Introduction to the Modsecurity general rules

Source: Internet
Author: User
Tags character set sql injection modsecurity

OWASP Rules:
Part I: Base rule set
MODSECURITY_CRS_20_PROTOCOL_VIOLATIONS.CONF HTTP protocol specification related rules
MODSECURITY_CRS_21_PROTOCOL_ANOMALIES.CONF HTTP protocol specification related rules
modsecurity_crs_23_request_limits.conf HTTP protocol size length limits related rules
modsecurity_crs_30_http_policy.conf HTTP protocol White list related rules
Modsecurity_crs_35_bad_robots.conf malicious scanners and crawler rules
Modsecurity_crs_40_generic_attacks.conf common attacks such as command execution, code execution, injection, file inclusion, sensitive information disclosure, session fixing, HTTP response splitting, and other related rules
modsecurity_crs_41_sql_injection_attacks.conf SQL injection related rules (there is a mongodb injected rule, very full)
Modsecurity_crs_41_xss_attacks.conf XSS Related rules
Modsecurity_crs_42_tight_security.conf Directory Traversal related rules
MODSECURITY_CRS_45_TROJANS.CONF Webshell Related rules
modsecurity_crs_47_common_exceptions.conf Apache Exception related rules
MODSECURITY_CRS_49_INBOUND_BLOCKING.CONF Cooperative Defense related rules
MODSECURITY_CRS_50_OUTBOUND.CONF detects error messages, warning messages, and column directory information in Response_body
MODSECURITY_CRS_59_OUTBOUND_BLOCKING.CONF Cooperative Defense related rules
MODSECURITY_CRS_60_CORRELATION.CONF Cooperative Defense related rules
Part II: SLR rule set
From the determination of the app's POC, will not be false, the detection method is to check whether the current request file path appears in the data file, if there is another next test, otherwise skip the rule set detection
modsecurity_crs_46_slr_et_joomla_attacks.conf Joomla Application of various vulnerability rules
Modsecurity_crs_46_slr_et_lfi_attacks.conf The local files of various apps contain relevant rules
Various vulnerability rules applied by modsecurity_crs_46_slr_et_phpbb_attacks.conf phpBB
modsecurity_crs_46_slr_et_rfi_attacks.conf remote files for various apps contain relevant rules
modsecurity_crs_46_slr_et_sqli_attacks.conf SQL injection related rules for various apps
modsecurity_crs_46_slr_et_wordpress_attacks.conf wordpress Application of various vulnerability rules
Modsecurity_crs_46_slr_et_xss_attacks.conf the XSS related rules for various apps

Part III: Optional rule sets
modsecurity_crs_10_ignore_static.conf static files But WAF detection of related rules
Modsecurity_crs_11_avs_traffic.conf AVS (Authorized vulnerability Scanner) IP White list rule
Modsecurity_crs_13_xml_enabler.conf request body enable XML parsing processing
Modsecurity_crs_16_authentication_tracking.conf Log Login success and failure request
modsecurity_crs_16_session_hijacking.conf Session Hijacking Detection
modsecurity_crs_16_username_tracking.conf Password Complexity detection
modsecurity_crs_25_cc_known.conf CreditCard Verification
modsecurity_crs_42_comment_spam.conf Spam Comment detection
Modsecurity_crs_43_csrf_protection.conf and modsecurity_crs_16_session_hijacking.conf joint detection, using Content injection action append injection CSRF Token
Modsecurity_crs_46_av_scanning.conf uses external scripting to scan for viruses
Supplement of Modsecurity_crs_47_skip_outbound_checks.conf modsecurity_crs_10_ignore_static.conf
Modsecurity_crs_49_header_tagging.conf The WAF rule hit situation with the Apache Requestheader instruction into the request header for further processing by subsequent applications
Modsecurity_crs_55_application_defects.conf Security Header (x-xss-protection,x-frame-options,x-content-type-options) settings, Security cookie Settings (domain,httponly,secure), character set settings, and other rules
Modsecurity_crs_55_marketing.conf Records Msn/google/yahoo Robot situation

Part IV: Experimental rule sets
Modsecurity_crs_11_brute_force.conf defensive violence to break the rules
Modsecurity_crs_11_dos_protection.conf anti-DOS attack related rules
Modsecurity_crs_11_proxy_abuse.conf detect whether x-forwarded-for is a malicious proxy ip,ip blacklist
modsecurity_crs_11_slow_dos_protection.conf Slow HTTP Dos attack rules
modsecurity_crs_25_cc_track_pan.conf Detection Response Body Credit card information
modsecurity_crs_40_http_parameter_pollution.conf Detection parameter pollution
modsecurity_crs_42_csp_enforcement.conf CSP Security Policy settings
Modsecurity_crs_48_bayes_analysis.conf uses an external script to take Bayesian analysis to analyze HTTP requests, distinguishing between normal and malicious requests
Modsecurity_crs_55_response_profiling.conf uses an external script to replace malicious content in the response body with NULL
modsecurity_crs_56_pvi_checks.conf using an external script to detect request_filename in the OSVDB Vulnerability Library
Modsecurity_crs_61_ip_forensics.conf uses external scripts to collect IP domain names, GEO, and other information
modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf appsensor Detection settings file
modsecurity_crs_40_appsensor_detection_point_3.0_end.conf appsensor Detection settings file
modsecurity_crs_16_scanner_integration.conf sets the IP whitelist to the scanner and invokes the scanner API to detect
Using modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf,modsecurity_crs_40_appsensor_detection_point_3.0 _end.conf to track XSS vulnerability parameters and Sqli vulnerability parameters
Modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf uses external scripts to detect request methods, parameter numbers, parameter names, parameter lengths, parametric characters, and so on.
modsecurity_crs_40_appsensor_detection_point_2.9_honeytrap.conf use hidden parameters to set the Honeypot

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.