SA-CORE-2018-002 ruleset

gistfile1.txt

# SPECIFIC: Block #submit #validate #process #pre_render #post_render #element_validate #after_build #value_callback parameters

SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003294,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
        SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
        SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)$|\[(?:\'|\")?#(submit|validate|pre_render|post_render|element_validate|after_build|value_callback|process)"

# GENERIC: Block all parameters starting with #
        
SecRule REQUEST_FILENAME "(index\.php|\/$)" "chain,id:003309,t:lowercase,t:none,t:utf8toUnicode,t:urlDecodeUni,t:urldecode,block"
        SecRule REQUEST_METHOD "^(GET|POST|HEAD)$" chain
        SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES "^\#|\[(?:\'|\")?\#.*\]"

@silvaf6 - it's a ruleset for mod_security

So in light of SA-CORE-2018-004 would adding destination to the pattern of chain ID 003294 add coverage?

it's this good for drupalgeddon3 ??