digitaldemocratic/dd-sso/docker/waf-modsecurity/rules_apps.conf

84 lines
2.8 KiB
Plaintext
Raw Permalink Normal View History

2022-11-10 00:28:20 +01:00
# Rules
#######
SecRule REQUEST_FILENAME "@endsWith /apps/user_status/heartbeat" \
"id:99000001,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveById=911100"
SecRule REQUEST_FILENAME "@rx /apps/text/session/(?:create|fetch|sync|close)$" \
"id:99000002,\
phase:1,\
pass,\
t:none,\
nolog,\
ver:'OWASP_CRS/3.2.0',\
setvar:'tx.allowed_methods=%{tx.allowed_methods} PUT DELETE'"
SecRule REQUEST_FILENAME "@contains /auth/saml2/sp/saml2-acs.php" \
"id:99000003,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveById=920440"
SecRule REQUEST_FILENAME "@contains /auth/saml2/sp/saml2-logout.php" \
"id:99000004,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveById=920440"
SecRule REQUEST_FILENAME "@contains /apps/text/session" \
"id:99000005,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveById=911100"
SecRule REQUEST_FILENAME "@contains /apps/user_status/heartbeat" "phase:1,id:99000006,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_FILENAME "@contains /remote.php/dav" "phase:1,id:99000007,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_FILENAME "@contains /apps/text/session" "phase:1,id:99000008,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_FILENAME "@contains /socket.io" "phase:1,id:99000009,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_FILENAME "@contains /auth/realms/master/avatar-provider" "phase:1,id:99000010,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_FILENAME "@contains /lib/ajax/service-nologin.php" "phase:1,id:99000011,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_FILENAME "@contains /lib/ajax/service.php" "phase:1,id:99000012,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_FILENAME "@contains /apps/polls/poll" "phase:1,id:99000013,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
SecRule REQUEST_URI "^/status.php" \
"phase:1,id:99000014,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
SecRule SERVER_NAME "@contains nextcloud."
SecRule REQUEST_URI "@contains /wp-json/wp/v2/users" \
"phase:1,id:99000015,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
SecRule SERVER_NAME "@contains wp."
SecRule REQUEST_URI "@contains /report/security/index.php" \
"phase:1,id:99000016,t:none,t:lowercase,deny,status:403,msg:'403 Access Denied',chain"
SecRule SERVER_NAME "@contains moodle." \
"t:none,\
chain"
SecRule ARGS:detail "@streq core_publicpaths" \
"t:none"