Re: [mod-security-users] How ignore static content? - OWASP/CRS
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] How ignore static content? - OWASP/CRS
|
From: Cristiano G. <cri...@gm...> - 2016-07-18 13:11:04
|
Thanks Reindl! It works. Best Regards, On Fri, Jul 15, 2016 at 12:49 PM, Reindl Harald <h.r...@th...> wrote: > > SecRule REQUEST_BASENAME > ".(avi|css|csv|doc|docx|eot|flv|gif|htm|html|ico|jpeg|jpg|m4v|mp3|mp4|mpeg|mpg|otf|pdf|png|svg|svgz|ttf|txt|wma|wmv|woff|xls|xlsx)$" > "id:'90',phase:1,nolog,allow,ctl:ruleEngine=off" > > an *no* don't do that for .js > > Am 15.07.2016 um 17:35 schrieb Cristiano Galdino: > >> Hi there, >> >> I'm using CRS 2.2.8 and activated all base_rulesand >> optional_rules/*modsecurity_crs_10_ignore_static.conf*, but also match >> events in static content. >> >> >> FILE *modsecurity_crs_10_ignore_static.conf: >> * >> * >> * >> SecRule REQUEST_METHOD "^(?:GET|HEAD)$" >> "chain,phase:2,t:none,skip:1,pass,nolog,id:'900040',severity:'6'" >> SecRule &ARGS "@eq 0" "t:none,setvar:tx.no_parameters=1" >> SecAction >> "phase:2,id:'900041',t:none,nolog,pass,skipAfter:END_STATIC_CONTENT_CHECK" >> SecRule REQUEST_FILENAME "\.(?:(?:jpe?|pn)g|gif|ico)$" >> "phase:2,t:none,t:lowercase,allow,nolog,id:'900042',severity:'6'" >> SecRule REQUEST_FILENAME "\.(?:doc|pdf|txt|xls)$" >> >> "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'900043',severity:'6'" >> SecRule REQUEST_FILENAME "\.(?:(?:cs|j)s|html?)$" >> >> "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'999005',severity:'6'" >> SecRule REQUEST_FILENAME "\.(?:mp(?:e?g|3)|avi|flv|swf|wma)$" >> "phase:2,t:none,t:lowercase,allow,nolog,id:'999006',severity:'6'" >> SecMarker END_STATIC_CONTENT_CHECK >> > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning > reports.http://sdm.link/zohodev2dev > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > -- Cristiano Galdino - cri...@ga... http://cristiano.galdino.net |
