vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kys16

Browse Source
This commit is contained in:
vasco
2026-06-02 23:38:20 +01:00
parent c053a064b2
commit 0992d4a6e0
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
conf/modsecurity.conf
View File

@@ -8,12 +8,12 @@ SecAuditLogType Serial
SecAuditLog /var/log/modsecurity/audit.log SecAuditLog /var/log/modsecurity/audit.log
# sql injection # sql injection
SecRule REQUEST_URI|ARGS "(?i:(?:select|insert|update|delete|drop|union|create|alter|truncate)\s+.+\s+from|'[^']*'|--|;|\b(or|and)\b\s+\d+\s*=\s*\d+)" \ SecRule ARGS "(?i)(['\"]|--|#|/\*|\*/)" \
"id:950001,phase:1,deny,status:403,msg:'SQL INJECTION ATTACK DETECTED!!!',log,t:urlDecode,t:sqlHexDecode,t:lowercase" "id:950001,phase:2,deny,status:403,msg:'SQL Injection: Escape or Comment',log,t:urlDecode,t:lowercase"
# sql injection parte 2 # sql keyword
SecRule REQUEST_URI|ARGS "['\"](?:\s+or\s+\d+\s*=\s*\d+\s*--|\s+or\s+'.+?'\s*=\s*'.+?'\s*--|.*?--)" \ SecRule ARGS "(?i)\b(select|insert|update|delete|drop|union|grant|alter|truncate)\b" \
"id:950002,phase:1,deny,status:403,msg:'SQL INJECTION ATTACK DETECTED!1!',log,t:urlDecode,t:lowercase,t:compressWhitespace" "id:950002,phase:2,deny,status:403,msg:'SQL Injection: Keyword',log,t:urlDecode,t:lowercase"
# xss / html injection # xss / html injection
SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \ SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \