-CORRELATION"
     SecRule &TX:'/WEB_ATTACK/' "@ge 1" "t:none"
 
 SecRule TX:INBOUND_ANOMALY_SCORE "@gt 0" \
@@ -60,7 +60,7 @@ SecRule TX:INBOUND_ANOMALY_SCORE "@gt 0" \
     msg:'Inbound Anomaly Score (Total Inbound Score: %{TX.INBOUND_ANOMALY_SCORE}): %{tx.inbound_tx_msg}',\
     tag:'event-correlation',\
     chain,\
-    skipAfter:'END-CORRELATION'"
+    skipAfter:END-CORRELATION"
     SecRule TX:INBOUND_ANOMALY_SCORE "@lt %{tx.inbound_anomaly_score_threshold}"
 
 SecRule TX:INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \