[Modsecurity] Modsecurity rules update for 20061111
mirror at prometheus-group.com
mirror at prometheus-group.com
Sat Nov 11 11:17:23 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
New Release of GotRoot Web Signatures
Diff of /etc/modsecurity/apache2-rules.conf
Diff of /etc/modsecurity/blacklist.conf
531c531
< #SecFilterSelective HTTP_Referer|ARGS "\bby\.ru"
- ---
> SecFilterSelective HTTP_Referer|ARGS "\bby\.ru\b"
7606d7605
< SecFilterSelective HTTP_Referer|ARGS BoiseComputerService\.com
Diff of /etc/modsecurity/proxy.conf
Diff of /etc/modsecurity/rules.conf
38a39,40
> # we exclude GET requests from this because some (automated)
> # clients supply "text/html" as Content-Type
42,47c44,46
< #Block WebDav PUTS
< #Comment this rule out if you need WebDAV
< SecFilterSelective REQUEST_METHOD "^PUT$" "id:340002,rev:1,severity:2,msg:'Restricted HTTP function'"
<
< #Generic rule for allowed characters, adjust for your site before activating
< #SecFilterSelective REQUEST_URI "!^[-a-zA-z0-9\.\+_/\-\?\=]+$" "chain,id:390002,rev:1,severity:2,msg:'Restricted HTTP character set'"
- ---
> #Generic rule for allowed characters, very broken at the moment, dont use it unless you can fix it
> #Then post your fix eh!
> #SecFilterSelective REQUEST_URI "!^[-a-zA-z0-9\.\+_/\-\?\=]+$" "chain,id:340002,rev:1,severity:2,msg:'Restricted HTTP character set'"
184,185c183
< SecFilterSelective ARGS "(ht|f)tps?:/" chain
< SecFilterSelective HTTP_Referer "!/imp/login\.php"
- ---
> SecFilterSelective ARGS "(ht|f)tps?:/"
187,188c185
< SecFilterSelective REQUEST_URI "\.php(3|4|5)?(\?|&).*=(ht|f)tps?:/" chain
< SecFilterSelective HTTP_Referer "!/imp/login\.php"
- ---
> SecFilterSelective REQUEST_URI "\.php(3|4|5)?(\?|&).*=(ht|f)tps?:/"
Diff of /etc/modsecurity/blacklist2.conf
31d30
< SecFilterSelective THE_REQUEST "(/|\.)molganinovo\.ru/"
Diff of /etc/modsecurity/exclude.conf
10a11,12
> # modsecurity is a trademark of Thinking Stone, Ltd.
> #
46,49d47
< <LocationMatch "/admin/main.php">
< SecFilterRemove 300013
< </LocationMatch>
<
85c83
< <LocationMatch "/imp/compose.php">
- ---
> <LocationMatch "/horde/imp/compose.php">
Diff of /etc/modsecurity/rootkits.conf
Diff of /etc/modsecurity/useragents.conf
13c13
< # Version: N-20061014-01
- ---
> # Version: N-20060907-01
232,235d231
<
< #MS WebDav
< #If you do not allow webdav, this is useful to catch some webdav PUT attacks
< SecFilterSelective HTTP_USER_AGENT "Microsoft Data Access Internet Publishing Provider"
Diff of /etc/modsecurity/exclude.conf
Diff of /etc/modsecurity/badips.conf
Diff of /etc/modsecurity/recons.conf
Diff of /etc/modsecurity/jitp.conf
4453,4455d4452
<
< #
< SecFilterSelective ARG_doc_directory "(ht|f)tps?:/"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQIVAwUBRVX3krVvl2Kn6BhaAQI/Bw//QGWQfWXAVJAvh0+fJKv+UEe69nQ5b4mL
VVM2TAhN5SzZXMQ8KhqdM1a4O1JFRy9N87ZGaJF+Ma+boeBDgwecgQK3Bg1b9qSz
rLP0VQVHE/5oVe2ZDh0Xlo15jOqU7oAyF9OszWquTuD4d+LVljbZXxqFg7krlNn2
NWY8UObp1jurwOAnOZU+ObdfJxqjgGKBvBpQ0nxOEMRs3ohEpFln5qaSmGG3ZU7R
uXDWr2X11OEaLWsE2NfZwloAArOPhJ0nEKSCjlFyujNVmXdc4yFK+RHTFKJfd/Ch
Xn8VfjIdgrhLqanNV6fbRbRB08do8C4DLmL9F+BWQeQPtvUTDOcrBBifvwVNyXp6
FcSbChk7/Q/3zaPsWodgN9ONGk1F1Y8A2eAxdnFf7oNm1U75TKZG4tSJ230o6J8u
tvF4DmNv9FVXb1GPxZG/tjTJrtw3NIIkC5krGSCrPaWvb/VKBtbRn/ptGxM4PlfS
PVt/lQMenQzhgeavCjeGwFJnzISYBioXn0bgSWwfMu1HQxGoj1+cVlh2sBfLfGGO
Kcviw0bxefe/sS+GM5OEwFpf/t8e77ncBErAPaJeJpFxC8pXwh0fEyNE+OylfpHs
dVt3OGtEzoIWeiThQ0X3QcK36D3YVUkj82roRFN4XlD0o/VRmQTYI4spShdKFt9v
j1U5vE0aYaY=
=CkUP
-----END PGP SIGNATURE-----
More information about the Modsecurity
mailing list