SecRule REQUEST_HEADERS:Authorization

Brought to you by: victorhora, zimmerletw

SecRule REQUEST_HEADERS:Authorization

Forum: Rules

Creator: Sascha Papini

Created: 2017-07-19

Updated: 2017-07-19

Sascha Papini - 2017-07-19

Hi all, I want to block cross scripting in header Authorization Basic. For example, I have:
POST /tr069/ HTTP/1.1
Host: carontetest.digitelitalia.com:8445
Content-Length: 1412
Accept-Encoding: gzip, deflate, compress
SOAPAction:
Accept: /
User-Agent: python-requests/2.2.1 CPython/2.7.6 Linux/4.4.0-81-generic
Authorization: Basic Ii8+PHNjcmlwdD5hbGVydCgieHNzIDspIik8L3NjcmlwdD46cGFzcw==

Ii8+PHNjcmlwdD5hbGVydCgieHNzIDspIik8L3NjcmlwdD46cGFzcw==
is
"/><script>alert("xss ;)")</script>:pass

I write
SecRule REQUEST_HEADERS:Authorization "Basic (.*)" "chain,phase:1,deny,id:'696969',msg:'XSS su autenticazione'"
SecRule TX:1 "!^[-a-zA-Z0-9_]+:[-a-zA-Z0-9_]+$" "t:base64Decode"

but mod_security don't block the request. What is wrong ?

thanks Sascha

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.