OWASP ModSecurity CRS (SpiderLabs OWASP)

OWASP ModSecurity CRS

OWASP ModSecurity CRS (SpiderLabs OWASP)

=============================
The OWASP (Open Web Application Security Project) ModSecurity™ CRS (Core Rule Set) is a set of rules that Apache's ModSecurity™ module can use to help protect your server. While these rules do not make your server impervious to attacks, they greatly increase the amount of protection for your web applications.

Why should I use the OWASP ModSecurity rule set?
================================
Protection from insecure web application design — ModSecurity rule sets can provide a layer of protection for web applications such as WordPress, phpBB, or other types of web applications. It can potentially protect against vulnerabilities in out-of-date web applications that your customers have not patched. If the developer of an application makes a security mistake, ModSecurity may block a security attack before it can access the vulnerable application.

Protection against operating system level attack — ModSecurity rule sets can protect against attacks that exploit the operating system of your server. For example, in 2014, there was a security flaw in the Bash shell program that linux servers use. Security experts created ModSecurity rules to disallow the use of the exploit thought Apache. Server administrators took advantage of these ModSecurity rules and added additional security to their system until the release of a security patch for Bash shell.

Protect against generalized malicious traffic — Some of the security threats that server administrators face may not directly attack a program or application on your server. DoS (Denial of Service) attacks, for example, are common attacks. It is possible to reduce or mitigate the impact of such malicious traffic through the use of ModSecurity rules.


RULES ADD HERE
============

REQUEST-01-COMMON-EXCEPTIONS
Other rules may incorrectly flag some traffic as bad (false positive). The rules in this configuration file detects those false positives and allows the traffic to pass through.

REQUEST-10-IP-REPUTATION
The rule in this configuration file denies traffic from IP addresses that are involved in malicious activity or are in a region known for high rates of malicious activity

REQUEST-12-DOS-PROTECTION
The rules in this configuration file attempt to reduce the impact of DoS (Denial of Service) attacks on your server.

REQUEST-13-SCANNER-DETECTION
The rules in this configuration file use the request headers to block requests from known security scanner software.

REQUEST-20-PROTOCOL-ENFORCEMENT
The rules in this configuration file enable enforcement of certain HTTP restrictions on invalid or unusable data sent from clients. Block these request to help prevent the exploitation of a web application that did not expect the request.

REQUEST-21-PROTOCOL-ATTACK
The rules in this configuration file enable specific checks for requests to mitigate HTTP Request Smuggling and Response Splitting attacks. These attacks can cause HTTP servers and proxies to mistakenly accept or return data that hide from other checks or rules due to a false Content-Length.

REQUEST-30-APPLICATION-ATTACK-LFI
The rules in this configuration file enable protection against Local File Inclusion (LFI) attacks. During a LFI attack, a malicious client causes an application to serve or otherwise process a file from the local server's file system. These local server files would not normally be publicly accessible.

REQUEST-31-APPLICATION-ATTACK-RFI
The rules in this configuration file enable protection against RFI (Remote File Inclusion) attacks. During a RFI attack, a malicious client exploits the server's software to embed a client-specified file into the content of the page.

REQUEST-41-APPLICATION-ATTACK-SQLI
The rules in this configuration file enables protection against SQL injection attacks. During a SQL injection attack, a client is able to pass a specially crafted HTTP request to the server. This HTTP request causes the server to mistakenly execute a malicious query.

REQUEST-43-APPLICATION-ATTACK-SESSION-FIXATION
The rules in this configuration file enable protection against Session Fixation attacks. During a Session Fixation attack, attackers to force a user's session ID to be predictable. With the session ID, the attacker can take over a session that belongs to another user.

REQUEST-49-BLOCKING-EVALUATION
The rules in this configuration file blocks traffic that various other configuration files request.

RESPONSE-50-DATA-LEAKAGES-IIS
The rules in this configuration file enable protection against data leakages that relate to the Microsoft IIS web server.

RESPONSE-50-DATA-LEAKAGES-JAVA
The rule in this configuration file attempts to prevent that exposure of details about server-side Java applications to the client.

RESPONSE-50-DATA-LEAKAGES-PHP
The rules in this configuration file enable protection against PHP-related data and source code leakage from the server to the client.

RESPONSE-50-DATA-LEAKAGES
The rules in this configuration file enable protection against certain types of data leakages from the server to the client.

RESPONSE-51-DATA-LEAKAGES-SQL
The rules in this configuration file enable protection against the leakage of inappropriate types of internal database information from the server to clients.

RESPONSE-59-BLOCKING-EVALUATION
The rules in this configuration file enable a rule that blocks flagged anomalous traffic. This classification can occur as a result of hits that other configuration files produce.

RESPONSE-80-CORRELATION
The rules in this configuration file facilitate the gathering of data about successful and unsuccessful attacks on the server.

  • 0 brukere syntes dette svaret var til hjelp
Var dette svaret til hjelp?

Relaterte artikler

Protection Against DoS and DDoS Attacks

What is a Denial of Service (DoS) attack? A Denial of Service attack is designed to render a...

AnyCast DNS Protection

anycast dns protection Anycast is a networking and routing technique in which the same IP...