Re: [mod-security-users] Why was this request put in the audit log?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Why was this request put in the audit log?
|
From: Christian F. <chr...@ne...> - 2022-11-13 10:10:20
|
Yes, we do (-> tx.allowed_http_versions in crs-setup.conf), but 920280 triggers regardless of the HTTP version used. This is apparently not overly exact, but HTTP/1.0 is relatively rare and it's easy to do a rule exclusion. We could extend 920280 with a chained check for the version without too much cost, I guess. Best, Christian On Sun, Nov 13, 2022 at 09:59:09AM +0100, az...@po... wrote: > Is that correct behavior as HTTP/1.0 does not require Host header to be > present? Do we support HTTP/1.0 in CRS? > > > > Citát Ervin Hegedüs <ai...@gm...>: > > > hey, > > > > On Sat, Nov 12, 2022 at 06:33:02PM -0600, Arlen Walker wrote: > > > What’s the current paranoia level set to? Some levels require a Host > > > header to be present. > > > > just for my 2 cents: rule 920280 checks that Host header is > > present or not, 920290 checks that it's not empty. > > > > Furthermore, rule 920350 checks that Host header can't be > > numeric (eg. an IPv4 or IPv6 format address). > > > > All of them activated on *PL1*, so we can say PL settings do not > > play here. > > > > https://crsdoc.digitalwave.hu/?v=v3.3.2&f=1&_trg=107%2C106 > > > > (See the "Paranoia level" field in the tables) > > > > > > a. > > > > > > > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > > http://www.modsecurity.org/projects/commercial/rules/ > > http://www.modsecurity.org/projects/commercial/support/ > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
