OWASP ModSec CRS Paranoia Mode Sibling 970003

From OWASP
Revision as of 03:49, 10 March 2016 by Zino (talk | contribs) (970003 : SQL Error Leakage)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page contains a proposal for a stricter rule-clone for ModSecurity CRS Paranoia Mode.

970003 : SQL Error Leakage

RuleID 2.2.x RuleID 3.0.0-rc1 (original Rule) RuleID 3.0.0-rc1 (paranoid Rule) Change Whitelisting
970003 951100 951101-951104 Triggers anomaly score directly now none
 #
 # -=[ SQL Error Leakage ]=-
 #
 # This is a paranoid sibling to 2.2.9 Rule 970003.
 # The rule now triggers the anomaly scoring instantly
 # instead of just setting tx.sql_error_match.
 # For 3.0.0-rc1 rule, see 951100.
 #
 SecRule RESPONSE_BODY "@pmFromFile sql-errors.data" \
       "phase:response,\
       id:XXXXXX,\
       rev:'5',\
       ver:'OWASP_CRS/3.0.0',\
       pass,\
       nolog,\
       tag:'application-multi',\
       tag:'language-multi',\
       tag:'platform-multi',\
       tag:'attack-information disclosure',\
       setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
       t:none"