External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 17:55:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/apache/correlation.conf
github-actions[bot] dd47e4b328 Update: [Mon Jan 6 00:28:11 UTC 2025]
2025-01-06 00:28:11 +00:00

23 lines
2.1 KiB
Plaintext
Raw Blame History

# Apache ModSecurity rules for CORRELATION
SecRuleEngine On
SecRule REQUEST_URI "@eq 0" "id:1477,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@ge 5" "id:1478,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1479,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1480,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1481,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1482,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1483,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1484,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1485,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@gt 0" "id:1486,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1487,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1488,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1489,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1490,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1491,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1492,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1493,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1494,phase:1,deny,status:403,log,msg:'correlation attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1495,phase:1,deny,status:403,log,msg:'correlation attack detected'"
Reference in New Issue View Git Blame Copy Permalink