Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SA-CORE-2018-002 ruleset
# SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters
SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003294,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)$|\[(?:\'|\")?#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)"
# GENERIC: Block all parameters starting with #
SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003309,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#|\[(?:\'|\")?\#.*\]"
@silvaf6

This comment has been minimized.

Copy link

@silvaf6 silvaf6 commented Apr 23, 2018

sorry, what is this exactly, a firewall rule set?

@decafgeek

This comment has been minimized.

Copy link

@decafgeek decafgeek commented Apr 26, 2018

@silvaf6 - it's a ruleset for mod_security

@straav

This comment has been minimized.

Copy link

@straav straav commented Apr 26, 2018

So in light of SA-CORE-2018-004 would adding destination to the pattern of chain ID 003294 add coverage?

@ylapin

This comment has been minimized.

Copy link

@ylapin ylapin commented Apr 29, 2018

it's this good for drupalgeddon3 ??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment