OWASP ModSec CRS Paranoia Mode Sibling 960901

This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.

960901 : Invalid character in request
# # [ Invalid character in request ] # # This is a paranoid sibling to 2.2.x Rule 960901. # Byte range restrictions are now set to 32-126. # For unadapted 3.0.0 Rule see Rule ID 920270. # SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer "@validateByteRange 32-126" \ "phase:request,\       rev:'2',\        ver:'OWASP_CRS/3.0.0',\        maturity:'9',\        accuracy:'9',\        block,\        msg:'Invalid character in request',\        id:'XXXXXX',\        severity:'ERROR',\        t:none,t:urlDecodeUni,\        tag:'application-multi',\        tag:'language-multi',\        tag:'platform-multi',\        tag:'attack-protocol',\        tag:'OWASP_CRS/PROTOCOL_VIOLATION/EVASION',\        setvar:'tx.msg=%{rule.msg}',\        setvar:tx.anomaly_score=+%{tx.error_anomaly_score},\        setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/EVASION-%{matched_var_name}=%{matched_var}"