vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rip

Browse Source
This commit is contained in:
vasco
2026-06-03 11:43:39 +01:00
parent ab3cbb9081
commit 81e6fb8aa4
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
conf/modsecurity.conf
View File

@@ -9,12 +9,8 @@ SecAuditLog /var/log/modsecurity/audit.log
SecRequestBodyJsonParser On SecRequestBodyJsonParser On
# sql injection # sql injection
SecRule ARGS|REQUEST_BODY "['\"].*--" \ SecRule REQUEST_BODY "['\"].*--" \
"id:950001,phase:2,deny,status:403,msg:'SQL Injection: Escape or Comment',log,t:urlDecode,t:lowercase" "id:950001,phase:2,deny,status:403,msg:'SQL Injection: quote and comment',log"
# sql keyword
SecRule ARGS "(?i)\b(select|insert|update|delete|drop|union|grant|alter|truncate)\b" \
"id:950002,phase:2,deny,status:403,msg:'SQL Injection: Keyword',log,t:urlDecode,t:lowercase"
# xss / html injection # xss / html injection
SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \ SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \