1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.0.5
# Copyright (C) 2006-2010 Breach Security Inc. All rights reserved.
#
# The ModSecurity Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# Uncomment the anomaly sections you wish to use.
# These rules use the anomaly score settings specified in the 10 config file.
# You should also set the desired disruptive action (deny, redirect, etc...).
#
# Alert and Block based on Anomaly Scores
#
SecRule TX:ANOMALY_SCORE "@gt 0" \
"chain,phase:2,t:none,nolog,auditlog,block,msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE}, SQLi=%{TX.SQLI_SCORE}, XSS=%{TX.XSS_SCORE}): %{tx.msg}',setvar:tx.inbound_tx_msg=%{tx.msg},setvar:tx.inbound_anomaly_score=%{tx.anomaly_score}"
SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_level}"
# Alert and Block on a specific attack category such as SQL Injection
#
#SecRule TX:SQLI_SCORE "@gt 0" \
# "phase:2,t:none,log,block,msg:'SQL Injection Detected (score %{TX.SQLI_SCORE}): %{tx.msg}'"
|
