diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index aa06d9e006..ef2ff1ac8c 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -47,7 +47,7 @@ body: label: BunkerWeb version description: What version of BunkerWeb are you running? placeholder: Version - value: 1.6.0-rc3 + value: 1.6.0-rc4 validations: required: true - type: dropdown diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a25fa8f52f..d48ca34890 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ jobs: - name: Checkout repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python 3.9 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: matrix.language == 'python' with: python-version: "3.9" @@ -35,12 +35,12 @@ jobs: python -m pip install --no-cache-dir --require-hashes -r src/common/db/requirements.txt echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV - name: Initialize CodeQL - uses: github/codeql-action/init@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/init@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: languages: ${{ matrix.language }} config-file: ./.github/codeql.yml setup-python-dependencies: false - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/analyze@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 088e794db4..fc2a03e1e9 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -95,7 +95,7 @@ jobs: # Build cached image - name: Build image if: inputs.CACHE == true - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . file: ${{ inputs.DOCKERFILE }} @@ -108,7 +108,7 @@ jobs: # Build non-cached image - name: Build image if: inputs.CACHE != true - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . file: ${{ inputs.DOCKERFILE }} diff --git a/.github/workflows/doc-to-pdf.yml b/.github/workflows/doc-to-pdf.yml index 7a8c56d52a..c5dcd74325 100644 --- a/.github/workflows/doc-to-pdf.yml +++ b/.github/workflows/doc-to-pdf.yml @@ -15,7 +15,7 @@ jobs: - name: Checkout source code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.10" - name: Install doc dependencies @@ -23,7 +23,7 @@ jobs: - name: Install chromium run: sudo apt install chromium-browser - name: Install node - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version: 18 - name: Install puppeteer diff --git a/.github/workflows/linux-build.yml b/.github/workflows/linux-build.yml index 8798190048..4956eacca1 100644 --- a/.github/workflows/linux-build.yml +++ b/.github/workflows/linux-build.yml @@ -97,7 +97,7 @@ jobs: # Build testing package image - name: Build package image if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui' || inputs.RELEASE == '1.5' - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . load: true @@ -109,7 +109,7 @@ jobs: # Build non-testing package image - name: Build package image if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev' && inputs.RELEASE != 'ui' && inputs.RELEASE != '1.5' - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . load: true @@ -145,7 +145,7 @@ jobs: images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }} - name: Build test image if: inputs.TEST == true - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . file: tests/linux/Dockerfile-${{ inputs.LINUX }} diff --git a/.github/workflows/push-doc.yml b/.github/workflows/push-doc.yml index 4d522d99b4..a46372cc75 100644 --- a/.github/workflows/push-doc.yml +++ b/.github/workflows/push-doc.yml @@ -33,7 +33,7 @@ jobs: run: | git config --global user.name "BunkerBot" git config --global user.email "bunkerbot@bunkerity.com" - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.10" - name: Install doc dependencies diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index d343fb4596..1bc7dbd750 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -70,7 +70,7 @@ jobs: images: bunkerity/${{ inputs.IMAGE }} # Build and push - name: Build and push - uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0 + uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 with: context: . file: ${{ inputs.DOCKERFILE }} diff --git a/.github/workflows/push-packagecloud.yml b/.github/workflows/push-packagecloud.yml index 628a577b88..348cf5eb8b 100644 --- a/.github/workflows/push-packagecloud.yml +++ b/.github/workflows/push-packagecloud.yml @@ -42,7 +42,7 @@ jobs: - name: Check out repository code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install ruby - uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0 + uses: ruby/setup-ruby@1287d2b408066abada82d5ad1c63652e758428d9 # v1.214.0 with: ruby-version: "3.0" - name: Install packagecloud diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 33d00d1e77..f07caaca51 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -25,6 +25,6 @@ jobs: results_format: sarif publish_results: true - name: "Upload SARIF results to code scanning" - uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: sarif_file: results.sarif diff --git a/.github/workflows/staging-create-infra.yml b/.github/workflows/staging-create-infra.yml index 527fddc9eb..b56f8ce57e 100644 --- a/.github/workflows/staging-create-infra.yml +++ b/.github/workflows/staging-create-infra.yml @@ -30,7 +30,7 @@ jobs: with: version: "v1.29.1" - name: Set up Python 3.12 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 if: inputs.TYPE != 'k8s' with: python-version: "3.12" diff --git a/.github/workflows/test-core-linux.yml b/.github/workflows/test-core-linux.yml index 01e855df25..d6318c99d2 100644 --- a/.github/workflows/test-core-linux.yml +++ b/.github/workflows/test-core-linux.yml @@ -18,7 +18,7 @@ jobs: - name: Checkout source code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python 3.12 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.12" - name: Install Firefox manually and dependencies diff --git a/.github/workflows/tests-ui-linux.yml b/.github/workflows/tests-ui-linux.yml index 65ad9d49a2..cfb430a121 100644 --- a/.github/workflows/tests-ui-linux.yml +++ b/.github/workflows/tests-ui-linux.yml @@ -18,7 +18,7 @@ jobs: - name: Checkout source code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python 3.12 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.12" - name: Install Firefox manually and dependencies diff --git a/CHANGELOG.md b/CHANGELOG.md index 49f48e0626..0d5a95b697 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ # Changelog -## v1.6.0-rc3 - ????/??/?? +## v1.6.0-rc4 - ????/??/?? + +- [BUGFIX] Fix shenanigans with the configuration being wiped after a restart +- [BUGFIX] Fix shenanigans with cache files being deleted for no reason +- [BUGFIX] Refactor condition checks in Database class to avoid default value check when a multiple has a suffix so that it still saves important values +- [DOCKER] Update Dockerfiles to change user home directories and set shell to nologin for autoconf, scheduler, and ui users +- [DEPS] Updated coreruleset-v4 version to v4.11.0 + +## v1.6.0-rc3 - 2025/01/26 - [FEATURE] Update BunkerNet's logic to send reports in bulk instead of one by one - [AUTOCONF] Add the possibility to add/override settings via ConfigMap in Kubernetes using the `bunkerweb.io/CONFIG_TYPE=settings` annotation diff --git a/README.md b/README.md index c25fda353e..6c8ce9f793 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

- BunkerWeb logo + BunkerWeb logo

@@ -26,7 +26,7 @@ | 👨‍💻 Demo | - 🛡️ Examples + 🛡️ Examples | 💬 Chat | @@ -44,14 +44,14 @@ # BunkerWeb

- Overview banner + Overview banner

BunkerWeb is a next-generation and open-source Web Application Firewall (WAF). -Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.6.0-rc3/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. +Being a full-featured web server (based on [NGINX](https://nginx.org/) under the hood), it will protect your web services to make them "secure by default". BunkerWeb integrates seamlessly into your existing environments ([Linux](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#linux), [Docker](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#docker), [Swarm](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#swarm), [Kubernetes](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#kubernetes), …) and is fully configurable (don't panic, there is an [awesome web UI](https://docs.bunkerweb.io/1.6.0-rc4/web-ui/?utm_campaign=self&utm_source=github) if you don't like the CLI) to meet your own use-cases . In other words, cybersecurity is no more a hassle. -BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.6.0-rc3/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.6.0-rc3/plugins/?utm_campaign=self&utm_source=github). +BunkerWeb contains primary [security features](https://docs.bunkerweb.io/1.6.0-rc4/security-tuning/?utm_campaign=self&utm_source=github) as part of the core but can be easily extended with additional ones thanks to a [plugin system](https://docs.bunkerweb.io/1.6.0-rc4/plugins/?utm_campaign=self&utm_source=github). ## Why BunkerWeb ? @@ -76,7 +76,7 @@ A non-exhaustive list of security features : - **Block known bad IPs** with external blacklists and DNSBL - And much more ... -Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.6.0-rc3/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation. +Learn more about the core security features in the [security tuning](https://docs.bunkerweb.io/1.6.0-rc4/security-tuning/?utm_campaign=self&utm_source=github) section of the documentation. ## Demo @@ -105,13 +105,13 @@ When using BunkerWeb you have the choice of the version you want to use : open-s Whether it's enhanced security, an enriched user experience, or technical supervision, the BunkerWeb PRO version will allow you to fully benefit from BunkerWeb and respond to your professional needs. -Be it in the documentation or the user interface, the PRO features are annotated with a crown crow pro icon to distinguish them from those integrated into the open-source version. +Be it in the documentation or the user interface, the PRO features are annotated with a crown crow pro icon to distinguish them from those integrated into the open-source version. You can upgrade from the open-source version to the PRO one easily and at any time you want. The process is pretty straightforward : - Claim your [free trial on the BunkerWeb panel](https://panel.bunkerweb.io/?utm_campaign=self&utm_source=doc) - Once connected to the client area, copy your PRO license key -- Paste your private key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.6.0-rc3/web-ui/#upgrade-to-pro) or [specific setting](https://docs.bunkerweb.io/1.6.0-rc3/settings/#pro) +- Paste your private key into BunkerWeb using the [web UI](https://docs.bunkerweb.io/1.6.0-rc4/web-ui/#upgrade-to-pro) or [specific setting](https://docs.bunkerweb.io/1.6.0-rc4/settings/#pro) Do not hesitate to visit the [BunkerWeb panel](https://panel.bunkerweb.io/knowledgebase?utm_campaign=self&utm_source=doc) or [contact us](https://panel.bunkerweb.io/contact.php?utm_campaign=self&utm_source=doc) if you have any question regarding the PRO version. @@ -144,10 +144,10 @@ Community and social networks : # Concepts

- Concepts banner + Concepts banner

-You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.6.0-rc3/concepts/?utm_campaign=self&utm_source=github). +You will find more information about the key concepts of BunkerWeb in the [documentation](https://docs.bunkerweb.io/1.6.0-rc4/concepts/?utm_campaign=self&utm_source=github). ## Integrations @@ -155,12 +155,12 @@ The first concept is the integration of BunkerWeb into the target environment. W The following integrations are officially supported : -- [Docker](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#docker) -- [Linux](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#linux) -- [Docker autoconf](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) -- [Kubernetes](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#kubernetes) -- [Swarm](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#swarm) -- [Microsoft Azure](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) +- [Docker](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#docker) +- [Linux](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#linux) +- [Docker autoconf](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) +- [Kubernetes](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#kubernetes) +- [Swarm](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#swarm) +- [Microsoft Azure](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) ## Settings @@ -192,7 +192,7 @@ When multisite mode is enabled, BunkerWeb will serve and protect multiple web ap ## Custom configurations -Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.6.0-rc3/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges. +Because meeting all the use cases only using the settings is not an option (even with [external plugins](https://docs.bunkerweb.io/1.6.0-rc4/plugins/?utm_campaign=self&utm_source=github)), you can use custom configurations to solve your specific challenges. Under the hood, BunkerWeb uses the notorious NGINX web server, that's why you can leverage its configuration system for your specific needs. Custom NGINX configurations can be included in different [contexts](https://docs.nginx.com/nginx/admin-guide/basic-functionality/managing-configuration-files/#contexts) like HTTP or server (all servers and/or specific server block). @@ -201,7 +201,7 @@ Another core component of BunkerWeb is the ModSecurity Web Application Firewall ## Database

- Database model + Database model

State of the current configuration of BunkerWeb is stored in a backend database which contains the following data : @@ -230,7 +230,7 @@ In other words, the scheduler is the brain of BunkerWeb. ## BunkerWeb Cloud

- Docker banner + Docker banner

BunkerWeb Cloud is the easiest way to get started with BunkerWeb. It offers you a fully managed BunkerWeb service with no hassle. Think of a like a BunkerWeb-as-a-Service ! @@ -240,7 +240,7 @@ You will find more information about BunkerWeb Cloud beta [here](https://www.bun ## Docker

- Docker banner + Docker banner

We provide ready to use prebuilt images for x64, x86, armv7 and arm64 platforms on [Docker Hub](https://hub.docker.com/u/bunkerity). @@ -251,46 +251,46 @@ Docker integration key concepts are : - **Scheduler** container to store configuration and execute jobs - **Networks** to expose ports for clients and connect to upstream web services -You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation. +You will find more information in the [Docker integration section](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#docker) of the documentation. ## Docker autoconf

- Docker autoconf banner + Docker autoconf banner

The downside of using environment variables is that the container needs to be recreated each time there is an update which is not very convenient. To counter that issue, you can use another image called **autoconf** which will listen for Docker events and automatically reconfigure BunkerWeb in real-time without recreating the container. Instead of defining environment variables for the BunkerWeb container, you simply add **labels** to your web applications containers and the **autoconf** will "automagically" take care of the rest. -You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation. +You will find more information in the [Docker autoconf section](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#docker-autoconf) of the documentation. ## Swarm

- Swarm banner + Swarm banner

To automatically configure BunkerWeb instances, a special service, called **autoconf** will listen for Docker Swarm events like service creation or deletion and automatically configure the **BunkerWeb instances** in real-time without downtime. -Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix. +Like the [Docker autoconf integration](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#docker-autoconf), configuration for web services is defined using labels starting with the special **bunkerweb.** prefix. -You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation. +You will find more information in the [Swarm section](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#swarm) of the documentation. ## Kubernetes

- Kubernetes banner + Kubernetes banner

The autoconf acts as an [Ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/) and will configure the BunkerWeb instances according to the [Ingress resources](https://kubernetes.io/docs/concepts/services-networking/ingress/). It also monitors other Kubernetes objects like [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) for custom configurations. -You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation. +You will find more information in the [Kubernetes section](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#kubernetes) of the documentation. ## Linux

- Linux banner + Linux banner

List of supported Linux distros : @@ -308,16 +308,16 @@ You will find more information in the [Linux section](https://docs.bunkerweb.io/ ## Microsoft Azure

- Azure banner + Azure banner

-BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and a ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc3/misc/integrations/azure-arm-template.json). +BunkerWeb is referenced in the [Azure Marketplace](https://azuremarketplace.microsoft.com/fr-fr/marketplace/apps/bunkerity.bunkerweb?tab=Overview) and a ARM template is available in the [misc folder](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc4/misc/integrations/azure-arm-template.json). -You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.6.0-rc3/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation. +You will find more information in the [Microsoft Azure section](https://docs.bunkerweb.io/1.6.0-rc4/integrations/?utm_campaign=self&utm_source=github#microsoft-azure) of the documentation. # Quickstart guide -Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.6.0-rc3/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases : +Once you have setup BunkerWeb with the integration of your choice, you can follow the [quickstart guide](https://docs.bunkerweb.io/1.6.0-rc4/quickstart-guide/?utm_campaign=self&utm_source=github) that will cover the following common use cases : - Protecting a single HTTP application - Protecting multiple HTTP application @@ -328,9 +328,9 @@ Once you have setup BunkerWeb with the integration of your choice, you can follo # Security tuning -BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.6.0-rc3/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives. +BunkerWeb offers many security features that you can configure with [settings](https://docs.bunkerweb.io/1.6.0-rc4/settings/?utm_campaign=self&utm_source=github). Even if the default values of settings ensure a minimal "security by default", we strongly recommend you to tune them. By doing so you will be able to ensure a security level of your choice but also manage false positives. -You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.6.0-rc3/security-tuning/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [security tuning section](https://docs.bunkerweb.io/1.6.0-rc4/security-tuning/?utm_campaign=self&utm_source=github) of the documentation. # Settings @@ -340,13 +340,13 @@ As a general rule when multisite mode is enabled, if you want to apply settings When settings are considered as "multiple", it means that you can have multiple groups of settings for the same feature by adding numbers as suffix like `REVERSE_PROXY_URL_1=/subdir`, `REVERSE_PROXY_HOST_1=http://myhost1`, `REVERSE_PROXY_URL_2=/anotherdir`, `REVERSE_PROXY_HOST_2=http://myhost2`, ... for example. -Check the [settings section](https://docs.bunkerweb.io/1.6.0-rc3/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list. +Check the [settings section](https://docs.bunkerweb.io/1.6.0-rc4/settings/?utm_campaign=self&utm_source=github) of the documentation to get the full list. # Web UI

- +

@@ -360,7 +360,7 @@ The "Web UI" is a web application that helps you manage your BunkerWeb instance - Monitor jobs execution - View the logs and search pattern -You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.6.0-rc3/web-ui/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [Web UI section](https://docs.bunkerweb.io/1.6.0-rc4/web-ui/?utm_campaign=self&utm_source=github) of the documentation. # Plugins @@ -378,7 +378,7 @@ Here is the list of "official" plugins that we maintain (see the [bunkerweb-plug | **VirusTotal** | 1.8 | Automatically scans uploaded files with the VirusTotal API and denies the request when a file is detected as malicious. | [bunkerweb-plugins/virustotal](https://github.com/bunkerity/bunkerweb-plugins/tree/main/virustotal) | | **WebHook** | 1.8 | Send security notifications to a custom HTTP endpoint using a Webhook. | [bunkerweb-plugins/webhook](https://github.com/bunkerity/bunkerweb-plugins/tree/main/webhook) | -You will find more information in the [plugins section](https://docs.bunkerweb.io/1.6.0-rc3/plugins/?utm_campaign=self&utm_source=github) of the documentation. +You will find more information in the [plugins section](https://docs.bunkerweb.io/1.6.0-rc4/plugins/?utm_campaign=self&utm_source=github) of the documentation. # Support @@ -401,15 +401,15 @@ Please don't use [GitHub issues](https://github.com/bunkerity/bunkerweb/issues) # License -This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc3/LICENSE.md). +This project is licensed under the terms of the [GNU Affero General Public License (AGPL) version 3](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc4/LICENSE.md). # Contribute -If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc3/CONTRIBUTING.md) to get started. +If you would like to contribute to the plugins you can read the [contributing guidelines](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc4/CONTRIBUTING.md) to get started. # Security policy -We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc3/SECURITY.md) for more information. +We take security bugs as serious issues and encourage responsible disclosure, see our [security policy](https://github.com/bunkerity/bunkerweb/raw/v1.6.0-rc4/SECURITY.md) for more information. # Star History diff --git a/docs/advanced.md b/docs/advanced.md index ee10426da7..5b361337ab 100644 --- a/docs/advanced.md +++ b/docs/advanced.md @@ -51,7 +51,7 @@ You will find more settings about real IP in the [settings section](settings.md# ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... environment: USE_REAL_IP: "yes" @@ -66,7 +66,7 @@ You will find more settings about real IP in the [settings section](settings.md# ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... environment: USE_REAL_IP: "yes" @@ -86,7 +86,7 @@ You will find more settings about real IP in the [settings section](settings.md# ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... environment: USE_REAL_IP: "yes" @@ -155,7 +155,7 @@ You will find more settings about real IP in the [settings section](settings.md# ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... environment: USE_REAL_IP: "yes" @@ -171,7 +171,7 @@ You will find more settings about real IP in the [settings section](settings.md# ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... environment: USE_REAL_IP: "yes" @@ -192,7 +192,7 @@ You will find more settings about real IP in the [settings section](settings.md# ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... environment: USE_REAL_IP: "yes" @@ -295,7 +295,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080" # Keep it if you want to use Let's Encrypt automation when using http challenge type - "10000:10000" # app1 @@ -310,7 +310,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 volumes: - bw-data:/data environment: @@ -361,7 +361,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080" # Keep it if you want to use Let's Encrypt automation when using http challenge type - "10000:10000" # app1 @@ -415,7 +415,7 @@ For complete list of settings regarding `stream` mode, please refer to the [sett ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: # Keep it if you want to use Let's Encrypt automation when using http challenge type - published: 80 @@ -700,7 +700,7 @@ Some integrations provide more convenient ways to apply configurations, such as ```yaml ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: - | CUSTOM_CONF_SERVER_HTTP_hello-world= @@ -743,7 +743,7 @@ Some integrations provide more convenient ways to apply configurations, such as ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 volumes: - ./bw-data:/data ... @@ -813,7 +813,7 @@ Some integrations provide more convenient ways to apply configurations, such as ```yaml bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 volumes: - ./bw-data:/data ... @@ -994,7 +994,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -1009,7 +1009,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-api-env BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance @@ -1103,7 +1103,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 labels: - "bunkerweb.INSTANCE=yes" environment: @@ -1116,7 +1116,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-api-env BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service @@ -1131,7 +1131,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma - bw-db bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -1281,7 +1281,7 @@ BunkerWeb supports PHP using external or remote [PHP-FPM](https://www.php.net/ma ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 volumes: - /shared/www:/var/www/html ... @@ -1476,7 +1476,7 @@ By default, BunkerWeb will only listen on IPv4 addresses and won't use IPv6 for ```yaml services: bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: USE_IPv6: "yes" @@ -1916,7 +1916,7 @@ Below is the list of related settings: You can select from the following versions of the OWASP Core Rule Set (CRS) to suit your application's security needs: - **`3`**: The stable [v3.3.7](https://github.com/coreruleset/coreruleset/releases/tag/v3.3.7) release of the OWASP CRS. -- **`4`**: The stable [v4.10.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.10.0) release of the OWASP CRS (**default**). +- **`4`**: The stable [v4.11.0](https://github.com/coreruleset/coreruleset/releases/tag/v4.11.0) release of the OWASP CRS (**default**). - **`nightly`**: The [nightly build](https://github.com/coreruleset/coreruleset/releases/tag/nightly), which is updated daily with the latest rules and improvements. !!! example "Nightly Build" @@ -2076,7 +2076,7 @@ This BunkerWeb plugin acts as a [CrowdSec](https://crowdsec.net/) bouncer. It wi ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080" - "443:8443" @@ -2093,7 +2093,7 @@ This BunkerWeb plugin acts as a [CrowdSec](https://crowdsec.net/) bouncer. It wi syslog-address: "udp://10.10.10.254:514" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb environment: @@ -2587,7 +2587,7 @@ Here is the list of related settings : For more advanced authentication methods, such as Single Sign-On (SSO), you can leverage the **auth request settings**. This allows integration with external authentication systems by using subrequest-based authentication. For detailed information about this feature, refer to the [NGINX documentation](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/). -To help you get started, the [BunkerWeb repository](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/examples) includes examples for popular authentication solutions like [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/). These examples demonstrate how to integrate these tools seamlessly with your deployment. +To help you get started, the [BunkerWeb repository](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/examples) includes examples for popular authentication solutions like [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/). These examples demonstrate how to integrate these tools seamlessly with your deployment. **Auth request settings are related to reverse proxy rules.** diff --git a/docs/concepts.md b/docs/concepts.md index 9c5e586c7e..17badef7b4 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -83,7 +83,7 @@ app3.example.com_USE_BAD_BEHAVIOR=no !!! info "Going further" - You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/examples) directory of the repository. + You will find concrete examples of multisite mode in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/examples) directory of the repository. ## Custom configurations @@ -97,7 +97,7 @@ By leveraging custom configurations, you unlock a world of possibilities to tail !!! info "Going further" - You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/examples) directory of the repository. + You will find concrete examples of custom configurations in the [quickstart guide](quickstart-guide.md) of the documentation and the [examples](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/examples) directory of the repository. ## Database diff --git a/docs/integrations.md b/docs/integrations.md index 1ab1d46883..0b9c26b43f 100644 --- a/docs/integrations.md +++ b/docs/integrations.md @@ -35,13 +35,13 @@ By accessing these prebuilt images from Docker Hub, you can quickly pull and run Whether you're conducting tests, developing applications, or deploying BunkerWeb in production, the Docker containerization option provides flexibility and ease of use. Embracing this method empowers you to take full advantage of BunkerWeb's features while leveraging the benefits of Docker technology. ```shell -docker pull bunkerity/bunkerweb:1.6.0-rc3 +docker pull bunkerity/bunkerweb:1.6.0-rc4 ``` Docker images are also available on [GitHub packages](https://github.com/orgs/bunkerity/packages?repo_name=bunkerweb) and can be downloaded using the `ghcr.io` repository address : ```shell -docker pull ghcr.io/bunkerity/bunkerweb:1.6.0-rc3 +docker pull ghcr.io/bunkerity/bunkerweb:1.6.0-rc4 ``` Alternatively, if you prefer a more hands-on approach, you have the option to build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb). Building the image from source gives you greater control and customization over the deployment process. However, please note that this method may take some time to complete, depending on your hardware configuration. @@ -71,7 +71,7 @@ When integrating BunkerWeb with Docker, there are key concepts to keep in mind, - **Networks**: Docker networks play a vital role in the integration of BunkerWeb. These networks serve two main purposes: exposing ports to clients and connecting to upstream web services. By exposing ports, BunkerWeb can accept incoming requests from clients, allowing them to access the protected web services. Additionally, by connecting to upstream web services, BunkerWeb can efficiently route and manage the traffic, providing enhanced security and performance. !!! info "Database backend" - Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using SQLite as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) folder of the repository for more information. ### Environment variables @@ -81,7 +81,7 @@ Settings are passed to the Scheduler using Docker environment variables : ... services: bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: - MY_SETTING=value - ANOTHER_SETTING=another value @@ -96,7 +96,7 @@ services: The [scheduler](concepts.md#scheduler) is executed in its own container which is also available on Docker Hub : ```shell -docker pull bunkerity/bunkerweb-scheduler:1.6.0-rc3 +docker pull bunkerity/bunkerweb-scheduler:1.6.0-rc4 ``` Alternatively, you can build the Docker image directly from the [source](https://github.com/bunkerity/bunkerweb) (less coffee ☕ needed than the BunkerWeb image) : @@ -123,7 +123,7 @@ docker build -t my-scheduler -f src/scheduler/Dockerfile . services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 environment: # This will set the API settings for the BunkerWeb container <<: *bw-api-env @@ -132,7 +132,7 @@ docker build -t my-scheduler -f src/scheduler/Dockerfile . - bw-universe bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: # This will set the API settings for the Scheduler container <<: *bw-api-env @@ -149,7 +149,7 @@ A volume is needed to store the SQLite database that will be used by the schedul ... services: bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 volumes: - bw-data:/data ... @@ -230,7 +230,7 @@ x-bw-api-env: &bw-api-env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -243,7 +243,7 @@ services: - bw-universe ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-api-env BUNKERWEB_INSTANCES: "bunkerweb" # This setting is mandatory to specify the BunkerWeb instance @@ -271,7 +271,7 @@ x-bw-api-env: &bw-api-env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -284,7 +284,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb environment: @@ -364,12 +364,12 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb export UI_WIZARD=no ``` - And finally install BunkerWeb 1.6.0-rc3 : + And finally install BunkerWeb 1.6.0-rc4 : ```shell curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \ sudo apt update && \ - sudo -E apt install -y bunkerweb=1.6.0-rc3 + sudo -E apt install -y bunkerweb=1.6.0-rc4 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command : @@ -412,12 +412,12 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb export UI_WIZARD=no ``` - And finally install BunkerWeb 1.6.0-rc3 : + And finally install BunkerWeb 1.6.0-rc4 : ```shell curl -s https://repo.bunkerweb.io/install/script.deb.sh | sudo bash && \ sudo apt update && \ - sudo -E apt install -y bunkerweb=1.6.0-rc3 + sudo -E apt install -y bunkerweb=1.6.0-rc4 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `apt upgrade`, you can use the following command : @@ -448,14 +448,14 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb export UI_WIZARD=no ``` - And finally install BunkerWeb 1.6.0-rc3 : + And finally install BunkerWeb 1.6.0-rc4 : ```shell curl -s https://repo.bunkerweb.io/install/script.rpm.sh | \ sed 's/yum install -y pygpgme --disablerepo='\''bunkerity_bunkerweb'\''/yum install -y python-gnupg/g' | \ sed 's/pypgpme_check=`rpm -qa | grep -qw pygpgme`/python-gnupg_check=`rpm -qa | grep -qw python-gnupg`/g' | sudo bash && \ sudo dnf makecache && \ - sudo -E dnf install -y bunkerweb-1.6.0-rc3 + sudo -E dnf install -y bunkerweb-1.6.0-rc4 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command : @@ -500,13 +500,13 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb export UI_WIZARD=no ``` - And finally install BunkerWeb 1.6.0-rc3 : + And finally install BunkerWeb 1.6.0-rc4 : ```shell sudo dnf install -y epel-release && \ curl -s https://repo.bunkerweb.io/install/script.rpm.sh | sudo bash && \ sudo dnf check-update && \ - sudo -E dnf install -y bunkerweb-1.6.0-rc3 + sudo -E dnf install -y bunkerweb-1.6.0-rc4 ``` To prevent upgrading NGINX and/or BunkerWeb packages when executing `dnf upgrade`, you can use the following command : @@ -601,7 +601,7 @@ By adopting this approach, you can enjoy real-time reconfiguration of BunkerWeb The Docker autoconf integration implies the use of **multisite mode**. Please refer to the [multisite section](concepts.md#multisite-mode) of the documentation for more information. !!! info "Database backend" - Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) folder of the repository for more information. To enable automated configuration updates, include an additional container called `bw-autoconf` in the stack. This container hosts the autoconf service, which manages dynamic configuration changes for BunkerWeb. @@ -615,7 +615,7 @@ x-bw-env: &bw-env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -630,7 +630,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-env BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service @@ -645,7 +645,7 @@ services: - bw-db bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -757,13 +757,13 @@ networks: ... services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 labels: - "bunkerweb.INSTANCE=yes" - "bunkerweb.NAMESPACE=my-namespace" # Set the namespace for the BunkerWeb instance so the autoconf service can detect it ... bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: ... NAMESPACES: "my-namespace my-other-namespace" # Only listen to these namespaces @@ -792,7 +792,7 @@ For an optimal setup, it is recommended to define BunkerWeb as a **[DaemonSet](h Given the presence of multiple BunkerWeb instances, it is necessary to establish a shared data store implemented as a [Redis](https://redis.io/) service. This Redis service will be utilized by the instances to cache and share data among themselves. Further information about the Redis settings can be found [here](settings.md#redis). !!! info "Database backend" - Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) folder of the repository for more information. Clustered database backends setup are out-of-the-scope of this documentation. @@ -865,7 +865,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -925,7 +925,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -952,7 +952,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -1152,7 +1152,7 @@ metadata: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: NAMESPACES @@ -1232,7 +1232,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: USE_KUBERNETES_FQDN @@ -1272,7 +1272,7 @@ Since multiple instances of BunkerWeb are running, a shared data store implement As for the database volume, the documentation does not specify a specific approach. Choosing either a shared folder or a specific driver for the database volume is dependent on your unique use-case and is left as an exercise for the reader. !!! info "Database backend" - Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) folder of the repository for more information. + Please be aware that our instructions assume you are using MariaDB as the default database backend, as configured by the `DATABASE_URI` setting. However, we understand that you may prefer to utilize alternative backends for your Docker integration. If that is the case, rest assured that other database backends are still possible. See docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) folder of the repository for more information. Clustered database backends setup are out-of-the-scope of this documentation. @@ -1286,7 +1286,7 @@ x-bw-env: &bw-env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -1315,7 +1315,7 @@ services: - "bunkerweb.INSTANCE=yes" # Mandatory label for the autoconf service to identify the BunkerWeb instance bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-env BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service @@ -1336,7 +1336,7 @@ services: - "node.role == worker" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: SWARM_MODE: "yes" DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database @@ -1483,7 +1483,7 @@ networks: ... services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ... deploy: mode: global @@ -1495,7 +1495,7 @@ networks: - "bunkerweb.NAMESPACE=my-namespace" # Set the namespace for the BunkerWeb instance ... bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: NAMESPACES: "my-namespace my-other-namespace" # Only listen to these namespaces ... diff --git a/docs/plugins.md b/docs/plugins.md index 371c9b01f7..6a97ae60e6 100644 --- a/docs/plugins.md +++ b/docs/plugins.md @@ -90,7 +90,7 @@ The first step is to install the plugin by putting the plugin files inside the c services: ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 volumes: - ./bw-data:/data ... @@ -126,7 +126,7 @@ The first step is to install the plugin by putting the plugin files inside the c services: ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 volumes: - ./bw-data:/data ... @@ -169,7 +169,7 @@ The first step is to install the plugin by putting the plugin files inside the c services: ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 volumes: - /shared/bw-plugins:/data/plugins ... @@ -216,7 +216,7 @@ The first step is to install the plugin by putting the plugin files inside the c serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -256,7 +256,7 @@ The first step is to install the plugin by putting the plugin files inside the c !!! tip "Existing plugins" - If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking). + If the documentation is not enough, you can have a look at the existing source code of [official plugins](https://github.com/bunkerity/bunkerweb-plugins) and the [core plugins](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/src/common/core) (already included in BunkerWeb but they are plugins, technically speaking). What a plugin structure looks like : ``` @@ -534,7 +534,7 @@ end !!! tip "More examples" - If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/src/bw/lua/bunkerweb) of the repository. + If you want to see the full list of available functions, you can have a look at the files present in the [lua directory](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/src/bw/lua/bunkerweb) of the repository. ### Jobs diff --git a/docs/quickstart-guide.md b/docs/quickstart-guide.md index 012671ebcf..60007a450c 100644 --- a/docs/quickstart-guide.md +++ b/docs/quickstart-guide.md @@ -6,7 +6,7 @@ !!! tip "Going further" - To demonstrate the use of BunkerWeb, we will deploy a basic stack using the setup wizard as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/examples) of the repository to get real-world examples. + To demonstrate the use of BunkerWeb, we will deploy a basic stack using the setup wizard as an example. See the [examples folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/examples) of the repository to get real-world examples. Protecting existing web applications already accessible with the HTTP(S) protocol is the main goal of BunkerWeb : it will act as a classical [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) with extra security features. @@ -25,7 +25,7 @@ Protecting existing web applications already accessible with the HTTP(S) protoco services: bunkerweb: # This is the name that will be used to identify the instance in the Scheduler - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -38,7 +38,7 @@ Protecting existing web applications already accessible with the HTTP(S) protoco - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-env BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name @@ -53,7 +53,7 @@ Protecting existing web applications already accessible with the HTTP(S) protoco - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *bw-env restart: "unless-stopped" diff --git a/docs/security-tuning.md b/docs/security-tuning.md index fce8d4cb21..4462fa73e7 100644 --- a/docs/security-tuning.md +++ b/docs/security-tuning.md @@ -372,7 +372,7 @@ This BunkerWeb plugin acts as a [CrowdSec](https://crowdsec.net/) bouncer. It wi ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080" - "443:8443" @@ -389,7 +389,7 @@ This BunkerWeb plugin acts as a [CrowdSec](https://crowdsec.net/) bouncer. It wi syslog-address: "udp://10.10.10.254:514" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb environment: @@ -839,7 +839,7 @@ You can quickly protect sensitive resources like the admin area for example, by ### Auth request -You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/examples). +You can deploy complex authentication (e.g. SSO), by using the auth request settings (see [here](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/) for more information on the feature). Please note that you will find [Authelia](https://www.authelia.com/) and [Authentik](https://goauthentik.io/) examples in the [repository](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/examples). **Auth request settings are related to reverse proxy rules.** diff --git a/docs/upgrading.md b/docs/upgrading.md index 46018d4e9c..25ff45b610 100644 --- a/docs/upgrading.md +++ b/docs/upgrading.md @@ -74,16 +74,16 @@ ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 ... bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 ... ``` @@ -116,7 +116,7 @@ Them, you can update BunkerWeb package : ```shell - sudo apt install -y bunkerweb=1.6.0-rc3 + sudo apt install -y bunkerweb=1.6.0-rc4 ``` To prevent upgrading BunkerWeb package when executing `apt upgrade`, you can use the following command : @@ -140,7 +140,7 @@ Them, you can update BunkerWeb package : ```shell - sudo dnf install -y bunkerweb-1.6.0-rc3 + sudo dnf install -y bunkerweb-1.6.0-rc4 ``` To prevent upgrading BunkerWeb package when executing `dnf upgrade`, you can use the following command : @@ -460,16 +460,16 @@ ```yaml services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ... bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 ... bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 ... bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 ... ``` @@ -502,7 +502,7 @@ Them, you can update BunkerWeb package : ```shell - sudo apt install -y bunkerweb=1.6.0-rc3 + sudo apt install -y bunkerweb=1.6.0-rc4 ``` To prevent upgrading BunkerWeb package when executing `apt upgrade`, you can use the following command : @@ -526,7 +526,7 @@ Them, you can update BunkerWeb package : ```shell - sudo dnf install -y bunkerweb-1.6.0-rc3 + sudo dnf install -y bunkerweb-1.6.0-rc4 ``` To prevent upgrading BunkerWeb package when executing `dnf upgrade`, you can use the following command : @@ -726,7 +726,7 @@ Unlike the 1.5.X releases, the Scheduler service **no longer uses the *docker so **The instances will be automatically fetched by the controller**. You can also add custom instances to the list that may not be picked up by the controller. -Since the 1.6.0-beta, the Scheduler also have a new [built-in healthcheck system](concepts.md#instances-healthcheck), that will check the health of the instances. If an instance becomes unhealthy, the scheduler will stop sending the configuration to it. If the instance becomes healthy again, the scheduler will start sending the configuration to it again. +Since the `1.6.0-beta`, the Scheduler also have a new [built-in healthcheck system](concepts.md#instances-healthcheck), that will check the health of the instances. If an instance becomes unhealthy, the scheduler will stop sending the configuration to it. If the instance becomes healthy again, the scheduler will start sending the configuration to it again. ### BunkerWeb container @@ -758,7 +758,7 @@ We added a **namespace** feature to the autoconf integrations. Namespaces allow !!! warning "Read this if you were a 1.4.X user" - A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) folder of the repository. + A lot of things changed since the 1.4.X releases. Container-based integrations stacks contain more services but, trust us, fundamental principles of BunkerWeb are still there. You will find ready to use boilerplates for various integrations in the [misc/integrations](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) folder of the repository. ### Scheduler diff --git a/docs/web-ui.md b/docs/web-ui.md index 4f8b9a6e4c..c875ae7534 100644 --- a/docs/web-ui.md +++ b/docs/web-ui.md @@ -118,7 +118,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -131,7 +131,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-ui-env BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name @@ -147,7 +147,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *bw-ui-env TOTP_SECRETS: "mysecret" # Remember to set a stronger secret key (see the Prerequisites section) @@ -204,7 +204,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -220,7 +220,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-ui-env BUNKERWEB_INSTANCES: "" @@ -236,7 +236,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-db bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bw-docker environment: @@ -259,7 +259,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-docker bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *bw-ui-env TOTP_SECRETS: "mysecret" # Remember to set a stronger secret key (see the Prerequisites section) @@ -323,7 +323,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -353,7 +353,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - "bunkerweb.INSTANCE=yes" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-ui-env BUNKERWEB_INSTANCES: "" @@ -371,7 +371,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - bw-db bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *bw-ui-env DOCKER_HOST: "tcp://bw-docker:2375" @@ -400,7 +400,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th - "node.role == manager" bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *bw-ui-env TOTP_SECRETS: "mysecret" # Remember to set a stronger secret key (see the Prerequisites section) @@ -516,7 +516,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -576,7 +576,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -603,7 +603,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -708,7 +708,7 @@ Review your final BunkerWeb UI URL and then click on the `Setup` button. Once th serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -806,7 +806,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -824,7 +824,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to syslog-address: "udp://10.20.30.254:514" # This is the syslog-ng container address bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-env BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name @@ -856,7 +856,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to syslog-address: "udp://10.20.30.254:514" # This is the syslog-ng container address bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: DATABASE_URI: "mariadb+pymysql://bunkerweb:changeme@bw-db:3306/db" # Remember to set a stronger password for the database ADMIN_USERNAME: "changeme" @@ -927,7 +927,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -946,7 +946,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to syslog-address: "udp://10.20.30.254:514" # This is the syslog-ng container address bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *bw-ui-env BUNKERWEB_INSTANCES: "" # We don't need to specify the BunkerWeb instance here as they are automatically detected by the autoconf service @@ -966,7 +966,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to syslog-address: "udp://10.20.30.254:514" # This is the syslog-ng container address bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -985,7 +985,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to syslog-address: "udp://10.20.30.254:514" # This is the syslog-ng container address bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *bw-ui-env ADMIN_USERNAME: "changeme" @@ -1084,7 +1084,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -1119,7 +1119,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to syslog-address: "udp://10.20.30.254:514" # This is the syslog-ng container address bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *ui-env BUNKERWEB_INSTANCES: "" @@ -1141,7 +1141,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to syslog-address: "udp://10.20.30.254:514" # This is the syslog-ng container address bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *ui-env DOCKER_HOST: "tcp://bw-docker:2375" @@ -1176,7 +1176,7 @@ To keep the logs accessible from the web UI, you will need to use `syslog-ng` to - "node.role == manager" bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *ui-env ADMIN_USERNAME: "changeme" @@ -1435,7 +1435,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) of the repository. Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -1446,7 +1446,7 @@ After a successful login/password combination, you will be prompted to enter you services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -1458,7 +1458,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *ui-env BUNKERWEB_INSTANCES: "bunkerweb" # Make sure to set the correct instance name @@ -1484,7 +1484,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *ui-env ADMIN_USERNAME: "changeme" @@ -1547,7 +1547,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the docker-compose files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) of the repository. Here is the docker-compose boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -1559,7 +1559,7 @@ After a successful login/password combination, you will be prompted to enter you services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - "80:8080/tcp" - "443:8443/tcp" @@ -1574,7 +1574,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *ui-env BUNKERWEB_INSTANCES: "" @@ -1588,7 +1588,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-db bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bw-docker environment: @@ -1622,7 +1622,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *ui-env ADMIN_USERNAME: "changeme" @@ -1690,7 +1690,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the stack files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) of the repository. Here is the stack boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -1702,7 +1702,7 @@ After a successful login/password combination, you will be prompted to enter you services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -1731,7 +1731,7 @@ After a successful login/password combination, you will be prompted to enter you - "bunkerweb.INSTANCE=yes" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *ui-env BUNKERWEB_INSTANCES: "" @@ -1747,7 +1747,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-db bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *ui-env DOCKER_HOST: "tcp://bw-docker:2375" @@ -1792,7 +1792,7 @@ After a successful login/password combination, you will be prompted to enter you - bw-universe bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *ui-env ADMIN_USERNAME: "changeme" @@ -1852,7 +1852,7 @@ After a successful login/password combination, you will be prompted to enter you !!! info "Database backend" - If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc3/misc/integrations) of the repository. + If you want another Database backend than MariaDB please refer to the yaml files in the [misc/integrations folder](https://github.com/bunkerity/bunkerweb/tree/v1.6.0-rc4/misc/integrations) of the repository. Here is the yaml boilerplate that you can use (don't forget to edit the `changeme` data) : @@ -1909,7 +1909,7 @@ After a successful login/password combination, you will be prompted to enter you containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -1969,7 +1969,7 @@ After a successful login/password combination, you will be prompted to enter you serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -1996,7 +1996,7 @@ After a successful login/password combination, you will be prompted to enter you serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -2099,7 +2099,7 @@ After a successful login/password combination, you will be prompted to enter you serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/examples/authelia/docker-compose.yml b/examples/authelia/docker-compose.yml index 11f811de90..8af236d474 100644 --- a/examples/authelia/docker-compose.yml +++ b/examples/authelia/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/authentik/docker-compose.yml b/examples/authentik/docker-compose.yml index 7afcd2ab3c..963f29a35c 100644 --- a/examples/authentik/docker-compose.yml +++ b/examples/authentik/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/behind-reverse-proxy/docker-compose.yml b/examples/behind-reverse-proxy/docker-compose.yml index 962b988da6..b67d445c3a 100644 --- a/examples/behind-reverse-proxy/docker-compose.yml +++ b/examples/behind-reverse-proxy/docker-compose.yml @@ -6,7 +6,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb environment: <<: *env @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/bigbluebutton/docker-compose.yml b/examples/bigbluebutton/docker-compose.yml index 7d091a91ec..daaea1be2e 100644 --- a/examples/bigbluebutton/docker-compose.yml +++ b/examples/bigbluebutton/docker-compose.yml @@ -25,7 +25,7 @@ services: ... bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -40,7 +40,7 @@ services: bw-universe: bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/cors/docker-compose.yml b/examples/cors/docker-compose.yml index 3d66bc1524..c04a615cc8 100644 --- a/examples/cors/docker-compose.yml +++ b/examples/cors/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -22,7 +22,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/dns-cloudflare/docker-compose.yml b/examples/dns-cloudflare/docker-compose.yml index f35f0c1a59..7c7b42584b 100644 --- a/examples/dns-cloudflare/docker-compose.yml +++ b/examples/dns-cloudflare/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/dns-digitalocean/docker-compose.yml b/examples/dns-digitalocean/docker-compose.yml index 91f7ca8b13..d6085cc162 100644 --- a/examples/dns-digitalocean/docker-compose.yml +++ b/examples/dns-digitalocean/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/dns-google/docker-compose.yml b/examples/dns-google/docker-compose.yml index 9349ca2742..a7efc7f690 100644 --- a/examples/dns-google/docker-compose.yml +++ b/examples/dns-google/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/dns-linode/docker-compose.yml b/examples/dns-linode/docker-compose.yml index 4001da10a7..036f7d3c3f 100644 --- a/examples/dns-linode/docker-compose.yml +++ b/examples/dns-linode/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/dns-ovh/docker-compose.yml b/examples/dns-ovh/docker-compose.yml index d289e2b031..6fe6a7e82a 100644 --- a/examples/dns-ovh/docker-compose.yml +++ b/examples/dns-ovh/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/dns-rfc2136/docker-compose.yml b/examples/dns-rfc2136/docker-compose.yml index 440347ea04..c85718ff9b 100644 --- a/examples/dns-rfc2136/docker-compose.yml +++ b/examples/dns-rfc2136/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/dns-route53/docker-compose.yml b/examples/dns-route53/docker-compose.yml index 4f8c50c0b6..d8512a5798 100644 --- a/examples/dns-route53/docker-compose.yml +++ b/examples/dns-route53/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/docker-configs/docker-compose.yml b/examples/docker-configs/docker-compose.yml index aeab23a98f..4b4bd60b1f 100644 --- a/examples/docker-configs/docker-compose.yml +++ b/examples/docker-configs/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/drupal/docker-compose.yml b/examples/drupal/docker-compose.yml index c50b34d820..c532a15ff4 100644 --- a/examples/drupal/docker-compose.yml +++ b/examples/drupal/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/ghost/docker-compose.yml b/examples/ghost/docker-compose.yml index 0bf1301228..27963c65b5 100644 --- a/examples/ghost/docker-compose.yml +++ b/examples/ghost/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/gogs/docker-compose.yml b/examples/gogs/docker-compose.yml index d7954956e7..c1e4576661 100644 --- a/examples/gogs/docker-compose.yml +++ b/examples/gogs/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/hardened/docker-compose.yml b/examples/hardened/docker-compose.yml index 31113787e3..dfb3587e06 100644 --- a/examples/hardened/docker-compose.yml +++ b/examples/hardened/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb # dropping all capabilities cap_drop: @@ -33,7 +33,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/joomla/docker-compose.yml b/examples/joomla/docker-compose.yml index 896e24f484..63fe3ec14e 100644 --- a/examples/joomla/docker-compose.yml +++ b/examples/joomla/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/load-balancer/docker-compose.yml b/examples/load-balancer/docker-compose.yml index 40715061e8..62d52c73b9 100644 --- a/examples/load-balancer/docker-compose.yml +++ b/examples/load-balancer/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/magento/docker-compose.yml b/examples/magento/docker-compose.yml index 64202c8e8b..6b7f291ef8 100644 --- a/examples/magento/docker-compose.yml +++ b/examples/magento/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/mattermost/docker-compose.yml b/examples/mattermost/docker-compose.yml index e165a726f2..bcd3e2e182 100644 --- a/examples/mattermost/docker-compose.yml +++ b/examples/mattermost/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/mongo-express/docker-compose.yml b/examples/mongo-express/docker-compose.yml index 103a54b459..8626df9e0c 100644 --- a/examples/mongo-express/docker-compose.yml +++ b/examples/mongo-express/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/moodle/docker-compose.yml b/examples/moodle/docker-compose.yml index 9acf82308b..44ee5a2a56 100644 --- a/examples/moodle/docker-compose.yml +++ b/examples/moodle/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/nextcloud/docker-compose.yml b/examples/nextcloud/docker-compose.yml index 6b7cf05ef0..7bd67f9fb8 100644 --- a/examples/nextcloud/docker-compose.yml +++ b/examples/nextcloud/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index 354cbbd673..45f80e1eee 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/php-cookie-flags/docker-compose.yml b/examples/php-cookie-flags/docker-compose.yml index 75aaa21213..d90728b765 100644 --- a/examples/php-cookie-flags/docker-compose.yml +++ b/examples/php-cookie-flags/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -22,7 +22,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/php-multisite/docker-compose.yml b/examples/php-multisite/docker-compose.yml index 5c3ef3ee1b..3412f88496 100644 --- a/examples/php-multisite/docker-compose.yml +++ b/examples/php-multisite/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -23,7 +23,7 @@ services: - net-app2 bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/php-singlesite/docker-compose.yml b/examples/php-singlesite/docker-compose.yml index 405a29a8e5..7acfc8ef59 100644 --- a/examples/php-singlesite/docker-compose.yml +++ b/examples/php-singlesite/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -22,7 +22,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/prestashop/docker-compose.yml b/examples/prestashop/docker-compose.yml index b197378488..6a309ca014 100644 --- a/examples/prestashop/docker-compose.yml +++ b/examples/prestashop/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/proxy-protocol/docker-compose.yml b/examples/proxy-protocol/docker-compose.yml index bf6693af92..9b31cd5621 100644 --- a/examples/proxy-protocol/docker-compose.yml +++ b/examples/proxy-protocol/docker-compose.yml @@ -8,7 +8,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb environment: <<: *env @@ -19,7 +19,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/radarr/docker-compose.yml b/examples/radarr/docker-compose.yml index 0a9cc79788..a99da3fd8e 100644 --- a/examples/radarr/docker-compose.yml +++ b/examples/radarr/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/redmine/docker-compose.yml b/examples/redmine/docker-compose.yml index 370c9aa6ac..0bcb89ab04 100644 --- a/examples/redmine/docker-compose.yml +++ b/examples/redmine/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/reverse-proxy-multisite/docker-compose.yml b/examples/reverse-proxy-multisite/docker-compose.yml index 3662230ffe..adc8b3750b 100644 --- a/examples/reverse-proxy-multisite/docker-compose.yml +++ b/examples/reverse-proxy-multisite/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/reverse-proxy-singlesite/docker-compose.yml b/examples/reverse-proxy-singlesite/docker-compose.yml index 3185b27be6..5f0ec1ba6b 100644 --- a/examples/reverse-proxy-singlesite/docker-compose.yml +++ b/examples/reverse-proxy-singlesite/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/reverse-proxy-websocket/docker-compose.yml b/examples/reverse-proxy-websocket/docker-compose.yml index 13b9463172..8fd60bfc1a 100644 --- a/examples/reverse-proxy-websocket/docker-compose.yml +++ b/examples/reverse-proxy-websocket/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/examples/stream-multisite/docker-compose.yml b/examples/stream-multisite/docker-compose.yml index 20eeec771f..493ba769ad 100644 --- a/examples/stream-multisite/docker-compose.yml +++ b/examples/stream-multisite/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080" # required to resolve let's encrypt challenges @@ -16,7 +16,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bunkerweb-scheduler depends_on: - bunkerweb diff --git a/examples/syslog/docker-compose.yml b/examples/syslog/docker-compose.yml index 44f0521d04..f46d343b58 100644 --- a/examples/syslog/docker-compose.yml +++ b/examples/syslog/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb depends_on: - mysyslog @@ -21,7 +21,7 @@ services: syslog-address: "udp://10.10.10.254:514" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb - mysyslog diff --git a/examples/tomcat/docker-compose.yml b/examples/tomcat/docker-compose.yml index 9253bb76e6..2fff842956 100644 --- a/examples/tomcat/docker-compose.yml +++ b/examples/tomcat/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bunkerweb-scheduler depends_on: - bunkerweb diff --git a/examples/tor-hidden-service/docker-compose.yml b/examples/tor-hidden-service/docker-compose.yml index a57c7c0d14..f1349f545b 100644 --- a/examples/tor-hidden-service/docker-compose.yml +++ b/examples/tor-hidden-service/docker-compose.yml @@ -10,7 +10,7 @@ services: - onion-net bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb environment: API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" @@ -21,7 +21,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bunkerweb-scheduler depends_on: - bunkerweb diff --git a/examples/web-ui/docker-compose.wizard.yml b/examples/web-ui/docker-compose.wizard.yml index e06ee8c9a9..89c5efdb84 100644 --- a/examples/web-ui/docker-compose.wizard.yml +++ b/examples/web-ui/docker-compose.wizard.yml @@ -3,7 +3,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb @@ -40,7 +40,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 container_name: bw-ui environment: <<: *env diff --git a/examples/web-ui/docker-compose.yml b/examples/web-ui/docker-compose.yml index 940e94c399..74fa50b086 100644 --- a/examples/web-ui/docker-compose.yml +++ b/examples/web-ui/docker-compose.yml @@ -3,7 +3,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb @@ -43,7 +43,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 container_name: bw-ui environment: <<: *env diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml index bcf401df00..c948dcf1fa 100644 --- a/examples/wordpress/docker-compose.yml +++ b/examples/wordpress/docker-compose.yml @@ -1,6 +1,6 @@ services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 container_name: bunkerweb ports: - "80:8080/tcp" @@ -14,7 +14,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 container_name: bw-scheduler depends_on: - bunkerweb diff --git a/misc/integrations/autoconf.mariadb.ui.yml b/misc/integrations/autoconf.mariadb.ui.yml index 1f333bd915..915a98f572 100644 --- a/misc/integrations/autoconf.mariadb.ui.yml +++ b/misc/integrations/autoconf.mariadb.ui.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -31,7 +31,7 @@ services: - bw-db bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: @@ -47,7 +47,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 networks: - bw-universe - bw-db diff --git a/misc/integrations/autoconf.mariadb.yml b/misc/integrations/autoconf.mariadb.yml index 719696cbc1..9f4a3c166e 100644 --- a/misc/integrations/autoconf.mariadb.yml +++ b/misc/integrations/autoconf.mariadb.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -31,7 +31,7 @@ services: - bw-db bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: diff --git a/misc/integrations/autoconf.mysql.ui.yml b/misc/integrations/autoconf.mysql.ui.yml index f1f3e019e3..8c5dbb4d34 100644 --- a/misc/integrations/autoconf.mysql.ui.yml +++ b/misc/integrations/autoconf.mysql.ui.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -31,7 +31,7 @@ services: - bw-db bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: @@ -47,7 +47,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 networks: - bw-universe - bw-db diff --git a/misc/integrations/autoconf.mysql.yml b/misc/integrations/autoconf.mysql.yml index a86c9bd366..c66abcdf3a 100644 --- a/misc/integrations/autoconf.mysql.yml +++ b/misc/integrations/autoconf.mysql.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -31,7 +31,7 @@ services: - bw-db bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: diff --git a/misc/integrations/autoconf.postgres.ui.yml b/misc/integrations/autoconf.postgres.ui.yml index ee31d2119d..77d18343fa 100644 --- a/misc/integrations/autoconf.postgres.ui.yml +++ b/misc/integrations/autoconf.postgres.ui.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -31,7 +31,7 @@ services: - bw-db bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: @@ -47,7 +47,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 networks: - bw-universe - bw-db diff --git a/misc/integrations/autoconf.postgres.yml b/misc/integrations/autoconf.postgres.yml index 98f5bd837f..57e9365aab 100644 --- a/misc/integrations/autoconf.postgres.yml +++ b/misc/integrations/autoconf.postgres.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -18,7 +18,7 @@ services: - bw-services bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 depends_on: - bunkerweb - bw-docker @@ -31,7 +31,7 @@ services: - bw-db bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: diff --git a/misc/integrations/docker.mariadb.ui.yml b/misc/integrations/docker.mariadb.ui.yml index f03e19ce99..a28faea273 100644 --- a/misc/integrations/docker.mariadb.ui.yml +++ b/misc/integrations/docker.mariadb.ui.yml @@ -3,7 +3,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: @@ -44,7 +44,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *env ADMIN_USERNAME: "changeme" diff --git a/misc/integrations/docker.mariadb.yml b/misc/integrations/docker.mariadb.yml index 0aacaaad5f..1526720340 100644 --- a/misc/integrations/docker.mariadb.yml +++ b/misc/integrations/docker.mariadb.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: diff --git a/misc/integrations/docker.mysql.ui.yml b/misc/integrations/docker.mysql.ui.yml index c2c0f345e0..4ead6f7cbe 100644 --- a/misc/integrations/docker.mysql.ui.yml +++ b/misc/integrations/docker.mysql.ui.yml @@ -3,7 +3,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: @@ -44,7 +44,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *env ADMIN_USERNAME: "changeme" diff --git a/misc/integrations/docker.mysql.yml b/misc/integrations/docker.mysql.yml index 4f5d43a4a7..17cf92f36f 100644 --- a/misc/integrations/docker.mysql.yml +++ b/misc/integrations/docker.mysql.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: diff --git a/misc/integrations/docker.postgres.ui.yml b/misc/integrations/docker.postgres.ui.yml index e42cbfce4e..445a9dfd73 100644 --- a/misc/integrations/docker.postgres.ui.yml +++ b/misc/integrations/docker.postgres.ui.yml @@ -3,7 +3,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -16,7 +16,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: @@ -43,7 +43,7 @@ services: - bw-db bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *env ADMIN_USERNAME: "changeme" diff --git a/misc/integrations/docker.postgres.yml b/misc/integrations/docker.postgres.yml index 26beca0e01..10c217f466 100644 --- a/misc/integrations/docker.postgres.yml +++ b/misc/integrations/docker.postgres.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -17,7 +17,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: diff --git a/misc/integrations/docker.yml b/misc/integrations/docker.yml index 44b8a08165..05bc42bef2 100644 --- a/misc/integrations/docker.yml +++ b/misc/integrations/docker.yml @@ -3,7 +3,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - 80:8080 - 443:8443 @@ -16,7 +16,7 @@ services: - bw-services bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 depends_on: - bunkerweb volumes: diff --git a/misc/integrations/k8s.mariadb.ui.yml b/misc/integrations/k8s.mariadb.ui.yml index a6f719d705..b463aa9717 100644 --- a/misc/integrations/k8s.mariadb.ui.yml +++ b/misc/integrations/k8s.mariadb.ui.yml @@ -55,7 +55,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -109,7 +109,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -136,7 +136,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -238,7 +238,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/k8s.mariadb.yml b/misc/integrations/k8s.mariadb.yml index 2beb16a552..9d3d8741ee 100644 --- a/misc/integrations/k8s.mariadb.yml +++ b/misc/integrations/k8s.mariadb.yml @@ -66,7 +66,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -120,7 +120,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -147,7 +147,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/k8s.mysql.ui.yml b/misc/integrations/k8s.mysql.ui.yml index 51da0ff4e5..8e03071a0e 100644 --- a/misc/integrations/k8s.mysql.ui.yml +++ b/misc/integrations/k8s.mysql.ui.yml @@ -55,7 +55,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -109,7 +109,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -136,7 +136,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -238,7 +238,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/k8s.mysql.yml b/misc/integrations/k8s.mysql.yml index a509b1bfd5..932bd0d933 100644 --- a/misc/integrations/k8s.mysql.yml +++ b/misc/integrations/k8s.mysql.yml @@ -66,7 +66,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -120,7 +120,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -147,7 +147,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/k8s.postgres.ui.yml b/misc/integrations/k8s.postgres.ui.yml index 90042ce104..898765783a 100644 --- a/misc/integrations/k8s.postgres.ui.yml +++ b/misc/integrations/k8s.postgres.ui.yml @@ -55,7 +55,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -109,7 +109,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -136,7 +136,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -238,7 +238,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-ui - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/k8s.postgres.yml b/misc/integrations/k8s.postgres.yml index b265c5f679..ec105c25c4 100644 --- a/misc/integrations/k8s.postgres.yml +++ b/misc/integrations/k8s.postgres.yml @@ -66,7 +66,7 @@ spec: containers: # using bunkerweb as name is mandatory - name: bunkerweb - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 imagePullPolicy: Always securityContext: runAsUser: 101 @@ -120,7 +120,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-controller - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE @@ -147,7 +147,7 @@ spec: serviceAccountName: sa-bunkerweb containers: - name: bunkerweb-scheduler - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 imagePullPolicy: Always env: - name: KUBERNETES_MODE diff --git a/misc/integrations/swarm.mariadb.ui.yml b/misc/integrations/swarm.mariadb.ui.yml index dd3e75b53b..d147f59454 100644 --- a/misc/integrations/swarm.mariadb.ui.yml +++ b/misc/integrations/swarm.mariadb.ui.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -29,7 +29,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *env DOCKER_HOST: "tcp://bw-docker:2375" @@ -43,7 +43,7 @@ services: - "node.role == worker" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *env BUNKERWEB_INSTANCES: "" @@ -61,7 +61,7 @@ services: - "node.role == worker" bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *env ADMIN_USERNAME: "changeme" diff --git a/misc/integrations/swarm.mariadb.yml b/misc/integrations/swarm.mariadb.yml index e8421f70c6..4fffc529e2 100644 --- a/misc/integrations/swarm.mariadb.yml +++ b/misc/integrations/swarm.mariadb.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -29,7 +29,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *env DOCKER_HOST: "tcp://bw-docker:2375" @@ -43,7 +43,7 @@ services: - "node.role == worker" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *env BUNKERWEB_INSTANCES: "" diff --git a/misc/integrations/swarm.mysql.ui.yml b/misc/integrations/swarm.mysql.ui.yml index 710e0cce77..99650e123e 100644 --- a/misc/integrations/swarm.mysql.ui.yml +++ b/misc/integrations/swarm.mysql.ui.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -29,7 +29,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *env DOCKER_HOST: "tcp://bw-docker:2375" @@ -43,7 +43,7 @@ services: - "node.role == worker" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *env BUNKERWEB_INSTANCES: "" @@ -61,7 +61,7 @@ services: - "node.role == worker" bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *env ADMIN_USERNAME: "changeme" diff --git a/misc/integrations/swarm.mysql.yml b/misc/integrations/swarm.mysql.yml index 69b3f69075..1521099ec4 100644 --- a/misc/integrations/swarm.mysql.yml +++ b/misc/integrations/swarm.mysql.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -29,7 +29,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *env DOCKER_HOST: "tcp://bw-docker:2375" @@ -43,7 +43,7 @@ services: - "node.role == worker" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *env BUNKERWEB_INSTANCES: "" diff --git a/misc/integrations/swarm.postgres.ui.yml b/misc/integrations/swarm.postgres.ui.yml index 3d65620ea8..68015171a3 100644 --- a/misc/integrations/swarm.postgres.ui.yml +++ b/misc/integrations/swarm.postgres.ui.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -29,7 +29,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *env DOCKER_HOST: "tcp://bw-docker:2375" @@ -43,7 +43,7 @@ services: - "node.role == worker" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *env BUNKERWEB_INSTANCES: "" @@ -61,7 +61,7 @@ services: - "node.role == worker" bw-ui: - image: bunkerity/bunkerweb-ui:1.6.0-rc3 + image: bunkerity/bunkerweb-ui:1.6.0-rc4 environment: <<: *env ADMIN_USERNAME: "changeme" diff --git a/misc/integrations/swarm.postgres.yml b/misc/integrations/swarm.postgres.yml index a095a818f0..6dbc7172ca 100644 --- a/misc/integrations/swarm.postgres.yml +++ b/misc/integrations/swarm.postgres.yml @@ -4,7 +4,7 @@ x-env: &env services: bunkerweb: - image: bunkerity/bunkerweb:1.6.0-rc3 + image: bunkerity/bunkerweb:1.6.0-rc4 ports: - published: 80 target: 8080 @@ -29,7 +29,7 @@ services: - "bunkerweb.INSTANCE=yes" bw-autoconf: - image: bunkerity/bunkerweb-autoconf:1.6.0-rc3 + image: bunkerity/bunkerweb-autoconf:1.6.0-rc4 environment: <<: *env DOCKER_HOST: "tcp://bw-docker:2375" @@ -43,7 +43,7 @@ services: - "node.role == worker" bw-scheduler: - image: bunkerity/bunkerweb-scheduler:1.6.0-rc3 + image: bunkerity/bunkerweb-scheduler:1.6.0-rc4 environment: <<: *env BUNKERWEB_INSTANCES: "" diff --git a/pyproject.toml b/pyproject.toml index 1be25dbb84..1c2b61a1d4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [project] name = "BunkerWeb" description = "Make your web services secure by default !" -version = "1.6.0-rc3" +version = "1.6.0-rc4" authors = [ { name = "Bunkerity", email = "contact@bunkerity.com" } ] diff --git a/src/VERSION b/src/VERSION index dccac70dad..52df0ed873 100644 --- a/src/VERSION +++ b/src/VERSION @@ -1 +1 @@ -1.6.0-rc3 \ No newline at end of file +1.6.0-rc4 \ No newline at end of file diff --git a/src/autoconf/Dockerfile b/src/autoconf/Dockerfile index f5fb7fad4e..56c22e2245 100644 --- a/src/autoconf/Dockerfile +++ b/src/autoconf/Dockerfile @@ -40,7 +40,7 @@ RUN umask 027 # Install bash and create autoconf user RUN apk add --no-cache bash tzdata && \ addgroup -g 101 autoconf && \ - adduser -h /var/cache/autoconf -g autoconf -s /bin/sh -G autoconf -D -H -u 101 autoconf + adduser -h /usr/share/bunkerweb/autoconf -g autoconf -s /sbin/nologin -G autoconf -D -H -u 101 --disabled-password autoconf # Fix CVEs # There are no CVEs for the following packages @@ -67,7 +67,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ chmod 660 INTEGRATION LABEL maintainer="Bunkerity " -LABEL version="1.6.0-rc3" +LABEL version="1.6.0-rc4" LABEL url="https://www.bunkerweb.io" LABEL bunkerweb.type="autoconf" diff --git a/src/bw/Dockerfile b/src/bw/Dockerfile index 9806728549..878ecde7f3 100644 --- a/src/bw/Dockerfile +++ b/src/bw/Dockerfile @@ -75,7 +75,7 @@ RUN cp helpers/bwcli /usr/bin/ && \ ln -s /proc/1/fd/1 /var/log/bunkerweb/access.log LABEL maintainer="Bunkerity " -LABEL version="1.6.0-rc3" +LABEL version="1.6.0-rc4" LABEL url="https://www.bunkerweb.io" LABEL bunkerweb.type="bunkerweb" LABEL bunkerweb.INSTANCE="bunkerweb" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md b/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md index 08331d153c..5f7df93ab6 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md +++ b/src/common/core/modsecurity/files/coreruleset-v4/CHANGES.md @@ -5,7 +5,22 @@ or the CRS Google Group at * https://groups.google.com/a/owasp.org/g/modsecurity-core-rule-set-project -## Version 4.11.0 - TBD +## Version 4.12.0 - TBD + +## Version 4.11.0 - 2025-01-27 + +## What's Changed +### 🪦 Rule removals +* feat: Remove rules for lack of viable attack scenario (920220 PL1, 920221 PL1) by @dune73 in https://github.com/coreruleset/coreruleset/pull/3969 +### 🧰 Other Changes +* fix: remove aliases man, mi, si and resolve positives (932125 PL1) by @franbuehler in https://github.com/coreruleset/coreruleset/pull/3971 +* fix: remove where, if, for and vol and resolve false positives (932380 PL1) by @franbuehler in https://github.com/coreruleset/coreruleset/pull/3972 +* fix: make 932300 actually case-insensitive by @theseion in https://github.com/coreruleset/coreruleset/pull/3977 +* fix: remove sql function names to resolve false positives (942151 PL1) by @franbuehler in https://github.com/coreruleset/coreruleset/pull/3973 +* fix: issue 3809 by @Xhoenix in https://github.com/coreruleset/coreruleset/pull/3983 + + +**Full Changelog**: https://github.com/coreruleset/coreruleset/compare/v4.10.0...v4.11.0 ## Version 4.10.0 - 2024-12-29 diff --git a/src/common/core/modsecurity/files/coreruleset-v4/SECURITY.md b/src/common/core/modsecurity/files/coreruleset-v4/SECURITY.md index ffa4774a32..d1d3444ed7 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/SECURITY.md +++ b/src/common/core/modsecurity/files/coreruleset-v4/SECURITY.md @@ -11,8 +11,8 @@ Along those lines, OWASP CRS team may not issue security notifications for unsup | Version | Supported | | --------- | ------------------ | +| 4.11.z | :white_check_mark: | | 4.10.z | :white_check_mark: | -| 4.9.z | :white_check_mark: | | 4.y.z | :x: | | 3.3.x | :white_check_mark: | | 3.2.x | :x: | diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/920220-chain1.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/920220-chain1.ra deleted file mode 100644 index b53f964c31..0000000000 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/920220-chain1.ra +++ /dev/null @@ -1,15 +0,0 @@ -##! Please refer to the documentation at -##! https://coreruleset.org/docs/development/regex_assembly/. - - -##!^ ^ -##!$ $ - -##! grab the path, except for the lat path segment (separate rule) -(.*)/ -##!=> -##! skip the last path segment, if there is one (non-capturing group) -(?:[^?]+)? -##!=> -##! grab the query string, if there is one -(\?.*)? diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/920221.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/920221.ra deleted file mode 100644 index 47184249d4..0000000000 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/920221.ra +++ /dev/null @@ -1,12 +0,0 @@ -##! Please refer to the documentation at -##! https://coreruleset.org/docs/development/regex_assembly/. - - -##!^ ^ -##!$ $ - -##! find any percent character -.*%.* -##!=> -##! followed by something that looks like a file extension -\.[^\s.]+ diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932125.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932125.ra index 2a69987a10..7be381bb4f 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932125.ra +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932125.ra @@ -162,10 +162,10 @@ iwr@ ##! disabled for FP: kill ls - man@ + ##! disabled for FP: man@ md@ ##! disabled for FP: measure - mi@ + ##! disabled for FP: mi@ mount@ ##! disabled for FP: move mp@ @@ -212,7 +212,7 @@ ##! disabled for FP: select ##! disabled for FP: set shcm - si@ + ##! disabled for FP: si@ sl@ ##! disabled for FP: sleep sls@ diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932300.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932300.ra index 9477717f8b..b20b89bb91 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932300.ra +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/932300.ra @@ -1,18 +1,19 @@ ##! Please refer to the documentation at ##! https://coreruleset.org/docs/development/regex_assembly/. -##!^ (?is)\r\n.*?\b +##!+ i +##!^ \r\n.*?\b -##! - SMTP Commands -EHLO [a-zA-Z-\.]{1,255} -HELO [a-zA-Z-\.]{1,255} -MAIL FROM:<.{1,64}@.{1,255}> -RCPT TO:(?:<.{1,64}@.{1,255}>|(?: ))?<.{1,64}> -VRFY (?:.{1,64} <.{1,64}@.{1,255}>|.{1,64}@.{1,255}) -EXPN (?:.{1,64}) -AUTH [A-Z0-9-_]{1,20} (?:=|(?:[\w+/]{4})*(?:[\w+/]{2}==|[\w+/]{3}=)) +##! SMTP Commands +EHLO\s[a-z.-]{1,255} +HELO\s[a-z.-]{1,255} +MAIL\sFROM:<.{1,64}@.{1,255}> +RCPT\sTO:(?:<.{1,64}@.{1,255}>|(?: ))?<.{1,64}> +VRFY\s(?:.{1,64}\s<.{1,64}@.{1,255}>|.{1,64}@.{1,255}) +EXPN\s(?:.{1,64}) +AUTH\s[a-z0-9_-]{1,20}\s(?:=|(?:[\w+/]{4})*(?:[\w+/]{2}==|[\w+/]{3}=)) -##! - SMTP Commands without params +##! SMTP Commands without params STARTTLS\b RSET\b -NOOP\b(?: .{1,255})? +NOOP\b(?:\s.{1,255})? diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942151.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942151.ra index 611a28a1e9..d1dfd5015d 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942151.ra +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942151.ra @@ -3,4 +3,7 @@ ##!+ i -##!> include sql-injection-function-names +##!^ \b +##!$ \W*\( + +##!> include-except sql-injection-function-names sql-injection-function-names-fps-pl1 diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942152.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942152.ra index 611a28a1e9..850f5456c5 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942152.ra +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/942152.ra @@ -3,4 +3,7 @@ ##!+ i +##!^ \b +##!$ \W*\( + ##!> include sql-injection-function-names diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/exclude/sql-injection-function-names-fps-pl1.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/exclude/sql-injection-function-names-fps-pl1.ra new file mode 100644 index 0000000000..f5a352ea7f --- /dev/null +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/exclude/sql-injection-function-names-fps-pl1.ra @@ -0,0 +1,16 @@ +##! Please refer to the documentation at +##! https://coreruleset.org/docs/development/regex_assembly/. + +##! This list excludes command words that are prone to cause false positives +##! at paranoia level 1. + +convert +degrees +elt +left +likelihood +lower +position +quarter +space +unlikely diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/exclude/windows-commands-fps.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/exclude/windows-commands-fps.ra index a1d77375c5..63f8ac41f1 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/exclude/windows-commands-fps.ra +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/exclude/windows-commands-fps.ra @@ -44,9 +44,13 @@ extract find finger fondue +##! `for` is not a command but a keyword. We still add it to windows-commands-fps.ra +for format ftp help +##! `if` is not a command but a keyword. We still add it to windows-commands-fps.ra +if inactive label list @@ -86,4 +90,6 @@ type ver verifier verify +vol +where writer diff --git a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/include/sql-injection-function-names.ra b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/include/sql-injection-function-names.ra index 91b47bf80d..d5e367e8d6 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/include/sql-injection-function-names.ra +++ b/src/common/core/modsecurity/files/coreruleset-v4/regex-assembly/include/sql-injection-function-names.ra @@ -1,9 +1,6 @@ ##! Please refer to the documentation at ##! https://coreruleset.org/docs/development/regex_assembly/. -##!^ \b -##!$ \W*\( - adddate addtime aes_decrypt diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example index 073993f19d..62e55bc8ca 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf index 8b41276ea2..f3ac1f7ab3 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-901-INITIALIZATION.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -26,7 +26,7 @@ # # Ref: https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#seccomponentsignature # -SecComponentSignature "OWASP_CRS/4.10.0" +SecComponentSignature "OWASP_CRS/4.11.0" # # -=[ Default setup values ]=- @@ -60,7 +60,7 @@ SecRule &TX:crs_setup_version "@eq 0" \ auditlog,\ msg:'CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL'" @@ -79,7 +79,7 @@ SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.inbound_anomaly_score_threshold=5'" # Default Outbound Anomaly Threshold Level (rule 900110 in crs-setup.conf) @@ -89,7 +89,7 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.outbound_anomaly_score_threshold=4'" # Default Reporting Level (rule 900115 in crs-setup.conf) @@ -99,7 +99,7 @@ SecRule &TX:reporting_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.reporting_level=4'" # Default Early Blocking (rule 900120 in crs-setup.conf) @@ -109,7 +109,7 @@ SecRule &TX:early_blocking "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.early_blocking=0'" # Default Blocking Paranoia Level (rule 900000 in crs-setup.conf) @@ -119,7 +119,7 @@ SecRule &TX:blocking_paranoia_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_paranoia_level=1'" # Default Detection Paranoia Level (rule 900001 in crs-setup.conf) @@ -129,7 +129,7 @@ SecRule &TX:detection_paranoia_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_paranoia_level=%{TX.blocking_paranoia_level}'" # Default Sampling Percentage (rule 900400 in crs-setup.conf) @@ -139,7 +139,7 @@ SecRule &TX:sampling_percentage "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.sampling_percentage=100'" # Default Anomaly Scores (rule 900100 in crs-setup.conf) @@ -149,7 +149,7 @@ SecRule &TX:critical_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.critical_anomaly_score=5'" SecRule &TX:error_anomaly_score "@eq 0" \ @@ -158,7 +158,7 @@ SecRule &TX:error_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.error_anomaly_score=4'" SecRule &TX:warning_anomaly_score "@eq 0" \ @@ -167,7 +167,7 @@ SecRule &TX:warning_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.warning_anomaly_score=3'" SecRule &TX:notice_anomaly_score "@eq 0" \ @@ -176,7 +176,7 @@ SecRule &TX:notice_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.notice_anomaly_score=2'" # Default HTTP policy: allowed_methods (rule 900200 in crs-setup.conf) @@ -186,7 +186,7 @@ SecRule &TX:allowed_methods "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" # Default HTTP policy: allowed_request_content_type (rule 900220 in crs-setup.conf) @@ -196,7 +196,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |text/xml| |application/xml| |application/soap+xml| |application/json|'" # Default HTTP policy: allowed_request_content_type_charset (rule 900280 in crs-setup.conf) @@ -206,7 +206,7 @@ SecRule &TX:allowed_request_content_type_charset "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'" # Default HTTP policy: allowed_http_versions (rule 900230 in crs-setup.conf) @@ -216,7 +216,7 @@ SecRule &TX:allowed_http_versions "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'" # Default HTTP policy: restricted_extensions (rule 900240 in crs-setup.conf) @@ -226,7 +226,7 @@ SecRule &TX:restricted_extensions "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pem/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'" # Default HTTP policy: restricted_headers_basic (rule 900250 in crs-setup.conf) @@ -236,7 +236,7 @@ SecRule &TX:restricted_headers_basic "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'" # Default HTTP policy: restricted_headers_extended (rule 900255 in crs-setup.conf) @@ -246,7 +246,7 @@ SecRule &TX:restricted_headers_extended "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.restricted_headers_extended=/accept-charset/'" # Default enforcing of body processor URLENCODED (rule 900010 in crs-setup.conf) @@ -256,7 +256,7 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.enforce_bodyproc_urlencoded=0'" # Default check for UTF8 encoding validation (rule 900950 in crs-setup.conf) @@ -266,7 +266,7 @@ SecRule &TX:crs_validate_utf8_encoding "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.crs_validate_utf8_encoding=0'" # Default check for skipping response analysis (rule 900500 in crs-setup.conf) @@ -276,7 +276,7 @@ SecRule &TX:crs_skip_response_analysis "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.crs_skip_response_analysis=0'" # @@ -294,7 +294,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=0',\ setvar:'tx.detection_inbound_anomaly_score=0',\ setvar:'tx.inbound_anomaly_score_pl1=0',\ @@ -336,7 +336,7 @@ SecRule TX:ENABLE_DEFAULT_COLLECTIONS "@eq 1" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.ua_hash=%{REQUEST_HEADERS.User-Agent}',\ chain" SecRule TX:ua_hash "@unconditionalMatch" \ @@ -360,7 +360,7 @@ SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ msg:'Enabling body inspection',\ tag:'OWASP_CRS',\ ctl:forceRequestBodyVariable=On,\ - ver:'OWASP_CRS/4.10.0'" + ver:'OWASP_CRS/4.11.0'" # Force body processor URLENCODED SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \ @@ -372,7 +372,7 @@ SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \ noauditlog,\ msg:'Enabling forced body inspection for ASCII content',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ chain" SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ "ctl:requestBodyProcessor=URLENCODED" @@ -412,7 +412,7 @@ SecRule TX:sampling_percentage "@eq 100" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-SAMPLING" SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \ @@ -423,7 +423,7 @@ SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \ t:sha1,t:hexEncode,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'" # @@ -448,7 +448,7 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \ msg:'Sampling: Disable the rule engine based on sampling_percentage %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\ tag:'OWASP_CRS',\ ctl:ruleRemoveByTag=OWASP_CRS,\ - ver:'OWASP_CRS/4.10.0'" + ver:'OWASP_CRS/4.11.0'" SecMarker "END-SAMPLING" @@ -467,4 +467,4 @@ SecRule TX:detection_paranoia_level "@lt %{tx.blocking_paranoia_level}" \ log,\ msg:'Detection paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0'" + ver:'OWASP_CRS/4.11.0'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf index f8a5896798..563e74d841 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-905-COMMON-EXCEPTIONS.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -25,7 +25,7 @@ SecRule REQUEST_LINE "@streq GET /" \ tag:'platform-apache',\ tag:'attack-generic',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ chain" SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ "t:none,\ @@ -46,7 +46,7 @@ SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ tag:'platform-apache',\ tag:'attack-generic',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ chain" SecRule REQUEST_HEADERS:User-Agent "@endsWith (internal dummy connection)" \ "t:none,\ diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf index 74b6a791b6..e1fe9d364e 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-911-METHOD-ENFORCEMENT.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -39,31 +39,31 @@ SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/274',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf index 0741b700a2..21b48a6896 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-913-SCANNER-DETECTION.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -51,29 +51,29 @@ SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/224/541/310',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf index 07a4504b3c..976b3e9665 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -23,8 +23,8 @@ # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -64,7 +64,7 @@ SecRule REQUEST_LINE "!@rx (?i)^(?:get /[^#\?]*(?:\?[^\s\x0b#]*)?(?:#[^\s\x0b]*) tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -119,7 +119,7 @@ SecRule FILES|FILES_NAMES "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[a tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -148,7 +148,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^\d+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -182,7 +182,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Content-Length "!@rx ^0?$" \ @@ -207,7 +207,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \ @@ -247,7 +247,7 @@ SecRule REQUEST_PROTOCOL "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule REQUEST_METHOD "@streq POST" \ @@ -277,7 +277,7 @@ SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule &REQUEST_HEADERS:Content-Length "!@eq 0" \ @@ -315,7 +315,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx (\d+)-(\d+)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule TX:2 "@lt %{tx.1}" \ @@ -347,88 +347,10 @@ SecRule REQUEST_HEADERS:Connection "@rx \b(?:keep-alive|close),\s?(?:keep-alive| tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -# -# Check URL encodings -# -# -=[ Rule Logic ]=- -# There are two different chained rules. We need to separate them as we are inspecting two -# different variables - REQUEST_URI_RAW and REQUEST_BODY. For REQUEST_BODY, we only want to -# run the @validateUrlEncoding operator if the content-type is application/x-www-form-urlencoding. -# -# We exclude the last path segment from validation because it could be a file name, which could -# easily contain a '%' character that is not part of a URI encoded sequence. -# -# -=[ References ]=- -# http://www.ietf.org/rfc/rfc1738.txt -# -# -=[ Example payload ]=- -# http://localhost/?s=a%20b%20c%'/ -# reason: %'/ is not a valid url encoding -# -# Regular expression generated from regex-assembly/920220-chain1.ra. -# To update the regular expression run the following shell script -# (consult https://coreruleset.org/docs/development/regex_assembly/ for details): -# crs-toolchain regex update 920220-chain1 -# -SecRule REQUEST_URI_RAW "@rx \x25" \ - "id:920220,\ - phase:1,\ - block,\ - t:none,t:urlDecodeUni,\ - msg:'URL Encoding Abuse Attack Attempt',\ - logdata:'%{REQUEST_URI_RAW}',\ - tag:'application-multi',\ - tag:'language-multi',\ - tag:'platform-multi',\ - tag:'attack-protocol',\ - tag:'paranoia-level/1',\ - tag:'OWASP_CRS',\ - tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.10.0',\ - severity:'CRITICAL',\ - chain" - SecRule REQUEST_URI_RAW "@rx ^(.*)/(?:[^\?]+)?(\?.*)?$" \ - "capture,\ - chain" - SecRule TX:1|TX:2 "@validateUrlEncoding" \ - "t:none,t:urlDecodeUni,\ - setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" - - -# Validate URI encoding of the last path segment, only if it does not look like a file name. -# A file name could easily contain a '%' character that is not part of a URI encoded sequence. -# -# Regular expression generated from regex-assembly/920221.ra. -# To update the regular expression run the following shell script -# (consult https://coreruleset.org/docs/development/regex_assembly/ for details): -# crs-toolchain regex update 920221 -# -SecRule REQUEST_BASENAME "!@rx ^.*%.*\.[^\s\x0b\.]+$" \ - "id:920221,\ - phase:1,\ - block,\ - capture,\ - t:none,t:urlDecodeUni,\ - msg:'URL Encoding Abuse Attack Attempt',\ - logdata:'%{REQUEST_BASENAME}',\ - tag:'application-multi',\ - tag:'language-multi',\ - tag:'platform-multi',\ - tag:'attack-protocol',\ - tag:'paranoia-level/1',\ - tag:'OWASP_CRS',\ - tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.10.0',\ - severity:'CRITICAL',\ - chain" - SecRule TX:0 "@validateUrlEncoding" \ - "t:none,t:urlDecodeUni,\ - setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" - # # Check UTF encoding @@ -453,7 +375,7 @@ SecRule TX:CRS_VALIDATE_UTF8_ENCODING "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "@validateUtf8Encoding" \ @@ -497,7 +419,7 @@ SecRule REQUEST_URI|REQUEST_BODY "@rx (?i)%uff[0-9a-f]{2}" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -553,7 +475,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 1-255" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -585,7 +507,7 @@ SecRule &REQUEST_HEADERS:Host "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ skipAfter:END-HOST-CHECK" @@ -604,7 +526,7 @@ SecRule REQUEST_HEADERS:Host "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -644,7 +566,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \ @@ -669,7 +591,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \ @@ -702,7 +624,7 @@ SecRule REQUEST_HEADERS:User-Agent "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'NOTICE',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.notice_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -739,7 +661,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'NOTICE',\ chain" SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \ @@ -784,7 +706,7 @@ SecRule REQUEST_HEADERS:Host "@rx (?:^([\d.]+|\[[\da-f:]+\]|[\da-f:]+)(:[\d]+)?$ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -816,7 +738,7 @@ SecRule &TX:MAX_NUM_ARGS "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule &ARGS "@gt %{tx.max_num_args}" \ @@ -841,7 +763,7 @@ SecRule &TX:ARG_NAME_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule ARGS_NAMES "@gt %{tx.arg_name_length}" \ @@ -868,7 +790,7 @@ SecRule &TX:ARG_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule ARGS "@gt %{tx.arg_length}" \ @@ -892,7 +814,7 @@ SecRule &TX:TOTAL_ARG_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}" \ @@ -917,7 +839,7 @@ SecRule &TX:MAX_FILE_SIZE "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)multipart/form-data" \ @@ -943,7 +865,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}" \ @@ -983,7 +905,7 @@ SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+*-]+(?:\s?;\s*(?:action|bounda tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1006,7 +928,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.content_type=|%{tx.0}|',\ chain" @@ -1034,7 +956,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*[\"']?([^;\"'\s]+)" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.content_type_charset=|%{tx.1}|',\ chain" @@ -1061,7 +983,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset.*?charset" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1083,7 +1005,7 @@ SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1106,7 +1028,7 @@ SecRule REQUEST_BASENAME "@rx \.([^.]+)$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.extension=.%{tx.1}/',\ chain" @@ -1133,7 +1055,7 @@ SecRule REQUEST_FILENAME "@rx \.[^.~]+~(?:/.*|)$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1187,7 +1109,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.header_name_920450_%{tx.0}=/%{tx.0}/',\ chain" @@ -1221,7 +1143,7 @@ SecRule REQUEST_HEADERS:Accept-Encoding "@gt 100" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1253,7 +1175,7 @@ SecRule REQUEST_HEADERS:Accept "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\* tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1276,7 +1198,7 @@ SecRule REQBODY_PROCESSOR "!@streq JSON" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?i)\x5cu[0-9a-f]{4}" \ @@ -1300,7 +1222,7 @@ SecRule REQUEST_URI_RAW "@contains #" \ tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1332,13 +1254,13 @@ SecRule &REQUEST_HEADERS:Content-Type "@gt 1" \ tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -1377,7 +1299,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule REQUEST_BASENAME "!@endsWith .pdf" \ @@ -1401,7 +1323,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){63}" \ @@ -1422,7 +1344,7 @@ SecRule ARGS "@rx %[0-9a-fA-F]{2}" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/120',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1444,7 +1366,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 9,10,13, tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1471,7 +1393,7 @@ SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'NOTICE',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.notice_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1493,7 +1415,7 @@ SecRule FILES_NAMES|FILES "@rx ['\";=\x5c]" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1518,7 +1440,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \ @@ -1545,7 +1467,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.header_name_920451_%{tx.0}=/%{tx.0}/',\ chain" @@ -1572,7 +1494,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)application/x-www-form-urlencoded tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule REQUEST_BODY "@rx \x25" \ @@ -1580,8 +1502,8 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)application/x-www-form-urlencoded SecRule REQUEST_BODY "@validateUrlEncoding" \ "setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -1606,7 +1528,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteR tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1640,7 +1562,7 @@ SecRule &REQUEST_HEADERS:Accept "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^(?:OPTIONS|CONNECT)$" \ @@ -1673,7 +1595,7 @@ SecRule &REQUEST_HEADERS:x-up-devcap-post-charset "@ge 1" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:User-Agent "@rx ^(?i)up" \ @@ -1726,7 +1648,7 @@ SecRule &REQUEST_HEADERS:Cache-Control "@gt 0" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Cache-Control "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:\s*\,\s*|$)){1,7}$" \ @@ -1757,12 +1679,12 @@ SecRule REQUEST_HEADERS:Accept-Encoding "!@rx br|compress|deflate|(?:pack200-)?g tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -1785,7 +1707,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \ tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ chain" SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){6}" \ @@ -1812,7 +1734,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteRange 38,44-46,48-58,61,65-90 tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1833,7 +1755,7 @@ SecRule REQUEST_HEADERS|!REQUEST_HEADERS:User-Agent|!REQUEST_HEADERS:Referer|!RE tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1859,7 +1781,7 @@ SecRule REQUEST_HEADERS:Sec-Fetch-User|REQUEST_HEADERS:Sec-CH-UA-Mobile "!@rx ^( tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1903,7 +1825,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?:^|[^\x5c])\x5c[cdegh tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/153/267',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf index 7f50cf0020..99cf3f8cf4 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-921-PROTOCOL-ATTACK.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -46,7 +46,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_BODY|XML:/* "@rx (?:get|post|head|options|connec tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -78,7 +78,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -99,7 +99,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -133,7 +133,7 @@ SecRule REQUEST_HEADERS_NAMES|REQUEST_HEADERS "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/273',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -161,7 +161,7 @@ SecRule ARGS_NAMES "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -182,7 +182,7 @@ SecRule ARGS_GET_NAMES|ARGS_GET "@rx [\n\r]+(?:\s|location|refresh|(?:set-)?cook tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -208,7 +208,7 @@ SecRule REQUEST_FILENAME "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -241,7 +241,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/136',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -274,7 +274,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?(?:applicati tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -300,13 +300,13 @@ SecRule REQUEST_URI "@rx unix:[^|]*\|" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -333,7 +333,7 @@ SecRule ARGS_GET "@rx [\n\r]" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -369,13 +369,13 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?\b(?:((?:tex tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -405,7 +405,7 @@ SecRule &REQUEST_HEADERS:Range "@gt 0" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -439,7 +439,7 @@ SecRule ARGS_NAMES "@rx ." \ tag:'attack-protocol',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'TX.paramcounter_%{MATCHED_VAR_NAME}=+1'" SecRule TX:/paramcounter_.*/ "@gt 1" \ @@ -455,7 +455,7 @@ SecRule TX:/paramcounter_.*/ "@gt 1" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -497,15 +497,15 @@ SecRule ARGS_NAMES "@rx (][^\]]+$|][^\]]+\[)" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -545,7 +545,7 @@ SecRule ARGS_NAMES "@rx \[" \ tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf index 3c51863e5d..958fb44e52 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-922-MULTIPART-ATTACK.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -38,7 +38,7 @@ SecRule &MULTIPART_PART_HEADERS:_charset_ "!@eq 0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.922100_charset=|%{ARGS._charset_}|',\ chain" @@ -69,7 +69,7 @@ SecRule MULTIPART_PART_HEADERS "@rx ^content-type\s*:\s*(.*)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/272/220',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule TX:1 "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*(?:[\s\x0b]*,[\s\x0b]*(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*)*$" \ @@ -92,7 +92,7 @@ SecRule MULTIPART_PART_HEADERS "@rx content-transfer-encoding:(.*)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/272/220',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -115,6 +115,6 @@ SecRule MULTIPART_PART_HEADERS "@rx [^\x21-\x7E][\x21-\x39\x3B-\x7E]*:" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/272/220',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf index c2cfe77ead..f242b75c02 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -47,7 +47,7 @@ SecRule REQUEST_URI_RAW|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML: tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}'" @@ -79,7 +79,7 @@ SecRule REQUEST_URI|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML:/* " tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ @@ -110,7 +110,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -137,15 +137,15 @@ SecRule REQUEST_FILENAME "@pmFromFile restricted-files.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -175,22 +175,22 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@pmFromFile lfi-os-f tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf index cd9a707860..7c8027ed51 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -17,8 +17,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -49,7 +49,7 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?)://(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3 tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -69,7 +69,7 @@ SecRule QUERY_STRING|REQUEST_BODY "@rx (?i)(?:\binclude\s*\([^)]*|mosConfig_abso tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -89,15 +89,15 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?).*?\?+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -128,7 +128,7 @@ SecRule ARGS "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|it tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\ chain" @@ -158,7 +158,7 @@ SecRule REQUEST_FILENAME "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\ chain" @@ -167,16 +167,16 @@ SecRule REQUEST_FILENAME "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf index aada2599a3..9c5bb3a716 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -135,7 +135,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -195,7 +195,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -228,7 +228,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -246,7 +246,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME # (consult https://coreruleset.org/docs/development/regex_assembly/ for details): # crs-toolchain regex update 932125 # -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:[\n\r;`\{]|\|\|?|&&?)[\s\x0b]*[\s\x0b\"'\(,@]*(?:[\"'\.-9A-Z_a-z]+/|(?:[\"'\x5c\^]*[0-9A-Z_a-z][\"'\x5c\^]*:.*|[ \"'\.-9A-Z\x5c\^_a-z]*)\x5c)?[\"\^]*(?:(?:a[\"\^]*(?:c|s[\"\^]*n[\"\^]*p)|e[\"\^]*(?:b[\"\^]*p|p[\"\^]*(?:a[\"\^]*l|c[\"\^]*s[\"\^]*v|s[\"\^]*n)|[tx][\"\^]*s[\"\^]*n)|f[\"\^]*(?:[cltw]|o[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*c[\"\^]*h)|i[\"\^]*(?:[cr][\"\^]*m|e[\"\^]*x|h[\"\^]*y|i|p[\"\^]*(?:a[\"\^]*l|c[\"\^]*s[\"\^]*v|m[\"\^]*o|s[\"\^]*n)|s[\"\^]*e|w[\"\^]*(?:m[\"\^]*i|r))|m[\"\^]*(?:a[\"\^]*n|[dipv]|o[\"\^]*u[\"\^]*n[\"\^]*t)|o[\"\^]*g[\"\^]*v|p[\"\^]*(?:o[\"\^]*p|u[\"\^]*s[\"\^]*h)[\"\^]*d|t[\"\^]*r[\"\^]*c[\"\^]*m|w[\"\^]*j[\"\^]*b)[\"\^]*[\s\x0b,\./;<>].*|c[\"\^]*(?:(?:(?:d|h[\"\^]*d[\"\^]*i[\"\^]*r|v[\"\^]*p[\"\^]*a)[\"\^]*|p[\"\^]*(?:[ip][\"\^]*)?)[\s\x0b,\./;<>].*|l[\"\^]*(?:(?:[cipv]|h[\"\^]*y)[\"\^]*[\s\x0b,\./;<>].*|s)|n[\"\^]*s[\"\^]*n)|d[\"\^]*(?:(?:b[\"\^]*p|e[\"\^]*l|i[\"\^]*(?:f[\"\^]*f|r))[\"\^]*[\s\x0b,\./;<>].*|n[\"\^]*s[\"\^]*n)|g[\"\^]*(?:(?:(?:(?:a[\"\^]*)?l|b[\"\^]*p|d[\"\^]*r|h[\"\^]*y|(?:w[\"\^]*m[\"\^]*)?i|j[\"\^]*b|[uv])[\"\^]*|c[\"\^]*(?:[ims][\"\^]*)?|m[\"\^]*(?:o[\"\^]*)?|s[\"\^]*(?:n[\"\^]*(?:p[\"\^]*)?|v[\"\^]*))[\s\x0b,\./;<>].*|e[\"\^]*r[\"\^]*r|p[\"\^]*(?:(?:s[\"\^]*)?[\s\x0b,\./;<>].*|v))|l[\"\^]*s|n[\"\^]*(?:(?:a[\"\^]*l|d[\"\^]*r|[iv]|m[\"\^]*o|s[\"\^]*n)[\"\^]*[\s\x0b,\./;<>].*|p[\"\^]*s[\"\^]*s[\"\^]*c)|r[\"\^]*(?:(?:(?:(?:b[\"\^]*)?p|e[\"\^]*n|(?:w[\"\^]*m[\"\^]*)?i|j[\"\^]*b|n[\"\^]*[ip])[\"\^]*|d[\"\^]*(?:r[\"\^]*)?|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r|o)[\"\^]*)?|s[\"\^]*n[\"\^]*(?:p[\"\^]*)?|v[\"\^]*(?:p[\"\^]*a[\"\^]*)?)[\s\x0b,\./;<>].*|c[\"\^]*(?:j[\"\^]*b[\"\^]*[\s\x0b,\./;<>].*|s[\"\^]*n)|u[\"\^]*j[\"\^]*b)|s[\"\^]*(?:(?:(?:a[\"\^]*(?:j[\"\^]*b|l|p[\"\^]*s|s[\"\^]*v)|b[\"\^]*p|[civ]|w[\"\^]*m[\"\^]*i)[\"\^]*|l[\"\^]*(?:s[\"\^]*)?|p[\"\^]*(?:(?:j[\"\^]*b|p[\"\^]*s|s[\"\^]*v)[\"\^]*)?)[\s\x0b,\./;<>].*|h[\"\^]*c[\"\^]*m|u[\"\^]*j[\"\^]*b))(?:\.[\"\^]*[0-9A-Z_a-z]+)?\b" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:[\n\r;`\{]|\|\|?|&&?)[\s\x0b]*[\s\x0b\"'\(,@]*(?:[\"'\.-9A-Z_a-z]+/|(?:[\"'\x5c\^]*[0-9A-Z_a-z][\"'\x5c\^]*:.*|[ \"'\.-9A-Z\x5c\^_a-z]*)\x5c)?[\"\^]*(?:(?:a[\"\^]*(?:c|s[\"\^]*n[\"\^]*p)|e[\"\^]*(?:b[\"\^]*p|p[\"\^]*(?:a[\"\^]*l|c[\"\^]*s[\"\^]*v|s[\"\^]*n)|[tx][\"\^]*s[\"\^]*n)|f[\"\^]*(?:[cltw]|o[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*c[\"\^]*h)|i[\"\^]*(?:[cr][\"\^]*m|e[\"\^]*x|h[\"\^]*y|i|p[\"\^]*(?:a[\"\^]*l|c[\"\^]*s[\"\^]*v|m[\"\^]*o|s[\"\^]*n)|s[\"\^]*e|w[\"\^]*(?:m[\"\^]*i|r))|m[\"\^]*(?:[dpv]|o[\"\^]*u[\"\^]*n[\"\^]*t)|o[\"\^]*g[\"\^]*v|p[\"\^]*(?:o[\"\^]*p|u[\"\^]*s[\"\^]*h)[\"\^]*d|t[\"\^]*r[\"\^]*c[\"\^]*m|w[\"\^]*j[\"\^]*b)[\"\^]*[\s\x0b,\./;<>].*|c[\"\^]*(?:(?:(?:d|h[\"\^]*d[\"\^]*i[\"\^]*r|v[\"\^]*p[\"\^]*a)[\"\^]*|p[\"\^]*(?:[ip][\"\^]*)?)[\s\x0b,\./;<>].*|l[\"\^]*(?:(?:[cipv]|h[\"\^]*y)[\"\^]*[\s\x0b,\./;<>].*|s)|n[\"\^]*s[\"\^]*n)|d[\"\^]*(?:(?:b[\"\^]*p|e[\"\^]*l|i[\"\^]*(?:f[\"\^]*f|r))[\"\^]*[\s\x0b,\./;<>].*|n[\"\^]*s[\"\^]*n)|g[\"\^]*(?:(?:(?:(?:a[\"\^]*)?l|b[\"\^]*p|d[\"\^]*r|h[\"\^]*y|(?:w[\"\^]*m[\"\^]*)?i|j[\"\^]*b|[uv])[\"\^]*|c[\"\^]*(?:[ims][\"\^]*)?|m[\"\^]*(?:o[\"\^]*)?|s[\"\^]*(?:n[\"\^]*(?:p[\"\^]*)?|v[\"\^]*))[\s\x0b,\./;<>].*|e[\"\^]*r[\"\^]*r|p[\"\^]*(?:(?:s[\"\^]*)?[\s\x0b,\./;<>].*|v))|l[\"\^]*s|n[\"\^]*(?:(?:a[\"\^]*l|d[\"\^]*r|[iv]|m[\"\^]*o|s[\"\^]*n)[\"\^]*[\s\x0b,\./;<>].*|p[\"\^]*s[\"\^]*s[\"\^]*c)|r[\"\^]*(?:(?:(?:(?:b[\"\^]*)?p|e[\"\^]*n|(?:w[\"\^]*m[\"\^]*)?i|j[\"\^]*b|n[\"\^]*[ip])[\"\^]*|d[\"\^]*(?:r[\"\^]*)?|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r|o)[\"\^]*)?|s[\"\^]*n[\"\^]*(?:p[\"\^]*)?|v[\"\^]*(?:p[\"\^]*a[\"\^]*)?)[\s\x0b,\./;<>].*|c[\"\^]*(?:j[\"\^]*b[\"\^]*[\s\x0b,\./;<>].*|s[\"\^]*n)|u[\"\^]*j[\"\^]*b)|s[\"\^]*(?:(?:(?:a[\"\^]*(?:j[\"\^]*b|l|p[\"\^]*s|s[\"\^]*v)|b[\"\^]*p|[cv]|w[\"\^]*m[\"\^]*i)[\"\^]*|l[\"\^]*(?:s[\"\^]*)?|p[\"\^]*(?:(?:j[\"\^]*b|p[\"\^]*s|s[\"\^]*v)[\"\^]*)?)[\s\x0b,\./;<>].*|h[\"\^]*c[\"\^]*m|u[\"\^]*j[\"\^]*b))(?:\.[\"\^]*[0-9A-Z_a-z]+)?\b" \ "id:932125,\ phase:2,\ block,\ @@ -262,7 +262,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -306,7 +306,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -353,7 +353,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -392,7 +392,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -473,7 +473,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -532,7 +532,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -568,7 +568,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -609,7 +609,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -640,7 +640,7 @@ SecRule REQUEST_HEADERS|REQUEST_LINE "@rx ^\(\s*\)\s+{" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -661,7 +661,7 @@ SecRule ARGS_NAMES|ARGS|FILES_NAMES "@rx ^\(\s*\)\s+{" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -703,7 +703,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -737,7 +737,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -831,7 +831,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -852,7 +852,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME # (consult https://coreruleset.org/docs/development/regex_assembly/ for details): # crs-toolchain regex update 932380 # -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:[\n\r;`\{]|\|\|?|&&?)[\s\x0b]*[\s\x0b\"'\(,@]*(?:[\"'\.-9A-Z_a-z]+/|(?:[\"'\x5c\^]*[0-9A-Z_a-z][\"'\x5c\^]*:.*|[ \"'\.-9A-Z\x5c\^_a-z]*)\x5c)?[\"\^]*(?:a[\"\^]*(?:s[\"\^]*s[\"\^]*o[\"\^]*c|t[\"\^]*(?:m[\"\^]*a[\"\^]*d[\"\^]*m|t[\"\^]*r[\"\^]*i[\"\^]*b)|u[\"\^]*(?:d[\"\^]*i[\"\^]*t[\"\^]*p[\"\^]*o[\"\^]*l|t[\"\^]*o[\"\^]*(?:c[\"\^]*(?:h[\"\^]*k|o[\"\^]*n[\"\^]*v)|(?:f[\"\^]*m|m[\"\^]*o[\"\^]*u[\"\^]*n)[\"\^]*t)))|b[\"\^]*(?:c[\"\^]*d[\"\^]*(?:b[\"\^]*o[\"\^]*o|e[\"\^]*d[\"\^]*i)[\"\^]*t|(?:d[\"\^]*e[\"\^]*h[\"\^]*d|o[\"\^]*o[\"\^]*t)[\"\^]*c[\"\^]*f[\"\^]*g|i[\"\^]*t[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|c[\"\^]*(?:a[\"\^]*c[\"\^]*l[\"\^]*s|e[\"\^]*r[\"\^]*t[\"\^]*(?:r[\"\^]*e[\"\^]*q|u[\"\^]*t[\"\^]*i[\"\^]*l)|h[\"\^]*(?:c[\"\^]*p|d[\"\^]*i[\"\^]*r|g[\"\^]*(?:l[\"\^]*o[\"\^]*g[\"\^]*o[\"\^]*n|p[\"\^]*o[\"\^]*r[\"\^]*t|u[\"\^]*s[\"\^]*r)|k[\"\^]*(?:d[\"\^]*s[\"\^]*k|n[\"\^]*t[\"\^]*f[\"\^]*s))|l[\"\^]*e[\"\^]*a[\"\^]*n[\"\^]*m[\"\^]*g[\"\^]*r|m[\"\^]*(?:d(?:[\"\^]*k[\"\^]*e[\"\^]*y)?|s[\"\^]*t[\"\^]*p)|s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)|d[\"\^]*(?:c[\"\^]*(?:d[\"\^]*i[\"\^]*a[\"\^]*g|g[\"\^]*p[\"\^]*o[\"\^]*f[\"\^]*i[\"\^]*x)|e[\"\^]*(?:f[\"\^]*r[\"\^]*a[\"\^]*g|l)|f[\"\^]*s[\"\^]*(?:d[\"\^]*i[\"\^]*a|r[\"\^]*m[\"\^]*i)[\"\^]*g|i[\"\^]*(?:a[\"\^]*n[\"\^]*t[\"\^]*z|r|s[\"\^]*(?:k[\"\^]*(?:c[\"\^]*o[\"\^]*(?:m[\"\^]*p|p[\"\^]*y)|p[\"\^]*(?:a[\"\^]*r[\"\^]*t|e[\"\^]*r[\"\^]*f)|r[\"\^]*a[\"\^]*i[\"\^]*d|s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|p[\"\^]*d[\"\^]*i[\"\^]*a[\"\^]*g))|n[\"\^]*s[\"\^]*c[\"\^]*m[\"\^]*d|(?:o[\"\^]*s[\"\^]*k[\"\^]*e|r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*r)[\"\^]*y)|e[\"\^]*(?:n[\"\^]*d[\"\^]*l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e)|E[\"\^]*v[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*m[\"\^]*d|f[\"\^]*(?:c|i[\"\^]*(?:l[\"\^]*e[\"\^]*s[\"\^]*y[\"\^]*s[\"\^]*t[\"\^]*e[\"\^]*m[\"\^]*s|n[\"\^]*d[\"\^]*s[\"\^]*t[\"\^]*r)|l[\"\^]*a[\"\^]*t[\"\^]*t[\"\^]*e[\"\^]*m[\"\^]*p|o[\"\^]*r(?:[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)?|r[\"\^]*e[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*s[\"\^]*k|s[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|(?:t[\"\^]*y[\"\^]*p|v[\"\^]*e[\"\^]*u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t)[\"\^]*e)|g[\"\^]*(?:e[\"\^]*t[\"\^]*(?:m[\"\^]*a[\"\^]*c|t[\"\^]*y[\"\^]*p[\"\^]*e)|o[\"\^]*t[\"\^]*o|p[\"\^]*(?:f[\"\^]*i[\"\^]*x[\"\^]*u[\"\^]*p|(?:r[\"\^]*e[\"\^]*s[\"\^]*u[\"\^]*l[\"\^]*)?t|u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e)|r[\"\^]*a[\"\^]*f[\"\^]*t[\"\^]*a[\"\^]*b[\"\^]*l)|h[\"\^]*(?:e[\"\^]*l[\"\^]*p[\"\^]*c[\"\^]*t[\"\^]*r|o[\"\^]*s[\"\^]*t[\"\^]*n[\"\^]*a[\"\^]*m[\"\^]*e)|i[\"\^]*(?:c[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*s|f|p[\"\^]*(?:c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|x[\"\^]*r[\"\^]*o[\"\^]*u[\"\^]*t[\"\^]*e)|r[\"\^]*f[\"\^]*t[\"\^]*p)|j[\"\^]*e[\"\^]*t[\"\^]*p[\"\^]*a[\"\^]*c[\"\^]*k|k[\"\^]*(?:l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*e[\"\^]*t[\"\^]*u[\"\^]*p|t[\"\^]*(?:m[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|p[\"\^]*a[\"\^]*s[\"\^]*s))|l[\"\^]*(?:o[\"\^]*(?:d[\"\^]*c[\"\^]*t[\"\^]*r|g[\"\^]*(?:m[\"\^]*a[\"\^]*n|o[\"\^]*f[\"\^]*f))|p[\"\^]*[qr])|m[\"\^]*(?:a[\"\^]*(?:c[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e|k[\"\^]*e[\"\^]*c[\"\^]*a[\"\^]*b|p[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|k[\"\^]*(?:d[\"\^]*i[\"\^]*r|l[\"\^]*i[\"\^]*n[\"\^]*k)|m[\"\^]*c|o[\"\^]*u[\"\^]*n[\"\^]*t[\"\^]*v[\"\^]*o[\"\^]*l|q[\"\^]*(?:b[\"\^]*k[\"\^]*u[\"\^]*p|(?:t[\"\^]*g[\"\^]*)?s[\"\^]*v[\"\^]*c)|s[\"\^]*(?:d[\"\^]*t|i[\"\^]*(?:e[\"\^]*x[\"\^]*e[\"\^]*c|n[\"\^]*f[\"\^]*o[\"\^]*3[\"\^]*2)|t[\"\^]*s[\"\^]*c))|n[\"\^]*(?:b[\"\^]*t[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t|e[\"\^]*t[\"\^]*(?:c[\"\^]*f[\"\^]*g|d[\"\^]*o[\"\^]*m|s[\"\^]*(?:h|t[\"\^]*a[\"\^]*t))|f[\"\^]*s[\"\^]*(?:a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|s[\"\^]*(?:h[\"\^]*a[\"\^]*r[\"\^]*e|t[\"\^]*a[\"\^]*t))|l[\"\^]*(?:b[\"\^]*m[\"\^]*g[\"\^]*r|t[\"\^]*e[\"\^]*s[\"\^]*t)|s[\"\^]*l[\"\^]*o[\"\^]*o[\"\^]*k[\"\^]*u[\"\^]*p|t[\"\^]*(?:b[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*u[\"\^]*p|c[\"\^]*m[\"\^]*d[\"\^]*p[\"\^]*r[\"\^]*o[\"\^]*m[\"\^]*p[\"\^]*t|f[\"\^]*r[\"\^]*s[\"\^]*u[\"\^]*t[\"\^]*l))|o[\"\^]*(?:f[\"\^]*f[\"\^]*l[\"\^]*i[\"\^]*n[\"\^]*e|p[\"\^]*e[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)|p[\"\^]*(?:a[\"\^]*(?:g[\"\^]*e[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i|t[\"\^]*h[\"\^]*p[\"\^]*i[\"\^]*n)[\"\^]*g|(?:b[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i|k[\"\^]*t[\"\^]*m[\"\^]*o)[\"\^]*n|e[\"\^]*(?:n[\"\^]*t[\"\^]*n[\"\^]*t|r[\"\^]*f[\"\^]*m[\"\^]*o[\"\^]*n)|n[\"\^]*p[\"\^]*u[\"\^]*(?:n[\"\^]*a[\"\^]*t[\"\^]*t[\"\^]*e[\"\^]*n[\"\^]*d|t[\"\^]*i[\"\^]*l)|o[\"\^]*(?:p[\"\^]*d|w[\"\^]*e[\"\^]*r[\"\^]*s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l)|r[\"\^]*n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|(?:d[\"\^]*r[\"\^]*v|m[\"\^]*n[\"\^]*g)[\"\^]*r|j[\"\^]*o[\"\^]*b[\"\^]*s|p[\"\^]*o[\"\^]*r[\"\^]*t|q[\"\^]*c[\"\^]*t[\"\^]*l)|u[\"\^]*(?:b[\"\^]*p[\"\^]*r[\"\^]*n|s[\"\^]*h[\"\^]*(?:d|p[\"\^]*r[\"\^]*i[\"\^]*n[\"\^]*t[\"\^]*e[\"\^]*r[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*n[\"\^]*e[\"\^]*c[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*s))|w[\"\^]*(?:l[\"\^]*a[\"\^]*u[\"\^]*n[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*r|s[\"\^]*h))|q[\"\^]*(?:a[\"\^]*p[\"\^]*p[\"\^]*s[\"\^]*r[\"\^]*v|p[\"\^]*r[\"\^]*o[\"\^]*c[\"\^]*e[\"\^]*s[\"\^]*s|u[\"\^]*s[\"\^]*e[\"\^]*r|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a)|r[\"\^]*(?:d(?:[\"\^]*p[\"\^]*s[\"\^]*i[\"\^]*g[\"\^]*n)?|e[\"\^]*(?:f[\"\^]*s[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|g(?:[\"\^]*(?:i[\"\^]*n[\"\^]*i|s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2))?|l[\"\^]*o[\"\^]*g|(?:(?:p[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i|s[\"\^]*c[\"\^]*a)[\"\^]*)?n|x[\"\^]*e[\"\^]*c)|i[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*u[\"\^]*p|m[\"\^]*d[\"\^]*i[\"\^]*r|o[\"\^]*b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y|p[\"\^]*c[\"\^]*(?:i[\"\^]*n[\"\^]*f[\"\^]*o|p[\"\^]*i[\"\^]*n[\"\^]*g)|s[\"\^]*h|u[\"\^]*n[\"\^]*d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a)|s[\"\^]*(?:a[\"\^]*n|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|w[\"\^]*c[\"\^]*m[\"\^]*d)|e[\"\^]*(?:c[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*t|r[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*(?:(?:c[\"\^]*e[\"\^]*i[\"\^]*p|w[\"\^]*e[\"\^]*r)[\"\^]*o[\"\^]*p[\"\^]*t[\"\^]*i[\"\^]*n|m[\"\^]*a[\"\^]*n[\"\^]*a[\"\^]*g[\"\^]*e[\"\^]*r[\"\^]*c[\"\^]*m[\"\^]*d)|t[\"\^]*x)|f[\"\^]*c|(?:h[\"\^]*o[\"\^]*w[\"\^]*m[\"\^]*o[\"\^]*u[\"\^]*n|u[\"\^]*b[\"\^]*s)[\"\^]*t|x[\"\^]*s[\"\^]*t[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*e|y[\"\^]*s[\"\^]*(?:o[\"\^]*c[\"\^]*m[\"\^]*g[\"\^]*r|t[\"\^]*e[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o))|t[\"\^]*(?:a[\"\^]*(?:k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n|p[\"\^]*i[\"\^]*c[\"\^]*f[\"\^]*g|s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t))|(?:c[\"\^]*m[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*u|f[\"\^]*t)[\"\^]*p|(?:(?:e[\"\^]*l[\"\^]*n[\"\^]*e|i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u)[\"\^]*|r[\"\^]*a[\"\^]*c[\"\^]*e[\"\^]*r[\"\^]*(?:p[\"\^]*)?)t|l[\"\^]*n[\"\^]*t[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*n|p[\"\^]*m[\"\^]*(?:t[\"\^]*o[\"\^]*o[\"\^]*l|v[\"\^]*s[\"\^]*c[\"\^]*m[\"\^]*g[\"\^]*r)|s[\"\^]*(?:(?:d[\"\^]*i[\"\^]*s[\"\^]*)?c[\"\^]*o[\"\^]*n|e[\"\^]*c[\"\^]*i[\"\^]*m[\"\^]*p|k[\"\^]*i[\"\^]*l[\"\^]*l|p[\"\^]*r[\"\^]*o[\"\^]*f)|y[\"\^]*p[\"\^]*e[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*f|z[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l)|u[\"\^]*n[\"\^]*(?:e[\"\^]*x[\"\^]*p[\"\^]*o[\"\^]*s[\"\^]*e|i[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*i[\"\^]*d|l[\"\^]*o[\"\^]*d[\"\^]*c[\"\^]*t[\"\^]*r)|v[\"\^]*(?:o[\"\^]*l|s[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|w[\"\^]*(?:a[\"\^]*i[\"\^]*t[\"\^]*f[\"\^]*o[\"\^]*r|b[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|(?:d[\"\^]*s|e[\"\^]*(?:c|v[\"\^]*t))[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|h[\"\^]*(?:e[\"\^]*r[\"\^]*e|o[\"\^]*a[\"\^]*m[\"\^]*i)|i[\"\^]*n[\"\^]*(?:n[\"\^]*t(?:[\"\^]*3[\"\^]*2)?|r[\"\^]*s)|m[\"\^]*i[\"\^]*c|s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)|x[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)(?:\.[\"\^]*[0-9A-Z_a-z]+)?\b" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:[\n\r;`\{]|\|\|?|&&?)[\s\x0b]*[\s\x0b\"'\(,@]*(?:[\"'\.-9A-Z_a-z]+/|(?:[\"'\x5c\^]*[0-9A-Z_a-z][\"'\x5c\^]*:.*|[ \"'\.-9A-Z\x5c\^_a-z]*)\x5c)?[\"\^]*(?:a[\"\^]*(?:s[\"\^]*s[\"\^]*o[\"\^]*c|t[\"\^]*(?:m[\"\^]*a[\"\^]*d[\"\^]*m|t[\"\^]*r[\"\^]*i[\"\^]*b)|u[\"\^]*(?:d[\"\^]*i[\"\^]*t[\"\^]*p[\"\^]*o[\"\^]*l|t[\"\^]*o[\"\^]*(?:c[\"\^]*(?:h[\"\^]*k|o[\"\^]*n[\"\^]*v)|(?:f[\"\^]*m|m[\"\^]*o[\"\^]*u[\"\^]*n)[\"\^]*t)))|b[\"\^]*(?:c[\"\^]*d[\"\^]*(?:b[\"\^]*o[\"\^]*o|e[\"\^]*d[\"\^]*i)[\"\^]*t|(?:d[\"\^]*e[\"\^]*h[\"\^]*d|o[\"\^]*o[\"\^]*t)[\"\^]*c[\"\^]*f[\"\^]*g|i[\"\^]*t[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|c[\"\^]*(?:a[\"\^]*c[\"\^]*l[\"\^]*s|e[\"\^]*r[\"\^]*t[\"\^]*(?:r[\"\^]*e[\"\^]*q|u[\"\^]*t[\"\^]*i[\"\^]*l)|h[\"\^]*(?:c[\"\^]*p|d[\"\^]*i[\"\^]*r|g[\"\^]*(?:l[\"\^]*o[\"\^]*g[\"\^]*o[\"\^]*n|p[\"\^]*o[\"\^]*r[\"\^]*t|u[\"\^]*s[\"\^]*r)|k[\"\^]*(?:d[\"\^]*s[\"\^]*k|n[\"\^]*t[\"\^]*f[\"\^]*s))|l[\"\^]*e[\"\^]*a[\"\^]*n[\"\^]*m[\"\^]*g[\"\^]*r|m[\"\^]*(?:d(?:[\"\^]*k[\"\^]*e[\"\^]*y)?|s[\"\^]*t[\"\^]*p)|s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)|d[\"\^]*(?:c[\"\^]*(?:d[\"\^]*i[\"\^]*a[\"\^]*g|g[\"\^]*p[\"\^]*o[\"\^]*f[\"\^]*i[\"\^]*x)|e[\"\^]*(?:f[\"\^]*r[\"\^]*a[\"\^]*g|l)|f[\"\^]*s[\"\^]*(?:d[\"\^]*i[\"\^]*a|r[\"\^]*m[\"\^]*i)[\"\^]*g|i[\"\^]*(?:a[\"\^]*n[\"\^]*t[\"\^]*z|r|s[\"\^]*(?:k[\"\^]*(?:c[\"\^]*o[\"\^]*(?:m[\"\^]*p|p[\"\^]*y)|p[\"\^]*(?:a[\"\^]*r[\"\^]*t|e[\"\^]*r[\"\^]*f)|r[\"\^]*a[\"\^]*i[\"\^]*d|s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|p[\"\^]*d[\"\^]*i[\"\^]*a[\"\^]*g))|n[\"\^]*s[\"\^]*c[\"\^]*m[\"\^]*d|(?:o[\"\^]*s[\"\^]*k[\"\^]*e|r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*r)[\"\^]*y)|e[\"\^]*(?:n[\"\^]*d[\"\^]*l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e)|E[\"\^]*v[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*m[\"\^]*d|f[\"\^]*(?:c|i[\"\^]*(?:l[\"\^]*e[\"\^]*s[\"\^]*y[\"\^]*s[\"\^]*t[\"\^]*e[\"\^]*m[\"\^]*s|n[\"\^]*d[\"\^]*s[\"\^]*t[\"\^]*r)|l[\"\^]*a[\"\^]*t[\"\^]*t[\"\^]*e[\"\^]*m[\"\^]*p|o[\"\^]*r[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s|r[\"\^]*e[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*s[\"\^]*k|s[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|(?:t[\"\^]*y[\"\^]*p|v[\"\^]*e[\"\^]*u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t)[\"\^]*e)|g[\"\^]*(?:e[\"\^]*t[\"\^]*(?:m[\"\^]*a[\"\^]*c|t[\"\^]*y[\"\^]*p[\"\^]*e)|o[\"\^]*t[\"\^]*o|p[\"\^]*(?:f[\"\^]*i[\"\^]*x[\"\^]*u[\"\^]*p|(?:r[\"\^]*e[\"\^]*s[\"\^]*u[\"\^]*l[\"\^]*)?t|u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e)|r[\"\^]*a[\"\^]*f[\"\^]*t[\"\^]*a[\"\^]*b[\"\^]*l)|h[\"\^]*(?:e[\"\^]*l[\"\^]*p[\"\^]*c[\"\^]*t[\"\^]*r|o[\"\^]*s[\"\^]*t[\"\^]*n[\"\^]*a[\"\^]*m[\"\^]*e)|i[\"\^]*(?:c[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*s|p[\"\^]*(?:c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|x[\"\^]*r[\"\^]*o[\"\^]*u[\"\^]*t[\"\^]*e)|r[\"\^]*f[\"\^]*t[\"\^]*p)|j[\"\^]*e[\"\^]*t[\"\^]*p[\"\^]*a[\"\^]*c[\"\^]*k|k[\"\^]*(?:l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*e[\"\^]*t[\"\^]*u[\"\^]*p|t[\"\^]*(?:m[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|p[\"\^]*a[\"\^]*s[\"\^]*s))|l[\"\^]*(?:o[\"\^]*(?:d[\"\^]*c[\"\^]*t[\"\^]*r|g[\"\^]*(?:m[\"\^]*a[\"\^]*n|o[\"\^]*f[\"\^]*f))|p[\"\^]*[qr])|m[\"\^]*(?:a[\"\^]*(?:c[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e|k[\"\^]*e[\"\^]*c[\"\^]*a[\"\^]*b|p[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|k[\"\^]*(?:d[\"\^]*i[\"\^]*r|l[\"\^]*i[\"\^]*n[\"\^]*k)|m[\"\^]*c|o[\"\^]*u[\"\^]*n[\"\^]*t[\"\^]*v[\"\^]*o[\"\^]*l|q[\"\^]*(?:b[\"\^]*k[\"\^]*u[\"\^]*p|(?:t[\"\^]*g[\"\^]*)?s[\"\^]*v[\"\^]*c)|s[\"\^]*(?:d[\"\^]*t|i[\"\^]*(?:e[\"\^]*x[\"\^]*e[\"\^]*c|n[\"\^]*f[\"\^]*o[\"\^]*3[\"\^]*2)|t[\"\^]*s[\"\^]*c))|n[\"\^]*(?:b[\"\^]*t[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t|e[\"\^]*t[\"\^]*(?:c[\"\^]*f[\"\^]*g|d[\"\^]*o[\"\^]*m|s[\"\^]*(?:h|t[\"\^]*a[\"\^]*t))|f[\"\^]*s[\"\^]*(?:a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|s[\"\^]*(?:h[\"\^]*a[\"\^]*r[\"\^]*e|t[\"\^]*a[\"\^]*t))|l[\"\^]*(?:b[\"\^]*m[\"\^]*g[\"\^]*r|t[\"\^]*e[\"\^]*s[\"\^]*t)|s[\"\^]*l[\"\^]*o[\"\^]*o[\"\^]*k[\"\^]*u[\"\^]*p|t[\"\^]*(?:b[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*u[\"\^]*p|c[\"\^]*m[\"\^]*d[\"\^]*p[\"\^]*r[\"\^]*o[\"\^]*m[\"\^]*p[\"\^]*t|f[\"\^]*r[\"\^]*s[\"\^]*u[\"\^]*t[\"\^]*l))|o[\"\^]*(?:f[\"\^]*f[\"\^]*l[\"\^]*i[\"\^]*n[\"\^]*e|p[\"\^]*e[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)|p[\"\^]*(?:a[\"\^]*(?:g[\"\^]*e[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i|t[\"\^]*h[\"\^]*p[\"\^]*i[\"\^]*n)[\"\^]*g|(?:b[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i|k[\"\^]*t[\"\^]*m[\"\^]*o)[\"\^]*n|e[\"\^]*(?:n[\"\^]*t[\"\^]*n[\"\^]*t|r[\"\^]*f[\"\^]*m[\"\^]*o[\"\^]*n)|n[\"\^]*p[\"\^]*u[\"\^]*(?:n[\"\^]*a[\"\^]*t[\"\^]*t[\"\^]*e[\"\^]*n[\"\^]*d|t[\"\^]*i[\"\^]*l)|o[\"\^]*(?:p[\"\^]*d|w[\"\^]*e[\"\^]*r[\"\^]*s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l)|r[\"\^]*n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|(?:d[\"\^]*r[\"\^]*v|m[\"\^]*n[\"\^]*g)[\"\^]*r|j[\"\^]*o[\"\^]*b[\"\^]*s|p[\"\^]*o[\"\^]*r[\"\^]*t|q[\"\^]*c[\"\^]*t[\"\^]*l)|u[\"\^]*(?:b[\"\^]*p[\"\^]*r[\"\^]*n|s[\"\^]*h[\"\^]*(?:d|p[\"\^]*r[\"\^]*i[\"\^]*n[\"\^]*t[\"\^]*e[\"\^]*r[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*n[\"\^]*e[\"\^]*c[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*s))|w[\"\^]*(?:l[\"\^]*a[\"\^]*u[\"\^]*n[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*r|s[\"\^]*h))|q[\"\^]*(?:a[\"\^]*p[\"\^]*p[\"\^]*s[\"\^]*r[\"\^]*v|p[\"\^]*r[\"\^]*o[\"\^]*c[\"\^]*e[\"\^]*s[\"\^]*s|u[\"\^]*s[\"\^]*e[\"\^]*r|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a)|r[\"\^]*(?:d(?:[\"\^]*p[\"\^]*s[\"\^]*i[\"\^]*g[\"\^]*n)?|e[\"\^]*(?:f[\"\^]*s[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|g(?:[\"\^]*(?:i[\"\^]*n[\"\^]*i|s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2))?|l[\"\^]*o[\"\^]*g|(?:(?:p[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i|s[\"\^]*c[\"\^]*a)[\"\^]*)?n|x[\"\^]*e[\"\^]*c)|i[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*u[\"\^]*p|m[\"\^]*d[\"\^]*i[\"\^]*r|o[\"\^]*b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y|p[\"\^]*c[\"\^]*(?:i[\"\^]*n[\"\^]*f[\"\^]*o|p[\"\^]*i[\"\^]*n[\"\^]*g)|s[\"\^]*h|u[\"\^]*n[\"\^]*d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a)|s[\"\^]*(?:a[\"\^]*n|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|w[\"\^]*c[\"\^]*m[\"\^]*d)|e[\"\^]*(?:c[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*t|r[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*(?:(?:c[\"\^]*e[\"\^]*i[\"\^]*p|w[\"\^]*e[\"\^]*r)[\"\^]*o[\"\^]*p[\"\^]*t[\"\^]*i[\"\^]*n|m[\"\^]*a[\"\^]*n[\"\^]*a[\"\^]*g[\"\^]*e[\"\^]*r[\"\^]*c[\"\^]*m[\"\^]*d)|t[\"\^]*x)|f[\"\^]*c|(?:h[\"\^]*o[\"\^]*w[\"\^]*m[\"\^]*o[\"\^]*u[\"\^]*n|u[\"\^]*b[\"\^]*s)[\"\^]*t|x[\"\^]*s[\"\^]*t[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*e|y[\"\^]*s[\"\^]*(?:o[\"\^]*c[\"\^]*m[\"\^]*g[\"\^]*r|t[\"\^]*e[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o))|t[\"\^]*(?:a[\"\^]*(?:k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n|p[\"\^]*i[\"\^]*c[\"\^]*f[\"\^]*g|s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t))|(?:c[\"\^]*m[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*u|f[\"\^]*t)[\"\^]*p|(?:(?:e[\"\^]*l[\"\^]*n[\"\^]*e|i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u)[\"\^]*|r[\"\^]*a[\"\^]*c[\"\^]*e[\"\^]*r[\"\^]*(?:p[\"\^]*)?)t|l[\"\^]*n[\"\^]*t[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*n|p[\"\^]*m[\"\^]*(?:t[\"\^]*o[\"\^]*o[\"\^]*l|v[\"\^]*s[\"\^]*c[\"\^]*m[\"\^]*g[\"\^]*r)|s[\"\^]*(?:(?:d[\"\^]*i[\"\^]*s[\"\^]*)?c[\"\^]*o[\"\^]*n|e[\"\^]*c[\"\^]*i[\"\^]*m[\"\^]*p|k[\"\^]*i[\"\^]*l[\"\^]*l|p[\"\^]*r[\"\^]*o[\"\^]*f)|y[\"\^]*p[\"\^]*e[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*f|z[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l)|u[\"\^]*n[\"\^]*(?:e[\"\^]*x[\"\^]*p[\"\^]*o[\"\^]*s[\"\^]*e|i[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*i[\"\^]*d|l[\"\^]*o[\"\^]*d[\"\^]*c[\"\^]*t[\"\^]*r)|v[\"\^]*s[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|w[\"\^]*(?:a[\"\^]*i[\"\^]*t[\"\^]*f[\"\^]*o[\"\^]*r|b[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|(?:d[\"\^]*s|e[\"\^]*(?:c|v[\"\^]*t))[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|h[\"\^]*o[\"\^]*a[\"\^]*m[\"\^]*i|i[\"\^]*n[\"\^]*(?:n[\"\^]*t(?:[\"\^]*3[\"\^]*2)?|r[\"\^]*s)|m[\"\^]*i[\"\^]*c|s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)|x[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)(?:\.[\"\^]*[0-9A-Z_a-z]+)?\b" \ "id:932380,\ phase:2,\ block,\ @@ -868,14 +868,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -934,7 +934,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -967,7 +967,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx \$(?:\((?:.*|\(. tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1016,7 +1016,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.932200_matched_var_name=%{matched_var_name}',\ chain" @@ -1058,7 +1058,7 @@ SecRule REQUEST_HEADERS:Referer "@rx ^[^#]+" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.932205_matched_var_name=%{matched_var_name}',\ chain" @@ -1101,7 +1101,7 @@ SecRule REQUEST_HEADERS:Referer "@rx ^[^\.]*?(?:['\*\?\x5c`][^\n/]+/|/[^/]+?['\* tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.932206_matched_var_name=%{matched_var_name}',\ chain" @@ -1134,7 +1134,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1197,7 +1197,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|XML: tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.932240_matched_var_name=%{matched_var_name}',\ chain" @@ -1239,7 +1239,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1266,7 +1266,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME # (consult https://coreruleset.org/docs/development/regex_assembly/ for details): # crs-toolchain regex update 932300 # -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \r\n.*?\b(?:E(?:HLO [\-\.A-Za-z\x17f\x212a]{1,255}|XPN .{1,64})|HELO [\-\.A-Za-z\x17f\x212a]{1,255}|MAIL FROM:<.{1,64}@.{1,255}>|R(?:CPT TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SET\b)|VRFY .{1,64}(?: <.{1,64}@.{1,255}>|@.{1,255})|AUTH [\-0-9A-Z_a-z\x17f\x212a]{1,20} (?:(?:[\+/-9A-Z_a-z\x17f\x212a]{4})*(?:[\+/-9A-Z_a-z\x17f\x212a]{2}=|[\+/-9A-Z_a-z\x17f\x212a]{3}))?=|STARTTLS\b|NOOP\b(?: .{1,255})?)" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)\r\n.*?\b(?:E(?:HLO[\s\x0b][\-\.a-z]{1,255}|XPN[\s\x0b].{1,64})|HELO[\s\x0b][\-\.a-z]{1,255}|MAIL[\s\x0b]FROM:<.{1,64}@.{1,255}>|R(?:CPT[\s\x0b]TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SET\b)|VRFY[\s\x0b].{1,64}(?:[\s\x0b]<.{1,64}@.{1,255}>|@.{1,255})|AUTH[\s\x0b][\-0-9_a-z]{1,20}[\s\x0b](?:(?:[\+/-9A-Z_a-z]{4})*(?:[\+/-9A-Z_a-z]{2}=|[\+/-9A-Z_a-z]{3}))?=|STARTTLS\b|NOOP\b(?:[\s\x0b].{1,255})?)" \ "id:932300,\ phase:2,\ block,\ @@ -1281,7 +1281,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1313,7 +1313,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1347,7 +1347,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1409,7 +1409,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1471,7 +1471,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)(?:^|b[\"'\) tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1506,14 +1506,14 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@pmFromFile unix-she tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -1572,7 +1572,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1629,7 +1629,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)\b(?:7z[arx] tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1686,7 +1686,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1722,7 +1722,7 @@ SecRule ARGS "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1756,7 +1756,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1789,7 +1789,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1822,7 +1822,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1855,14 +1855,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf index e910ca3cd7..d85cd6fee8 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -59,7 +59,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -100,7 +100,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -124,7 +124,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.933120_matched_var=%{MATCHED_VAR}',\ setvar:'tx.933120_matched_var_name=%{MATCHED_VAR_NAME}',\ @@ -155,7 +155,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -186,7 +186,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -222,7 +222,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -258,7 +258,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -325,7 +325,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -377,7 +377,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -432,7 +432,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -487,7 +487,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -534,13 +534,13 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -577,7 +577,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.933151_matched_var=%{MATCHED_VAR}',\ setvar:'tx.933151_matched_var_name=%{MATCHED_VAR_NAME}',\ @@ -592,8 +592,8 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -635,7 +635,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -679,7 +679,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -721,7 +721,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -750,7 +750,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -785,14 +785,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf index 5db670a750..53f9d5fd52 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -65,7 +65,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -100,7 +100,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/664',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -135,7 +135,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1/180/77',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -167,7 +167,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -198,7 +198,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -228,13 +228,13 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -256,7 +256,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -308,7 +308,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/664',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -340,20 +340,20 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf index bf36cca7ba..54bba88148 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -62,7 +62,7 @@ SecRule REQUEST_FILENAME "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-12 nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetByTag=xss-perf-disable;REQUEST_FILENAME,\ - ver:'OWASP_CRS/4.10.0'" + ver:'OWASP_CRS/4.11.0'" # @@ -94,7 +94,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -121,7 +121,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -151,7 +151,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -180,7 +180,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -213,7 +213,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -238,7 +238,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -265,7 +265,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -292,7 +292,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -314,7 +314,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -336,7 +336,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -358,7 +358,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -380,7 +380,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -402,7 +402,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -424,7 +424,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -446,7 +446,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -468,7 +468,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -490,7 +490,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -512,7 +512,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -534,7 +534,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -594,7 +594,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "@rx (?:\xbc\s*/\s*[^\xbe>]*[\xbe>])|(?:<\s*/\s*[^\xbe]*\xbe)" \ @@ -623,7 +623,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -665,7 +665,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -693,7 +693,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|REQU tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -725,7 +725,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -755,14 +755,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -786,7 +786,7 @@ SecRule REQUEST_FILENAME|REQUEST_HEADERS:Referer "@detectXSS" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -820,7 +820,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -846,7 +846,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -874,7 +874,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -962,7 +962,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -984,7 +984,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1009,7 +1009,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1042,23 +1042,23 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf index c31cd75744..4a5bfad21e 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -59,7 +59,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ @@ -90,7 +90,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -107,7 +107,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME # (consult https://coreruleset.org/docs/development/regex_assembly/ for details): # crs-toolchain regex update 942151 # -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)\b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*\(" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)\b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert_tz)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|s_(?:de|en)crypt)|ump)|e(?:n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|insert|object(?:_(?:agg|keys))?|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|east|i(?:kely|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2))|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:lygon|w)|rocedure_analyse)|qu(?:ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp))|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*\(" \ "id:942151,\ phase:2,\ block,\ @@ -123,7 +123,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -167,7 +167,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -193,7 +193,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -219,7 +219,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -243,7 +243,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -269,7 +269,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -295,7 +295,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -316,7 +316,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -337,7 +337,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -363,7 +363,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -389,7 +389,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -418,7 +418,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -444,7 +444,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -483,7 +483,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -524,7 +524,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ @@ -561,7 +561,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -590,7 +590,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -619,14 +619,14 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -659,7 +659,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx (?i)[!=]=|&&|\|\||->|>[=>]| tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -700,7 +700,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.942130_matched_var_name=%{matched_var_name}',\ chain" @@ -736,7 +736,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.942131_matched_var_name=%{matched_var_name}',\ @@ -773,7 +773,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -816,7 +816,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -845,7 +845,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -874,7 +874,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -900,7 +900,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -926,7 +926,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -952,7 +952,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -986,7 +986,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1015,7 +1015,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1040,7 +1040,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1070,7 +1070,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1102,7 +1102,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1128,7 +1128,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1154,7 +1154,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1180,7 +1180,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1211,7 +1211,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1240,7 +1240,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1269,7 +1269,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1310,7 +1310,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1328,7 +1328,7 @@ SecRule ARGS_GET:fbclid "@rx [a-zA-Z0-9_-]{61,61}" \ nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetById=942440;ARGS:fbclid,\ - ver:'OWASP_CRS/4.10.0'" + ver:'OWASP_CRS/4.11.0'" # # -=[ Exclusion rule for 942440 ]=- @@ -1343,7 +1343,7 @@ SecRule ARGS_GET:gclid "@rx [a-zA-Z0-9_-]{91,91}" \ nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetById=942440;ARGS:gclid,\ - ver:'OWASP_CRS/4.10.0'" + ver:'OWASP_CRS/4.11.0'" # # -=[ Detect SQL Comment Sequences ]=- @@ -1397,7 +1397,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "!@rx ^ey[\-0-9A-Z_a-z]+\.ey[\-0-9A-Z_a-z]+\.[\-0-9A-Z_a-z]+$" \ @@ -1428,7 +1428,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1475,7 +1475,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1502,7 +1502,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1535,7 +1535,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.942521_matched_var_name=%{matched_var_name}',\ chain" @@ -1563,7 +1563,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ^.*?\x5c['\"`](?:.*?['\"`])?\s*(?:and|or)\b" tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1601,7 +1601,7 @@ SecRule REQUEST_BASENAME|REQUEST_FILENAME "@detectSQLi" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1633,7 +1633,7 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)\b(?:a(?:dd( tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1663,15 +1663,15 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)create[\s\x0 tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -1703,7 +1703,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1727,7 +1727,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1767,7 +1767,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1796,7 +1796,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1826,7 +1826,7 @@ SecRule ARGS "@rx \W{4}" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1874,7 +1874,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -1903,14 +1903,14 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -1937,7 +1937,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1966,7 +1966,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf index 5912cde947..6f63587e77 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -14,8 +14,8 @@ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -43,7 +43,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.session_fixation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -64,7 +64,7 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.943110_matched_var_name=%{matched_var_name}',\ chain" @@ -91,7 +91,7 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.943120_matched_var_name=%{matched_var_name}',\ chain" @@ -102,24 +102,24 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf index 0dd355a0ee..e458389358 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-944-APPLICATION-ATTACK-JAVA.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -13,8 +13,8 @@ # # Many rules check request bodies, use "SecRequestBodyAccess On" to enable it on main modsecurity configuration file. -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -46,7 +46,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -78,7 +78,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS|XML:/*|XML://@* "@rx (?i)(?:unmarshaller|base64data|java\.)" \ @@ -103,7 +103,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "@rx (?:runtime|processbuilder)" \ @@ -135,7 +135,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -173,7 +173,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -221,14 +221,14 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -259,7 +259,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -291,7 +291,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -312,7 +312,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -333,7 +333,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -357,7 +357,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -382,14 +382,14 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # @@ -416,14 +416,14 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # @@ -452,7 +452,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf index 4c0ada7747..293adb1822 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/REQUEST-949-BLOCKING-EVALUATION.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -24,7 +24,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ @@ -34,7 +34,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ @@ -44,7 +44,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ @@ -54,7 +54,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ @@ -64,7 +64,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ @@ -74,7 +74,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ @@ -84,7 +84,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ @@ -94,7 +94,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" # at start of phase 2, we reset the aggregate scores to 0 to prevent duplicate counting of per-PL scores @@ -106,7 +106,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=0'" SecAction \ @@ -116,7 +116,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=0'" # Summing up the blocking and detection anomaly scores in phase 2 @@ -128,7 +128,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ @@ -138,7 +138,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ @@ -148,7 +148,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ @@ -158,7 +158,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ @@ -168,7 +168,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ @@ -178,7 +178,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ @@ -188,7 +188,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ @@ -198,7 +198,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" @@ -217,7 +217,7 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh msg:'Inbound Anomaly Score Exceeded in phase 1 (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\ tag:'anomaly-evaluation',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ chain" SecRule TX:EARLY_BLOCKING "@eq 1" @@ -230,34 +230,34 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\ tag:'anomaly-evaluation',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0'" + ver:'OWASP_CRS/4.11.0'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf index e6078b21f6..76a3b728fb 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-950-DATA-LEAKAGES.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -28,7 +28,7 @@ SecRule TX:crs_skip_response_analysis "@eq 1" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION" # Skip all rules if RESPONSE_BODY is compressed. @@ -38,11 +38,11 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -66,7 +66,7 @@ SecRule RESPONSE_BODY "@rx (?:<(?:TITLE>Index of.*?Index of.*?Inde tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54/127',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -98,13 +98,13 @@ SecRule RESPONSE_BODY "@rx ^#\!\s?/" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -128,22 +128,22 @@ SecRule RESPONSE_STATUS "@rx ^5\d{2}$" \ tag:'OWASP_CRS',\ tag:'capec/1000/152',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf index 849455bbc9..67020f6cd7 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -19,11 +19,11 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -46,7 +46,7 @@ SecRule RESPONSE_BODY "!@pmFromFile sql-errors.data" \ tag:'attack-disclosure',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-SQL-ERROR-MATCH-PL1" SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])" \ @@ -64,7 +64,7 @@ SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Micr tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -89,7 +89,7 @@ SecRule RESPONSE_BODY "@rx (?i)\bORA-[0-9][0-9][0-9][0-9][0-9]:|java\.sql\.SQLEx tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -109,7 +109,7 @@ SecRule RESPONSE_BODY "@rx (?i:DB2 SQL error:|\[IBM\]\[CLI Driver\]\[DB2/6000\]| tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -129,7 +129,7 @@ SecRule RESPONSE_BODY "@rx (?i:\[DM_QUERY_E_SYNTAX\]|has occurred in the vicinit tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -149,7 +149,7 @@ SecRule RESPONSE_BODY "@rx (?i)Dynamic SQL Error" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -169,7 +169,7 @@ SecRule RESPONSE_BODY "@rx (?i)Exception (?:condition )?\d+\. Transaction rollba tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -189,7 +189,7 @@ SecRule RESPONSE_BODY "@rx (?i)org\.hsqldb\.jdbc" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -209,7 +209,7 @@ SecRule RESPONSE_BODY "@rx (?i:An illegal character has been found in the statem tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -229,7 +229,7 @@ SecRule RESPONSE_BODY "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|Ingres\W.*Driver tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -249,7 +249,7 @@ SecRule RESPONSE_BODY "@rx (?i:Warning: ibase_|Unexpected end of command tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -269,7 +269,7 @@ SecRule RESPONSE_BODY "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -289,7 +289,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:System\.Data\.OleDb\.OleDbException|\[Microsof tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -314,7 +314,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:supplied argument is not a valid |SQL syntax.* tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -339,7 +339,7 @@ SecRule RESPONSE_BODY "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -359,7 +359,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/J tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -379,7 +379,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*S tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -387,24 +387,24 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*S SecMarker "END-SQL-ERROR-MATCH-PL1" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf index 389cfd6c43..61801ffee7 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-952-DATA-LEAKAGES-JAVA.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -19,11 +19,11 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -47,7 +47,7 @@ SecRule RESPONSE_BODY "@pmFromFile java-code-leakages.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -72,30 +72,30 @@ SecRule RESPONSE_BODY "@pmFromFile java-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf index 763bb9b549..caf569d28b 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -19,11 +19,11 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -47,7 +47,7 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -72,7 +72,7 @@ SecRule RESPONSE_BODY "@rx (?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scan tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -98,13 +98,13 @@ SecRule RESPONSE_BODY "@rx (?i)<\?(?:=|php)?\s+" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # @@ -131,21 +131,21 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors-pl2.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf index b31166a2b3..d2e1a3cef7 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-954-DATA-LEAKAGES-IIS.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -19,11 +19,11 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -45,7 +45,7 @@ SecRule RESPONSE_BODY "@rx [a-z]:\x5cinetpub\b" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -66,7 +66,7 @@ SecRule RESPONSE_BODY "@rx (?:Microsoft OLE DB Provider for SQL Server(?: tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -90,7 +90,7 @@ SecRule RESPONSE_BODY "@pmFromFile iis-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -112,7 +112,7 @@ SecRule RESPONSE_STATUS "!@rx ^404$" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'ERROR',\ chain" SecRule RESPONSE_BODY "@rx \bServer Error in.{0,50}?\bApplication\b" \ @@ -122,24 +122,24 @@ SecRule RESPONSE_STATUS "!@rx ^404$" \ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher) # -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" # # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher) # diff --git a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf index ae8a34dfc3..899436c28b 100644 --- a/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf +++ b/src/common/core/modsecurity/files/coreruleset-v4/rules/RESPONSE-955-WEB-SHELLS.conf @@ -1,7 +1,7 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.10.0 +# OWASP CRS ver.4.11.0 # Copyright (c) 2006-2020 Trustwave and contributors. (not) All rights reserved. -# Copyright (c) 2021-2024 CRS project. All rights reserved. +# Copyright (c) 2021-2025 CRS project. All rights reserved. # # The OWASP CRS is distributed under # Apache Software License (ASL) version 2 @@ -19,11 +19,11 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ skipAfter:END-RESPONSE-955-WEB-SHELLS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.10.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.11.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" # # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher) # @@ -44,7 +44,7 @@ SecRule RESPONSE_BODY "@pmFromFile web-shells-php.data" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -63,7 +63,7 @@ SecRule RESPONSE_BODY "@rx r57 Shell Version [0-9.]+|r57 s tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -82,7 +82,7 @@ SecRule RESPONSE_BODY "@rx ^<html><head><meta http-equiv='Content-Type' content= tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -101,7 +101,7 @@ SecRule RESPONSE_BODY "@rx B4TM4N SH3LL.*Mini Shell.*Developed By LameHacker" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -139,7 +139,7 @@ SecRule RESPONSE_BODY "@rx \.:: .* ~ Ashiyane V [0-9.]+ ::\." \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -158,7 +158,7 @@ SecRule RESPONSE_BODY "@rx Symlink_Sa [0-9.]+" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -177,7 +177,7 @@ SecRule RESPONSE_BODY "@rx CasuS [0-9.]+ by MafiABoY" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -196,7 +196,7 @@ SecRule RESPONSE_BODY "@rx ^\r\n\r\nGRP WebShell [0-9.]+ " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -215,7 +215,7 @@ SecRule RESPONSE_BODY "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>\n$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -234,7 +234,7 @@ SecRule RESPONSE_BODY "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ - " tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -253,7 +253,7 @@ SecRule RESPONSE_BODY "@rx ^<!DOCTYPE html>\n<html>\n<!-- By Artyum .*<title>Web tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -272,7 +272,7 @@ SecRule RESPONSE_BODY "@rx <title>lama's'hell v. [0-9.]+" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -291,7 +291,7 @@ SecRule RESPONSE_BODY "@rx ^ *\n[ ]+\n[ ]+lostDC - " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -310,7 +310,7 @@ SecRule RESPONSE_BODY "@rx ^<title>PHP Web Shell\r\n\r\n\r\n tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -329,7 +329,7 @@ SecRule RESPONSE_BODY "@rx ^\n\n
\n\nRu24PostWebShell " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -369,7 +369,7 @@ SecRule RESPONSE_BODY "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King\r\n\r\n\n\n\n\ng00nshell v[0-9.]+ " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -428,7 +428,7 @@ SecRule RESPONSE_BODY "@contains <title>punkholicshell" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -447,7 +447,7 @@ SecRule RESPONSE_BODY "@rx ^\n \n azrail [0- tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -466,7 +466,7 @@ SecRule RESPONSE_BODY "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.10.0',\ + ver:'OWASP_CRS/4.11.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.bunkerweb_rules=%{tx.bunkerweb_rules} %{rule.id}'" @@ -485,7 +485,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\n<title>.*? ~ Shell I\n\n\nsnippet sub\n ${1}\nsnippet summary\n \n ${1}\n \nsnippet sup\n ${1}\nsnippet table\n \n ${2}\n
\nsnippet table.\n \n ${3}\n
\nsnippet table#\n \n ${3}\n
\nsnippet tbody\n \n ${1}\n \nsnippet td\n ${1}\nsnippet td.\n ${2}\nsnippet td#\n ${2}\nsnippet td+\n ${1}\n td+${2}\nsnippet textarea\n ${6}\nsnippet tfoot\n \n ${1}\n \nsnippet th\n ${1}\nsnippet th.\n ${2}\nsnippet th#\n ${2}\nsnippet th+\n ${1}\n th+${2}\nsnippet thead\n \n ${1}\n \nsnippet time\n