File: modsecurity_crs_16_username_tracking.conf

package info (click to toggle)
modsecurity-crs 2.2.9-1+deb8u1
  • links: PTS
  • area: main
  • in suites: jessie
  • size: 3,064 kB
  • ctags: 219
  • sloc: perl: 1,002; ansic: 727; ruby: 69; makefile: 18
file content (35 lines) | stat: -rw-r--r-- 1,581 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.9
# Copyright (C) 2006-2012 Trustwave All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under 
# Apache Software License (ASL) version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


#
# Template rules for login/audit rules.
# Uncomment the following lines and specify the path or specific login resource for protection
#
#<LocationMatch "^/(?:(admin|account\/login\.jsp$))">
#
# Identify/Set the UserID name and collection
# Must correctly specify the parameter name that holds the username data (example ARGS:username)
#
#SecRule ARGS:username ".*" "phase:2,id:'981075',t:none,pass,nolog,noauditlog,capture,setvar:session.username=%{TX.0},setuid:%{TX.0}"

#
# Password Complexity Check
# Must correctly specify the parameter name that holds the password data (example ARGS:password)
# The regex below requires 8 length, one upper, one lower, and one number.
#
#SecRule ARGS:password "^(?=[a-zA-Z0-9]*?[A-Z])(?=[a-zA-Z0-9]*?[a-z])(?=[a-zA-Z0-9]*?[0-9])[a-zA-Z0-9]{8,}$" "phase:2,id:'981076',t:none,block,log,msg:'Password does meet complexity requirements.',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-POLICY-%{matched_var_name}=%{matched_var}"

#
# Sanitize the user's password data in the audit logs
# Set the appropriate password parameter name
#SecAction "phase:5,id:'981077',t:none,pass,nolog,sanitiseArg:password"

#</LocationMatch>