Last active
July 10, 2019 13:36
-
-
Save airween/d11dfe6d1b9b3f62f14ec8181ef77a75 to your computer and use it in GitHub Desktop.
ModSecurity 3.0 - issue 2129
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "enabled":1, | |
| "version_min":300000, | |
| "title":"multipart parser (normal)", | |
| "client":{ | |
| "ip":"200.249.12.31", | |
| "port":123 | |
| }, | |
| "server":{ | |
| "ip":"200.249.12.31", | |
| "port":80 | |
| }, | |
| "request":{ | |
| "headers":{ | |
| "Host":"localhost", | |
| "User-Agent":"curl/7.38.0", | |
| "Accept":"*/*", | |
| "Content-Length":"330", | |
| "Content-Type":"multipart/form-data; boundary=0000", | |
| "Expect":"100-continue" | |
| }, | |
| "uri":"/", | |
| "method":"POST", | |
| "body":[ | |
| "--0000\r", | |
| "Content-Disposition: form-data; name=\"upload\"; filename=\"eicar.txt\"\r", | |
| "Content-Type: text/plain\r", | |
| "\r", | |
| "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*\r", | |
| "--0000--\r" | |
| ] | |
| }, | |
| "response":{ | |
| "headers":{ | |
| "Date":"Mon, 13 Jul 2015 20:02:41 GMT", | |
| "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", | |
| "Content-Type":"text/html" | |
| }, | |
| "body":[ | |
| "no need." | |
| ] | |
| }, | |
| "expected":{ | |
| "debug_log":"", | |
| "http_code":403 | |
| }, | |
| "rules":[ | |
| "SecRuleEngine On", | |
| "SecTmpSaveUploadedFiles On", | |
| "SecUploadDir /tmp/modsec", | |
| "SecUploadFileMode 0644", | |
| "SecStatusEngine On", | |
| "SecUploadKeepFiles On", | |
| "SecRule FILES_TMPNAMES \"@inspectFile ../util/av-scanning/runav.pl\" \"id:948001,phase:2,t:none,log,auditlog,deny,msg:'Virus found in uploaded file FILES_TMPNAMES : %{FILES_TMPNAMES}%, FILES_NAMES : %{FILES_NAMES}%'\"" | |
| ] | |
| }, | |
| { | |
| "enabled":1, | |
| "version_min":300000, | |
| "title":"multipart parser (normal)", | |
| "client":{ | |
| "ip":"200.249.12.31", | |
| "port":123 | |
| }, | |
| "server":{ | |
| "ip":"200.249.12.31", | |
| "port":80 | |
| }, | |
| "request":{ | |
| "headers":{ | |
| "Host":"localhost", | |
| "User-Agent":"curl/7.38.0", | |
| "Accept":"*/*", | |
| "Content-Length":"330", | |
| "Content-Type":"multipart/form-data; boundary=0000", | |
| "Expect":"100-continue" | |
| }, | |
| "uri":"/", | |
| "method":"POST", | |
| "body":[ | |
| "--0000\r", | |
| "Content-Disposition: form-data; name=\"upload-good\"; filename=\"good.txt\"\r", | |
| "Content-Type: text/plain\r", | |
| "\r", | |
| "It's all right.\r", | |
| "--0000--\r" | |
| ] | |
| }, | |
| "response":{ | |
| "headers":{ | |
| "Date":"Mon, 13 Jul 2015 20:02:41 GMT", | |
| "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", | |
| "Content-Type":"text/html" | |
| }, | |
| "body":[ | |
| "no need." | |
| ] | |
| }, | |
| "expected":{ | |
| "debug_log":"", | |
| "http_code":200 | |
| }, | |
| "rules":[ | |
| "SecRuleEngine On", | |
| "SecTmpSaveUploadedFiles On", | |
| "SecUploadDir /tmp/modsec", | |
| "SecUploadFileMode 0644", | |
| "SecStatusEngine On", | |
| "SecUploadKeepFiles On", | |
| "SecRule FILES_TMPNAMES \"@inspectFile ../util/av-scanning/runav.pl\" \"id:948001,phase:2,t:none,log,auditlog,deny,msg:'Virus found in uploaded file FILES_TMPNAMES : %{FILES_TMPNAMES}%, FILES_NAMES : %{FILES_NAMES}%'\"" | |
| ] | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment