-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Description
E.g.:
SecRule XML://tag1/*[local-name()='some-tag']
"@pm ..\ ../"
"phase:request,
msg:'Path Traversal Attack (/../)',
id:77113,
ver:'OWASP_CRS/3.0.0',
rev:'1',
maturity:'9',
accuracy:'7',
multiMatch,
t:base64Decode,
block,
severity:CRITICAL,
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',
capture,
tag:'application-multi',
tag:'language-multi',
tag:'platform-multi',
tag:'attack-lfi',
tag:'OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL',
setvar:'tx.msg=%{rule.msg}',
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},
setvar:tx.lfi_score=+%{tx.critical_anomaly_score},
setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL-%{matched_var_name}=%{matched_var}'"
Error occured when nginx start:
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /var/rules/rules.conf. Line: 1. Column: 48. Expecting a variable, got: : ='some-$