# --------------------------------------------------------------- # Core ModSecurity Rule Set ver.2.0.5 # Copyright (C) 2006-2010 Breach Security Inc. All rights reserved. # # The ModSecurity Core Rule Set is distributed under GPL version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # Uncomment the anomaly sections you wish to use. # These rules use the anomaly score settings specified in the 10 config file. # You should also set the desired disruptive action (deny, redirect, etc...). # # Alert and Block based on Anomaly Scores # SecRule TX:ANOMALY_SCORE "@gt 0" \ "chain,phase:2,t:none,nolog,auditlog,block,msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE}, SQLi=%{TX.SQLI_SCORE}, XSS=%{TX.XSS_SCORE}): %{tx.msg}',setvar:tx.inbound_tx_msg=%{tx.msg},setvar:tx.inbound_anomaly_score=%{tx.anomaly_score}" SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_level}" # Alert and Block on a specific attack category such as SQL Injection # #SecRule TX:SQLI_SCORE "@gt 0" \ # "phase:2,t:none,log,block,msg:'SQL Injection Detected (score %{TX.SQLI_SCORE}): %{tx.msg}'"