External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Dec 29 23:20:18 UTC 2024]

Browse Source
This commit is contained in:
github-actions[bot]
2024-12-29 23:20:18 +00:00
parent 36f08db3eb
commit 3760d3dcde
35 changed files with 17042 additions and 1242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
waf_patterns/apache/enforcement.conf
View File

@@ -13,7 +13,7 @@ SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'enforcemen
SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^d+$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0?$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
@@ -29,13 +29,13 @@ SecRule REQUEST_URI "@rx (d+)-(d+)" "id:1000,phase:1,deny,status:403,log,msg:'en
SecRule REQUEST_URI "@lt %{tx.1}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx x25" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(.*)/(?:[^?]+)?(?.*)?$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^.*%.*.[^sv.]+$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)application/x-www-form-urlencoded" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx x25" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUtf8Encoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?i)%uff[0-9a-f]{2}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx %u[fF]{2}[0-9a-fA-F]{2}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 1-255" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
@@ -62,10 +62,10 @@ SecRule REQUEST_URI "@rx ^(?i)multipart/form-data" "id:1000,phase:1,deny,status:
SecRule REQUEST_URI "@gt %{tx.max_file_size}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.combined_file_sizes}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^[^;s]+" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx charsets*=s*[" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx charsets*=s*["']?([^;"'s]+)" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx charset.*?charset" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_http_versions}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
@@ -75,7 +75,7 @@ SecRule REQUEST_URI "@rx .[^.~]+~(?:/.*|)$" "id:1000,phase:1,deny,status:403,log
SecRule REQUEST_URI "@rx ^.*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_headers_basic}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt 50" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@streq JSON" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?i)x5cu[0-9a-f]{4}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@contains #" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
@@ -89,14 +89,11 @@ SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}" "id:1000,phase:1,
SecRule REQUEST_URI "@rx %[0-9a-fA-F]{2}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 9,10,13,32-126,128-255" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ['" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ['";=]" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^.*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_headers_extended}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)application/x-www-form-urlencoded" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx x25" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 32-36,38-126" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"