Created
May 31, 2016 19:45
-
-
Save p0pr0ck5/71ca4307443dbb2394486be9a159101b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
poprocks@soter:~/code/Lua/lua-resty-waf$ cat ~/code/SpiderLabs-owasp-modsecurity-crs-ebe8790/base_rules/modsecurity_crs_* | ./tools/modsec2lua-resty-waf.pl -p ~/code/SpiderLabs-owasp-modsecurity-crs-ebe8790/base_rules/ -f > /dev/null | |
Cannot translate operator validateUrlEncoding at ./tools/modsec2lua-resty-waf.pl line 560. | |
SecRule REQUEST_URI \%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4}) chain,phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'6',accuracy:'8',t:none,block,msg:'URL Encoding Abuse Attack Attempt',id:'950107',tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',severity:'4' | |
SecRule REQUEST_URI @validateUrlEncoding setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var} | |
Cannot translate operator validateUrlEncoding at ./tools/modsec2lua-resty-waf.pl line 560. | |
SecRule REQUEST_HEADERS:Content-Type ^(application\/x-www-form-urlencoded|text\/xml)(?:;(?:\s?charset\s?=\s?[\w\d\-]{1,18})?)??$ chain,phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'6',accuracy:'8',t:none,block,msg:'URL Encoding Abuse Attack Attempt',id:'950108',tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',severity:'4' | |
SecRule REQUEST_BODY|XML:/* \%((?!$|\W)|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4}) chain | |
SecRule REQUEST_BODY|XML:/* @validateUrlEncoding setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var} | |
Cannot translate operator validateUtf at ./tools/modsec2lua-resty-waf.pl line 560. | |
SecRule TX:CRS_VALIDATE_UTF8_ENCODING @eq 1 chain,phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'6',accuracy:'8',t:none,block,msg:'UTF8 Encoding Abuse Attack Attempt',id:'950801',tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',severity:'4' | |
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES @validateUtf8Encoding setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var} | |
Cannot translate operator validateByteRange at ./tools/modsec2lua-resty-waf.pl line 560. | |
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer @validateByteRange 1-255 phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'9',block,msg:'Invalid character in request',id:'960901',tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',severity:'3',t:none,t:urlDecodeUni,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.error_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var} | |
Cannot translate operator validateByteRange at ./tools/modsec2lua-resty-waf.pl line 560. | |
SecRule TX:PARANOID_MODE @eq 1 chain,phase:2,rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'8',accuracy:'7',block,msg:'Invalid character in request',id:'960018',tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',severity:'3',t:none,t:urlDecodeUni | |
SecRule REQUEST_URI|REQUEST_BODY|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|TX:HPP_DATA @validateByteRange 32-126 t:urlDecodeUni,setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.error_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var} | |
Cannot perform transform cmdLine at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform cmdLine at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform cmdLine at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform jsDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform cssDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform jsDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform cssDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform jsDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform cssDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform jsDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform removeNulls at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform jsDecode at ./tools/modsec2lua-resty-waf.pl line 687. | |
Cannot perform transform cssDecode at ./tools/modsec2lua-resty-waf.pl line 687. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment