|
From: Jai H. <jai...@mu...> - 2018-03-07 15:16:38
|
Using version 3.0.0 of libModSecurity.
Below is output after each set of OWASP CRS rules are added. As you can
see, some rules are added to Phase 0 after each CRS rule set is added. I am
not sure what these rules do.
what> modSecShowRules
Rules:
Phase: 0 (0 rules)
Phase: 1 (0 rules)
Phase: 2 (0 rules)
Phase: 3 (0 rules)
Phase: 4 (0 rules)
Phase: 5 (0 rules)
Phase: 6 (0 rules)
Phase: 7 (0 rules)
what> modSecAddRules -p
/opt/esg/current/runtime/owasp-modsecurity-crs/modsecurity.conf
what> modSecShowRules
Rules:
Phase: 0 (0 rules)
Phase: 1 (0 rules)
Phase: 2 (2 rules)
Rule ID: 200000--0x561d935fce20
Rule ID: 200001--0x561d935fd430
Phase: 3 (4 rules)
Rule ID: 200002--0x561d935d0690
Rule ID: 200003--0x561d93642530
Rule ID: 200004--0x561d93642d60
Rule ID: 200005--0x561d935d6160
Phase: 4 (0 rules)
Phase: 5 (0 rules)
Phase: 6 (0 rules)
Phase: 7 (0 rules)
what> modSecAddRules -p
/opt/esg/current/runtime/owasp-modsecurity-crs/crs-setup.conf
what> modSecShowRules
Rules:
Phase: 0 (0 rules)
Phase: 1 (0 rules)
Phase: 2 (4 rules)
Rule ID: 200000--0x561d935fce20
Rule ID: 200001--0x561d935fd430
Rule ID: 900950--0x561d935d62c0
Rule ID: 900990--0x561d935d66a0
Phase: 3 (4 rules)
Rule ID: 200002--0x561d935d0690
Rule ID: 200003--0x561d93642530
Rule ID: 200004--0x561d93642d60
Rule ID: 200005--0x561d935d6160
Phase: 4 (0 rules)
Phase: 5 (0 rules)
Phase: 6 (0 rules)
Phase: 7 (0 rules)
what> modSecAddRules -p
/opt/esg/current/runtime/owasp-modsecurity-crs/rules/REQUEST-901-INITIALIZATION.conf
what> modSecShowRules
Rules:
Phase: 0 (1 rules)
Rule ID: 0--0x561d92adf2a0
Phase: 1 (1 rules)
Rule ID: 0--0x561d92adf3b0
Phase: 2 (39 rules)
Rule ID: 200000--0x561d935fce20
Rule ID: 200001--0x561d935fd430
Rule ID: 900950--0x561d935d62c0
Rule ID: 900990--0x561d935d66a0
Rule ID: 900220--0x561d92c545b0
Rule ID: 900240--0x561d935d6cb0
Rule ID: 900300--0x561d92aeb250
Rule ID: 900310--0x561d92aeb770
Rule ID: 900320--0x561d92aebbe0
Rule ID: 900330--0x561d92aec110
Rule ID: 900340--0x561d92e13060
Rule ID: 900350--0x561d92c535f0
Rule ID: 901001--0x561d92c53dd0
Rule ID: 901100--0x561d936003d0
Rule ID: 901110--0x561d93600a40
Rule ID: 901120--0x561d936010f0
Rule ID: 901130--0x561d92e13960
Rule ID: 901140--0x561d92e13fe0
Rule ID: 901141--0x561d92e11da0
Rule ID: 901142--0x561d92e12400
Rule ID: 901143--0x561d92e12a80
Rule ID: 901150--0x561d935dd7a0
Rule ID: 901152--0x561d935dde50
Rule ID: 901160--0x561d935de500
Rule ID: 901162--0x561d92b96ce0
Rule ID: 901163--0x561d92b973d0
Rule ID: 901164--0x561d92b97ba0
Rule ID: 901165--0x561d93630480
Rule ID: 901166--0x561d93630b30
Rule ID: 901200--0x561d92f3a680
Rule ID: 901318--0x561d92f3aa90
Rule ID: 901321--0x561d92f3b1a0
Rule ID: 901400--0x561d92e273b0
Rule ID: 901410--0x561d92e27a20
Rule ID: 901420--0x561d92e28020
Rule ID: 901430--0x561d92ade3a0
Rule ID: 901440--0x561d92ade9d0
Rule ID: 901450--0x561d92adf110
Rule ID: 0--0x561d92adf4c0
Phase: 3 (5 rules)
Rule ID: 200002--0x561d935d0690
Rule ID: 200003--0x561d93642530
Rule ID: 200004--0x561d93642d60
Rule ID: 200005--0x561d935d6160
Rule ID: 0--0x561d92adf5d0
Phase: 4 (1 rules)
Rule ID: 0--0x561d92adf6e0
Phase: 5 (1 rules)
Rule ID: 0--0x561d92adf7f0
Phase: 6 (1 rules)
Rule ID: 0--0x561d92b7def0
Phase: 7 (0 rules)
what>
what> modSecAddRules -p
/opt/esg/current/runtime/owasp-modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf
what> modSecShowRules
Rules:
Phase: 0 (2 rules)
Rule ID: 0--0x561d92adf2a0
Rule ID: 0--0x561d93599630
Phase: 1 (2 rules)
Rule ID: 0--0x561d92adf3b0
Rule ID: 0--0x561d93599760
Phase: 2 (49 rules)
Rule ID: 200000--0x561d935fce20
Rule ID: 200001--0x561d935fd430
Rule ID: 900950--0x561d935d62c0
Rule ID: 900990--0x561d935d66a0
Rule ID: 900220--0x561d92c545b0
Rule ID: 900240--0x561d935d6cb0
Rule ID: 900300--0x561d92aeb250
Rule ID: 900310--0x561d92aeb770
Rule ID: 900320--0x561d92aebbe0
Rule ID: 900330--0x561d92aec110
Rule ID: 900340--0x561d92e13060
Rule ID: 900350--0x561d92c535f0
Rule ID: 901001--0x561d92c53dd0
Rule ID: 901100--0x561d936003d0
Rule ID: 901110--0x561d93600a40
Rule ID: 901120--0x561d936010f0
Rule ID: 901130--0x561d92e13960
Rule ID: 901140--0x561d92e13fe0
Rule ID: 901141--0x561d92e11da0
Rule ID: 901142--0x561d92e12400
Rule ID: 901143--0x561d92e12a80
Rule ID: 901150--0x561d935dd7a0
Rule ID: 901152--0x561d935dde50
Rule ID: 901160--0x561d935de500
Rule ID: 901162--0x561d92b96ce0
Rule ID: 901163--0x561d92b973d0
Rule ID: 901164--0x561d92b97ba0
Rule ID: 901165--0x561d93630480
Rule ID: 901166--0x561d93630b30
Rule ID: 901200--0x561d92f3a680
Rule ID: 901318--0x561d92f3aa90
Rule ID: 901321--0x561d92f3b1a0
Rule ID: 901400--0x561d92e273b0
Rule ID: 901410--0x561d92e27a20
Rule ID: 901420--0x561d92e28020
Rule ID: 901430--0x561d92ade3a0
Rule ID: 901440--0x561d92ade9d0
Rule ID: 901450--0x561d92adf110
Rule ID: 0--0x561d92adf4c0
Rule ID: 913011--0x561d92b7e230
Rule ID: 913100--0x561d935d3df0
Rule ID: 913110--0x561d92c5cd20
Rule ID: 913120--0x561d935adcf0
Rule ID: 913013--0x561d935ae0f0
Rule ID: 913101--0x561d92ea3230
Rule ID: 913102--0x561d92e8d180
Rule ID: 913015--0x561d92e8d580
Rule ID: 913017--0x561d92e8dff0
Rule ID: 0--0x561d93599890
Phase: 3 (10 rules)
Rule ID: 200002--0x561d935d0690
Rule ID: 200003--0x561d93642530
Rule ID: 200004--0x561d93642d60
Rule ID: 200005--0x561d935d6160
Rule ID: 0--0x561d92adf5d0
Rule ID: 913012--0x561d92b7e7d0
Rule ID: 913014--0x561d935ae610
Rule ID: 913016--0x561d92e8da80
Rule ID: 913018--0x561d93599550
Rule ID: 0--0x561d935999c0
Phase: 4 (2 rules)
Rule ID: 0--0x561d92adf6e0
Rule ID: 0--0x561d93599b40
Phase: 5 (2 rules)
Rule ID: 0--0x561d92adf7f0
Rule ID: 0--0x561d93599c70
Phase: 6 (2 rules)
Rule ID: 0--0x561d92b7def0
Rule ID: 0--0x561d93599da0
Phase: 7 (0 rules)
what> modSecAddRules -p
/opt/esg/current/runtime/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf
what> modSecShowRules
Rules:
Phase: 0 (4 rules)
Rule ID: 0--0x561d92adf2a0
Rule ID: 0--0x561d93599630
Rule ID: 0--0x561d935bc6b0
Rule ID: 0--0x561d92dface0
Phase: 1 (4 rules)
Rule ID: 0--0x561d92adf3b0
Rule ID: 0--0x561d93599760
Rule ID: 0--0x561d935bc380
Rule ID: 0--0x561d92dfb020
Phase: 2 (86 rules)
Rule ID: 200000--0x561d935fce20
Rule ID: 200001--0x561d935fd430
Rule ID: 900950--0x561d935d62c0
Rule ID: 900990--0x561d935d66a0
Rule ID: 900220--0x561d92c545b0
Rule ID: 900240--0x561d935d6cb0
Rule ID: 900300--0x561d92aeb250
Rule ID: 900310--0x561d92aeb770
Rule ID: 900320--0x561d92aebbe0
Rule ID: 900330--0x561d92aec110
Rule ID: 900340--0x561d92e13060
Rule ID: 900350--0x561d92c535f0
Rule ID: 901001--0x561d92c53dd0
Rule ID: 901100--0x561d936003d0
Rule ID: 901110--0x561d93600a40
Rule ID: 901120--0x561d936010f0
Rule ID: 901130--0x561d92e13960
Rule ID: 901140--0x561d92e13fe0
Rule ID: 901141--0x561d92e11da0
Rule ID: 901142--0x561d92e12400
Rule ID: 901143--0x561d92e12a80
Rule ID: 901150--0x561d935dd7a0
Rule ID: 901152--0x561d935dde50
Rule ID: 901160--0x561d935de500
Rule ID: 901162--0x561d92b96ce0
Rule ID: 901163--0x561d92b973d0
Rule ID: 901164--0x561d92b97ba0
Rule ID: 901165--0x561d93630480
Rule ID: 901166--0x561d93630b30
Rule ID: 901200--0x561d92f3a680
Rule ID: 901318--0x561d92f3aa90
Rule ID: 901321--0x561d92f3b1a0
Rule ID: 901400--0x561d92e273b0
Rule ID: 901410--0x561d92e27a20
Rule ID: 901420--0x561d92e28020
Rule ID: 901430--0x561d92ade3a0
Rule ID: 901440--0x561d92ade9d0
Rule ID: 901450--0x561d92adf110
Rule ID: 0--0x561d92adf4c0
Rule ID: 913011--0x561d92b7e230
Rule ID: 913100--0x561d935d3df0
Rule ID: 913110--0x561d92c5cd20
Rule ID: 913120--0x561d935adcf0
Rule ID: 913013--0x561d935ae0f0
Rule ID: 913101--0x561d92ea3230
Rule ID: 913102--0x561d92e8d180
Rule ID: 913015--0x561d92e8d580
Rule ID: 913017--0x561d92e8dff0
Rule ID: 0--0x561d93599890
Rule ID: 920011--0x561d92c11740
Rule ID: 920100--0x561d9360e8a0
Rule ID: 920160--0x561d93599e80
Rule ID: 920170--0x561d9359abc0
Rule ID: 920180--0x561d9359bf20
Rule ID: 920190--0x561d935b3340
Rule ID: 920210--0x561d935b49e0
Rule ID: 920220--0x561d935b5450
Rule ID: 920240--0x561d935b6730
Rule ID: 920250--0x561d935b7c20
Rule ID: 920280--0x561d935bb780
Rule ID: 920290--0x561d935bc7c0
Rule ID: 0--0x561d935bc910
Rule ID: 920310--0x561d935bda90
Rule ID: 920311--0x561d934e93e0
Rule ID: 920330--0x561d934eaea0
Rule ID: 920340--0x561d934eb890
Rule ID: 920350--0x561d934ed3e0
Rule ID: 920380--0x561d934edf00
Rule ID: 920360--0x561d934ef270
Rule ID: 920370--0x561d934f0630
Rule ID: 920390--0x561d934f19c0
Rule ID: 920400--0x561d934f2cb0
Rule ID: 920410--0x561d934f4350
Rule ID: 920420--0x561d934f5aa0
Rule ID: 920450--0x561d934c0db0
Rule ID: 920013--0x561d934c1970
Rule ID: 920200--0x561d934c31b0
Rule ID: 920201--0x561d934c4580
Rule ID: 920230--0x561d934c5cf0
Rule ID: 920300--0x561d934c6c50
Rule ID: 920271--0x561d934c9800
Rule ID: 920320--0x561d934caa60
Rule ID: 920015--0x561d92df3870
Rule ID: 920017--0x561d92df55d0
Rule ID: 920460--0x561d92dfae60
Rule ID: 0--0x561d92dfb100
Phase: 3 (28 rules)
Rule ID: 200002--0x561d935d0690
Rule ID: 200003--0x561d93642530
Rule ID: 200004--0x561d93642d60
Rule ID: 200005--0x561d935d6160
Rule ID: 0--0x561d92adf5d0
Rule ID: 913012--0x561d92b7e7d0
Rule ID: 913014--0x561d935ae610
Rule ID: 913016--0x561d92e8da80
Rule ID: 913018--0x561d93599550
Rule ID: 0--0x561d935999c0
Rule ID: 920012--0x561d92c11c80
Rule ID: 920120--0x561d92b38010
Rule ID: 920130--0x561d92b39060
Rule ID: 920140--0x561d935fbab0
Rule ID: 920260--0x561d935b93e0
Rule ID: 920270--0x561d935ba580
Rule ID: 0--0x561d935bc9f0
Rule ID: 920430--0x561d934be2c0
Rule ID: 920440--0x561d934bf480
Rule ID: 920014--0x561d934c1f10
Rule ID: 920121--0x561d934cbd20
Rule ID: 920016--0x561d92df3db0
Rule ID: 920272--0x561d92df5260
Rule ID: 920018--0x561d92df5b70
Rule ID: 920202--0x561d92df6b70
Rule ID: 920273--0x561d92df8500
Rule ID: 920274--0x561d92df98f0
Rule ID: 0--0x561d92dfb230
Phase: 4 (4 rules)
Rule ID: 0--0x561d92adf6e0
Rule ID: 0--0x561d93599b40
Rule ID: 0--0x561d935bcb00
Rule ID: 0--0x561d92dfb360
Phase: 5 (4 rules)
Rule ID: 0--0x561d92adf7f0
Rule ID: 0--0x561d93599c70
Rule ID: 0--0x561d935bcc10
Rule ID: 0--0x561d92dfb490
Phase: 6 (4 rules)
Rule ID: 0--0x561d92b7def0
Rule ID: 0--0x561d93599da0
Rule ID: 0--0x561d935bcd20
Rule ID: 0--0x561d92dfb5c0
On Wed, Mar 7, 2018 at 4:50 AM, Felipe Costa <FC...@tr...> wrote:
> Hi Jai,
>
>
>
> What is the version of yours libModSecurity? Do you happen to have any
> public rule set loaded? If so, can you share the version info?
>
>
>
> Br.,
>
> *Felipe “Zimmerle” Costa*
>
> Security Researcher, Lead Developer ModSecurity.
>
>
>
> *Trustwave* | SMART SECURITY ON DEMAND
>
> *www.trustwave.com <http://www.trustwave.com/>*
>
>
>
> *From: *Jai Harpalani via mod-security-developers <
> mod...@li...>
> *Reply-To: *"mod...@li..." <
> mod...@li...>
> *Date: *Tuesday, March 6, 2018 at 9:16 PM
> *To: *"mod...@li..." <
> mod...@li...>
> *Cc: *Jai Harpalani <jai...@mu...>
> *Subject: *[Mod-security-developers] Question regarding transaction::
> processConnection()
>
>
>
> What is the purpose of transaction::processConnection()? I see that after
> populating IP addresses and Port addresses, it invokes evaluate() with
> ConnectionPhase. Can someone elaborate on what this evaluate() call will
> check? I see the below rules for the ConnectionPhase in my system, but all
> RuleIds = 0 so I do not know what these rules do.
>
>
>
> Phase: 0 (18 rules)
>
> Rule ID: 0--0x555556494c20
>
> Rule ID: 0--0x5555563d9d20
>
> Rule ID: 0--0x555556426550
>
> Rule ID: 0--0x55555632f880
>
> Rule ID: 0--0x5555563fe760
>
> Rule ID: 0--0x5555562776f0
>
> Rule ID: 0--0x55555627f750
>
> Rule ID: 0--0x5555560997f0
>
> Rule ID: 0--0x5555566eec00
>
> Rule ID: 0--0x5555567247b0
>
> Rule ID: 0--0x555556731f50
>
> Rule ID: 0--0x5555567c1b70
>
> Rule ID: 0--0x55555673e0d0
>
> Rule ID: 0--0x555556740250
>
> Rule ID: 0--0x555555e96650
>
> Rule ID: 0--0x5555567dbc40
>
> Rule ID: 0--0x5555567dc260
>
> Rule ID: 0--0x5555567e75c0
>
>
>
> Thanks,
>
> Jai
>
>
>
>
>
|
