Update: [Fri Jan 24 00:25:21 UTC 2025]

2025-12-29 16:15:12 +00:00 · 2025-01-24 00:25:21 +00:00
parent a2a0049402
commit 1b5b529aaf
40 changed files with 2344 additions and 2344 deletions
--- a/waf_patterns/apache/correlation.conf
+++ b/waf_patterns/apache/correlation.conf
@@ -1,11 +1,11 @@
 # Apache ModSecurity rules for CORRELATION
 SecRuleEngine On

-SecRule REQUEST_URI "@ge\ %\{tx\.outbound_anomaly_score_threshold\}" "id:1345,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1339,phase:1,deny,status:403,log,msg:'correlation attack detected'"
 SecRule REQUEST_URI "@gt\ 0" "id:1346,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@ge\ %\{tx\.inbound_anomaly_score_threshold\}" "id:1342,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1341,phase:1,deny,status:403,log,msg:'correlation attack detected'"
 SecRule REQUEST_URI "@ge\ 5" "id:1340,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@ge\ %\{tx\.inbound_anomaly_score_threshold\}" "id:1342,phase:1,deny,status:403,log,msg:'correlation attack detected'"
 SecRule REQUEST_URI "@ge\ %\{tx\.outbound_anomaly_score_threshold\}" "id:1343,phase:1,deny,status:403,log,msg:'correlation attack detected'"
 SecRule REQUEST_URI "@ge\ %\{tx\.inbound_anomaly_score_threshold\}" "id:1344,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1341,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1339,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@ge\ %\{tx\.outbound_anomaly_score_threshold\}" "id:1345,phase:1,deny,status:403,log,msg:'correlation attack detected'"