1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
|
# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.9
# Copyright (C) 2006-2012 Trustwave All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under
# Apache Software License (ASL) version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
#
# -=[ You must be using the Resource Profiling Rules to track this data ]=-
#
# modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf
# modsecurity_crs_40_appsensor_detection_point_3.0_end.conf
#
#
# -=[ Disable ModSecurity For Arachni Scans ]=-
#
# Update the remote IP address for your Arachni RPC host
#
#SecRule REMOTE_ADDR "@ipMatch 192.168.168.128" "chain,id:'900030',phase:1,t:none,nolog,pass"
# SecRule REQUEST_HEADERS:User-Agent "@beginsWith Arachni/" "ctl:ruleEngine=Off"
#
# -=[ Initiate Arachni Scan on 1st URL Access ]=-
#
# Update the path to the arachni_integration.lua script
#
#SecRule &RESOURCE:ARACHNI_SCAN_COMPLETED "@eq 0" "chain,id:'900031',phase:5,t:none,log,pass"
# SecRule &ARGS "@gt 0" "exec:/usr/share/modsecurity-crs/lua/arachni_integration.lua"
|