Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <script>alert(1)</script>
- # -- Rule engine initialization ----------------------------------------------
- # Enable ModSecurity, attaching it to every transaction. Use detection
- # only to start with, because that minimises the chances of post-installation
- # disruption.
- #
- #SecRuleEngine DetectionOnly
- SecRuleEngine On
- # -- Request body handling ---------------------------------------------------
- # Allow ModSecurity to access request bodies. If you don't, ModSecurity
- # won't be able to see any POST parameters, which opens a large security
- # hole for attackers to exploit.
- #
- SecRequestBodyAccess On
- # Enable XML request body parser.
- # Initiate XML Processor in case of xml content-type
- #
- SecRule REQUEST_HEADERS:Content-Type "text/xml"
- "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
- # Maximum request body size we will accept for buffering. If you support
- # file uploads then the value given on the first line has to be as large
- # as the largest file you are willing to accept. The second value refers
- # to the size of data, with files excluded. You want to keep that value as
- # low as practical.
- #
- SecRequestBodyLimit 13107200
- SecRequestBodyNoFilesLimit 131072
- # Store up to 128 KB of request body data in memory. When the multipart
- # parser reachers this limit, it will start using your hard disk for
- # storage. That is slow, but unavoidable.
- #
- SecRequestBodyInMemoryLimit 131072
- # What do do if the request body size is above our configured limit.
- # Keep in mind that this setting will automatically be set to ProcessPartial
- # when SecRuleEngine is set to DetectionOnly mode in order to minimize
- # disruptions when initially deploying ModSecurity.
- #
- SecRequestBodyLimitAction Reject
- # Verify that we've correctly processed the request body.
- # As a rule of thumb, when failing to process a request body
- # you should reject the request (when deployed in blocking mode)
- # or log a high-severity alert (when deployed in detection-only mode).
- #
- SecRule REQBODY_ERROR "!@eq 0"
- "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
- # By default be strict with what we accept in the multipart/form-data
- # request body. If the rule below proves to be too strict for your
- # environment consider changing it to detection-only. You are encouraged
- # _not_ to remove it altogether.
- LoadFile /usr/lib/i386-linux-gnu/libxml2.so
- LoadFile /usr/lib/i386-linux-gnu/liblua5.1.so
- LoadModule security2_module /usr/local/lib/mod_security2.so
- <IfModule !mod_security2.c>
- error_mod_security_is_not_loaded
- </IfModule>
- <IfModule mod_security2.c>
- Include "/etc/modsecurity/activated_rules/*.conf"
- Include /etc/modsecurity/*.conf
- </IfModule>
- Message: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/activated_rules/modsecurity_crs_20_protocol_violations.conf"] [line "312"] [id "960012"] [rev "1"] [msg "POST request missing Content-Length Header."] [data "0"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"]
- Message: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/modsecurity/activated_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "POST"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"]
- Message: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/modsecurity/activated_rules/modsecurity_crs_30_http_policy.conf"] [line "64"] [id "960010"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/x-www-form-urlencoded"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"]
- Message: Warning. Pattern match "(?i:([\s'"`xc2xb4xe2x80x99xe2x80x98\(\)]*?)\b([\d\w]++)([\s'"`xc2xb4xe2x80x99xe2x80x98\(\)]*?)(?:(?:=|<=>|r?like|sounds\s+like|regexp)([\s'"`xc2xb4xe2x80x99xe2x80x98\(\)]*?)\2\b|(?:!=|<=|>=|<>|<|>|\^|is\s+not ..." at ARGS_NAMES:<script>alert(1)</script>. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(1)</script>: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
- Message: Warning. Pattern match "([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;"\'\xc2xb4\xe2x80x99\xe2x80x98\`\<\>].*?){4,}" at ARGS_NAMES:<script>alert(1)</script>. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:<script>alert(1)</script>: <script>alert(1)</script>"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]
- Message: Warning. Pattern match "\balert\b\W*?\(" at ARGS_NAMES:<script>alert(1)</script>. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:<script>alert(1)</script>: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"]
- Message: Warning. Pattern match "\< ?script\b" at ARGS_NAMES:<script>alert(1)</script>. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "211"] [id "958051"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: <script found within ARGS_NAMES:<script>alert(1)</script>: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"]
- Message: Warning. Pattern match "<(a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|h ..." at ARGS_NAMES:<script>alert(1)</script>. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "301"] [id "973300"] [rev "2"] [msg "Possible XSS Attack Detected - HTML Tag Handler"] [data "Matched Data: <script> found within ARGS_NAMES:<script>alert(1)</script>: <script>alert(1)</script>"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"]
- Message: Warning. Pattern match "(fromcharcode|alert|eval)\s*\(" at ARGS_NAMES:<script>alert(1)</script>. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "391"] [id "973307"] [rev "2"] [msg "XSS Attack Detected"] [data "Matched Data: alert( found within ARGS_NAMES:<script>alert(1)</script>: <script>alert(1)</script>"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"]
- Message: Warning. Pattern match "(?i:<script.*?>)" at ARGS_NAMES:<script>alert(1)</script>. [file "/etc/modsecurity/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "472"] [id "973331"] [rev "2"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <script> found within ARGS_NAMES:<script>alert(1)</script>: <script>alert(1)</script>"] [ver "OWASP_CRS/2.2.9"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"]
- Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/modsecurity/activated_rules/modsecurity_crs_60_correlation.conf"] [line "37"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33, SQLi=6, XSS=25): IE XSS Filters - Attack Detected."]
- Apache-Handler: application/x-httpd-php
- Stopwatch: 1410989836928471 21584 (- - -)
- Stopwatch2: 1410989836928471 21584; combined=9852, p1=2043, p2=6830, p3=7, p4=532, p5=439, sr=172, sw=1, l=0, gc=0
- Response-Body-Transformed: Dechunked
- Producer: ModSecurity for Apache/2.7.5 (http://www.modsecurity.org/); OWASP_CRS/2.2.9.
- Server: Apache/2.2.22 (Ubuntu)
- Engine-Mode: "ENABLED"
- --741c3b08-Z--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement