Sophie

Sophie

distrib > Mageia > 2 > i586 > by-pkgid > d519273e7fde65e9362663609bd63926 > files > 26

apache-mod_security-2.6.3-3.3.mga2.i586.rpm

# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.0.5
# Copyright (C) 2006-2010 Breach Security Inc. All rights reserved.
#
# The ModSecurity Core Rule Set is distributed under GPL version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


#
# The rules in this file are considered experimental/beta rules.  They attempt to address
# some advanced attacks, use some new ModSecurity features or new rules language techniques.
#

#
# HTTP Parameter Pollution (HPP)
#
# One HPP attack vector is to try evade signature filters by distributing the attack payload
# across multiple parameters with the same name.  This works as many security devices only
# apply signatures to individual parameter payloads, however the back-end web application
# may (in the case of ASP.NET) consolidate all of the payloads into one thus making the 
# attack payload active.
#
# -=[ Rules Logic }=-
# The ruleset below is not looking for attacks directly, but rather is a crude normalization
# function that mimics ASP.NET with regards to joining the payloads of parameters with the
# same name.  These rules will create a new TX:HPP_DATA variable that will hold this data.
# If you have enabled PARANOID_MODE, then this variable data will also be searched against
# attack filters.
#
# -=[ References ]=-
# http://tacticalwebappsec.blogspot.com/2009/05/http-parameter-pollution.html
#  

SecRule ARGS "^" "chain,phase:2,t:none,nolog,pass,capture,id:'960022',rev:'2.0.5',setvar:tx.%{matched_var_name}=+1"
        SecRule TX:/^ARGS:/ "@gt 1" "chain,t:none"
                SecRule MATCHED_VAR_NAME "TX:(ARGS:.*)" "chain,capture,t:none,setvar:tx.hpp_names=%{tx.1}"
			SecRule ARGS ".*" "chain,t:none,capture,setvar:tx.arg_counter=+1,setvar:'tx.hppnamedata_%{tx.arg_counter}=%{matched_var_name}=%{tx.0}'"
        			SecRule TX:/HPPNAMEDATA_/ "@contains %{tx.hpp_names}" "chain,setvar:tx.hpp_counter=+1,setvar:tx.hpp_counter_%{tx.hpp_counter}=%{matched_var}"
                			SecRule TX:/HPP_COUNTER_/ "ARGS:(.*)?=(.*)" "capture,setvar:'tx.hpp_data=%{tx.hpp_data},%{tx.2}'"

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional