vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kys13

Browse Source
This commit is contained in:
vasco
2026-06-02 23:20:25 +01:00
parent e9616a8c7c
commit 0f3e2044a0
7 changed files with 50 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
conf/modsecurity.conf
View File

@@ -9,23 +9,24 @@ SecAuditLog /var/log/modsecurity/audit.log
# sql injection
SecRule REQUEST_URI|ARGS "['\";]|--" \
"id:950001,phase:1,deny,status:403,msg:'SQL Injection Attack Detected',log"
SecRule REQUEST_URI|ARGS "(?i:(?:select|insert|update|delete|drop|union|create|alter|truncate)\s+.+\s+from|'[^']*'|--|;|\b(or|and)\b\s+\d+\s*=\s*\d+)" \
"id:950001,phase:1,deny,status:403,msg:'SQL INJECTION ATTACK DETECTED!!!',log,t:urlDecode,t:sqlHexDecode,t:lowercase"
# xss / html injection
SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \
"id:950003,phase:1,deny,status:403,msg:'XSS/HTML Injection Detected',log"
"id:950003,phase:1,deny,status:403,msg:'XSS/HTML INJECTION DETECTED!!!',log"
# command injection
SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
"id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log"
"id:950006,phase:2,deny,status:403,msg:'COMMAND INJECTION DETECTED!!!',log"
# path traversal
SecRule REQUEST_URI|ARGS "\%00|\%2500|\.\./|ftp|metrics|api-docs" \
"id:950007,phase:2,deny,status:403,msg:'Path traversal attempt',log"
"id:950007,phase:2,deny,status:403,msg:'PATH TRAVERSAL ATTEMPT!!!',log"
# exposed stuff (redundante ?)
SecRule REQUEST_URI|ARGS "\%00|\%2500|ftp|metrics|api-docs" \
"id:950008,phase:2,deny,status:500,msg:'Attempt to access ftp, metrics, api-docs',log"
"id:950008,phase:2,deny,status:500,msg:'ATTEMPT TO ACCESS FTP, METRICS, API-DOCS!!!',log"
# rate limiting on login endpoint
# (max 5 requests per 30s per IP)