-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmodsecurity_crs_69_jagger.conf
30 lines (30 loc) · 4.6 KB
/
modsecurity_crs_69_jagger.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
SecRule REQUEST_URI "\/rr3\/reports\/awaiting\/counterqueue" phase:1,nolog,id:'6',pass,ctl:ruleEngine=off,ctl:auditEngine=off
SecRule REQUEST_URI "\/rr3\/logos\/.*\.png$" phase:1,nolog,id:'2',pass,ctl:ruleEngine=off,ctl:auditEngine=off
SecRule REQUEST_URI "\/rr3\/manage\/entityedit\/show.*" phase:1,nolog,id:'21',pass,ctl:ruleEngine=off,ctl:auditEngine=off
SecRule REQUEST_URI "^\/rr3\/manage\/spage\/editarticle\/LibraryAccess$" phase:1,nolog,id:'4',pass,ctl:ruleEngine=off
SecRule REQUEST_URI "^\/rr3\/manage\/spage\/editarticle\/front_page" phase:1,nolog,id:'3',pass,ctl:ruleEngine=off
#disabled supression of auditevents
SecRuleUpdateTargetById 981173 !ARGS:sig_response|!ARGS:f\[.*|!ARGS:metadatabody|!ARGS:changeaccess
SecRuleUpdateTargetById 981231 !ARGS:f\[.*|!ARGS:metadatabody
SecRuleUpdateTargetById 981248 !ARGS:f\[.*|!ARGS:metadatabody
SecRuleUpdateTargetById 981243 !ARGS:f\[.*|!ARGS:metadatabody
SecRuleUpdateTargetById 981245 !ARGS:f\[.*|!ARGS:metadatabody
#SecRuleUpdateTargetById 960024 !ARGS:f\[.*|!ARGS:metadatabody
SecRuleRemoveById 960024 ARGS:f\[.*
SecRuleRemoveById 973338 REQUEST_URL:\/rr3\/providers\/sp_registration\/advanced
SecRuleRemoveById 973338 REQUEST_URL:\/rr3\/providers\/idp_registration\/advanced
SecRuleUpdateTargetById 973333 !ARGS:f\[.*|!ARGS:metadatabody
SecRuleUpdateTargetById 961203 !REQUEST_URI:/xml$/
SecRuleUpdateTargetById 950119 !ARGS:vurl
SecRuleUpdateTargetById 973300 !ARGS:inputmsg
SecRuleUpdateTargetById 960017 !REQUEST_URI:\/rr3\/arp\/[[:alnum:]]*\/[[:alnum:]]*\/arp\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/provider\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/service\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/federationexport\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/edugate-federation-metadata-signed\.xml
SecRuleUpdateTargetById 960021 !REQUEST_URI:/xml$/
#960015 not being suppressed, rule commented out in preference for SecRuleRemoveById
SecRuleRemoveById 960015 REQUEST_URI:\/rr3\/arp\/[[:alnum:]]*\/[[:alnum:]]*\/arp\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/provider\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/service\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/federationexport\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/edugate-federation-metadata-signed\.xml
SecRuleUpdateTargetById 950020 !REQUEST_URI:/\/rr3\/providers\/sp_registration/\advanced$/
SecRuleUpdateTargetById 950020 !REQUEST_URI:/\/rr3\/providers\/idp_registration/\advanced$/
SecRuleUpdateTargetById 950109 !REQUEST_URI:/\/rr3\/tools\/addontools\/msgdecoder$/
SecRuleUpdateTargetById 950901 !ARGS:formmessage|!ARGS:description|!ARGS:metadatabody|!REQUEST_FILENAME:/^\/rr3\/providers\/.*_registration\/advanced$/
#SecRuleUpdateTargetById 981203 !REQUEST_URI:\/rr3\/arp\/[[:alnum:]]*\/[[:alnum:]]*\/arp\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/provider\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/service\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/federationexport\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/edugate-federation-metadata-signed\.xml
# 960009 supressed in higer order file SecRuleUpdateTargetById 960009 !REQUEST_URI:\/rr3\/arp\/[[:alnum:]]*\/[[:alnum:]]*\/arp\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/provider\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/rr3\/metadata\/service\/[[:alnum:]]*~\/metadata\.xml|!REQUEST_URI:\/rr3\/signedmetadata\/federationexport\/[[:alnum:]]*~*\/metadata\.xml|!REQUEST_URI:\/edugate-federation-metadata-signed\.xml
#SecRule REQUEST_URI "(^\/rr3\/arp\/[[:alnum:]]*\/[[:alnum:]]*\/arp\.xml|^\/rr3\/signedmetadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|^\/rr3\/metadata\/[[:alnum:]]*\/[[:alnum:]]*\/metadata\.xml|^\/rr3\/signedmetadata\/provider\/[[:alnum:]]*~*\/metadata\.xml|^\/rr3\/metadata\/service\/[[:alnum:]]*~\/metadata\.xml|^\/rr3\/signedmetadata\/federationexport\/[[:alnum:]]*~*\/metadata\.xml|^\/edugate-federation-metadata-signed\.xml|^\/rr3\/signedmetadata\/federation\/[a-zA-Z0-9_]*\/metadata.xml)" phase:5,ctl:ruleRemoveTargetById=981203;REQUEST_HEADERS:User-Agent,id:'30',pass