File: modsecurity_crs_10_ignore_static.conf

package info (click to toggle)
modsecurity-crs 2.2.9-1+deb8u1
  • links: PTS
  • area: main
  • in suites: jessie
  • size: 3,064 kB
  • ctags: 219
  • sloc: perl: 1,002; ansic: 727; ruby: 69; makefile: 18
file content (47 lines) | stat: -rw-r--r-- 2,290 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.9
# Copyright (C) 2006-2012 Trustwave All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under 
# Apache Software License (ASL) version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


#
# The rules in this file will cause ModSecurity to let requests for static
#   content go into the server without being examined (mostly media content). 
#   This can reduce the load on the server considerably.
#
# This ruleset will skip all tests for media files, but will skip only the
#   request body phase (phase 2) for text files. To skip the outbound stage
#   for text files, add file 47 (skip_outbound_checks) to your configuration,
#   in addition to this file
#
# NOTE  If you are using mod_rewrite to rewrite URLs, please keep in mind
#         that some URLs may seem static, when they are not. for example,
#         if you have a rule like this in your configuration:
#           RewriteRule (.*).gif images.php?id=$1 [QSA]
#         then requests to the gif files will pass through ModSecurity without
#         inspection.
#


# We skip inspection GET & HEAD requests that have no parameters
# and that end with static content file extension
SecRule REQUEST_METHOD "^(?:GET|HEAD)$" "chain,phase:2,t:none,skip:1,pass,nolog,id:'900040',severity:'6'"
 SecRule &ARGS "@eq 0" "t:none,setvar:tx.no_parameters=1"

SecAction "phase:2,id:'900041',t:none,nolog,pass,skipAfter:END_STATIC_CONTENT_CHECK"

# Determine actions based on static file extensions
# Images
SecRule REQUEST_FILENAME "\.(?:(?:jpe?|pn)g|gif|ico)$" "phase:2,t:none,t:lowercase,allow,nolog,id:'900042',severity:'6'"
# Documents
SecRule REQUEST_FILENAME "\.(?:doc|pdf|txt|xls)$" "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'900043',severity:'6'"
# HTML
SecRule REQUEST_FILENAME "\.(?:(?:cs|j)s|html?)$" "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'999005',severity:'6'"
# Media files
SecRule REQUEST_FILENAME "\.(?:mp(?:e?g|3)|avi|flv|swf|wma)$" "phase:2,t:none,t:lowercase,allow,nolog,id:'999006',severity:'6'"

SecMarker END_STATIC_CONTENT_CHECK