Hello! Can some help about REQUEST-920-PROTOCOL-ENFORCEMENT.conf? Used: modsecurity v3 from master, nginx 1.10.2, core rules from github
crs-setup.conf: SecDefaultAction "phase:1,log,auditlog,pass" SecDefaultAction "phase:2,log,auditlog,pass" SecAction \ "id:900000,\ phase:1,\ nolog,\ pass,\ t:none,\ setvar:tx.paranoia_level=1" SecAction \ "id:900110,\ phase:1,\ nolog,\ pass,\ t:none,\ setvar:tx.inbound_anomaly_score_threshold=5,\ setvar:tx.outbound_anomaly_score_threshold=4" SecCollectionTimeout 600 SecAction \ "id:900990,\ phase:1,\ nolog,\ pass,\ t:none,\ setvar:tx.crs_setup_version=302" Log file have: ModSecurity: Warning. Matched "Operator `Eq' with parameter `0' against variable `REQUEST_HEADERS:Content-Length' (Value: `0' ) [file "/etc/nginx/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "258"] [id "920180"] [rev "1"] [msg "POST request missing Content-Length Header."] [data "0"] [severity "4"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [ref "o0,4v0,4"] ModSecurity: Warning. Matched "Operator `ValidadeByteRange' with parameter `1-255' against variable `REQUEST_HEADERS:Cookie' (Value: `JSESSIONID=XXXXXXXXXXXXXX; loggedin=true; hash=yyyyyyy; loggedUser=gggggg (781 characters omitted)' ) [file "/etc/nginx/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "488"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [ref "o185,1o186,1o187,1o188,1o189,1o190,1o191,1o192,1o193,1o194,1o195,1o196,1o197,1o198,1o199,1o200,1o201,1o202,1o313,1o314,1o315,1o316,1o317,1o318,1o319,1o320,1o321,1o322,1o323,1o324,1o325,1o326,1o327,1o328,1o329,1o330,1o331,1o332,1o333,1o334,1o335,1o336,1o337,1o338,1o408,1o409,1o410,1o411,1o412,1o413,1v479,881t:urlDecodeUni"] How understend this is log? How Write request to log? -- С уважением, Антон Пацев. Best regards, Anton Patsev.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set