|
| 1 | +[ |
| 2 | + { |
| 3 | + "enabled":1, |
| 4 | + "version_min":300000, |
| 5 | + "title":"Testing setvar :: OWASP CRS id:920450 ('Translate' match)", |
| 6 | + "client":{ |
| 7 | + "ip":"200.249.12.31", |
| 8 | + "port":123 |
| 9 | + }, |
| 10 | + "server":{ |
| 11 | + "ip":"200.249.12.31", |
| 12 | + "port":80 |
| 13 | + }, |
| 14 | + "request":{ |
| 15 | + "headers":{ |
| 16 | + "Translate": "test" |
| 17 | + }, |
| 18 | + "uri":"/", |
| 19 | + "method":"GET" |
| 20 | + }, |
| 21 | + "response":{ |
| 22 | + "headers":{ |
| 23 | + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", |
| 24 | + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", |
| 25 | + "Content-Type":"text/html" |
| 26 | + }, |
| 27 | + "body":[ |
| 28 | + "no need." |
| 29 | + ] |
| 30 | + }, |
| 31 | + "expected":{ |
| 32 | + "http_code":400 |
| 33 | + }, |
| 34 | + "rules":[ |
| 35 | + "SecRuleEngine On", |
| 36 | + "SecDefaultAction \"phase:2,deny,block,status:400,log\"", |
| 37 | + "SecRule &TX:restricted_headers \"@eq 0\" \"id:901165,phase:1,pass,nolog,setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'\"", |
| 38 | + "SecRule REQUEST_HEADERS_NAMES \"@rx ^.*$\" \"id:920450,phase:2,block,capture,t:none,t:lowercase,msg:'HTTP header is restricted by policy (%{MATCHED_VAR})',logdata:' Restricted header detected %{MATCHED_VAR}',ver:'OWASP_CRS/3.1.0',severity:'CRITICAL',setvar:'tx.header_name_%{tx.0}=/%{tx.0}/',chain", |
| 39 | + "SecRule TX:/^HEADER_NAME_/ \"@within %{tx.restricted_headers}\" \"setvar:'tx.msg=%{rule.msg}',setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.%{rule.id}-OWASP_CRS/POLICY/HEADERS_RESTRICTED-%{MATCHED_VAR_NAME}=%{MATCHED_VAR}'" |
| 40 | + ] |
| 41 | + }, |
| 42 | + { |
| 43 | + "enabled":1, |
| 44 | + "version_min":300000, |
| 45 | + "title":"Testing setvar :: OWASP CRS id:920450 ('Proxy-Connection' not match)", |
| 46 | + "client":{ |
| 47 | + "ip":"200.249.12.31", |
| 48 | + "port":123 |
| 49 | + }, |
| 50 | + "server":{ |
| 51 | + "ip":"200.249.12.31", |
| 52 | + "port":80 |
| 53 | + }, |
| 54 | + "request":{ |
| 55 | + "headers":{ |
| 56 | + "Accept": "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5", |
| 57 | + "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.7", |
| 58 | + "Accept-Encoding": "gzip,deflate", |
| 59 | + "Accept-Language": "en-us,en;q=0.5", |
| 60 | + "Host": "localhost", |
| 61 | + "Keep-Alive": "300", |
| 62 | + "Proxy-Connection": "keep-alive", |
| 63 | + "User-Agent": "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv" |
| 64 | + }, |
| 65 | + "uri":"/", |
| 66 | + "method":"GET" |
| 67 | + }, |
| 68 | + "response":{ |
| 69 | + "headers":{ |
| 70 | + "Date":"Mon, 13 Jul 2015 20:02:41 GMT", |
| 71 | + "Last-Modified":"Sun, 26 Oct 2014 22:33:37 GMT", |
| 72 | + "Content-Type":"text/html" |
| 73 | + }, |
| 74 | + "body":[ |
| 75 | + "no need." |
| 76 | + ] |
| 77 | + }, |
| 78 | + "expected":{ |
| 79 | + "http_code":200 |
| 80 | + }, |
| 81 | + "rules":[ |
| 82 | + "SecRuleEngine On", |
| 83 | + "SecDefaultAction \"phase:2,deny,block,status:400,log\"", |
| 84 | + "SecRule &TX:restricted_headers \"@eq 0\" \"id:901165,phase:1,pass,nolog,setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /translate/ /if/'\"", |
| 85 | + "SecRule REQUEST_HEADERS_NAMES \"@rx ^.*$\" \"id:920450,phase:2,block,capture,t:none,t:lowercase,msg:'HTTP header is restricted by policy (%{MATCHED_VAR})',logdata:' Restricted header detected %{MATCHED_VAR}',ver:'OWASP_CRS/3.1.0',severity:'CRITICAL',setvar:'tx.header_name_%{tx.0}=/%{tx.0}/',chain", |
| 86 | + "SecRule TX:/^HEADER_NAME_/ \"@within %{tx.restricted_headers}\" \"setvar:'tx.msg=%{rule.msg}',setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}',setvar:'tx.%{rule.id}-OWASP_CRS/POLICY/HEADERS_RESTRICTED-%{MATCHED_VAR_NAME}=%{MATCHED_VAR}'" |
| 87 | + ] |
| 88 | + } |
| 89 | +] |
| 90 | + |
0 commit comments