vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oops

Browse Source
This commit is contained in:
vasco
2026-05-31 21:53:41 +01:00
parent 51060422d1
commit c7b5f0e436
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
conf/modsecurity.conf
View File

@@ -16,9 +16,22 @@ SecRule ARGS "<.*>" \
"id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log" "id:950003,phase:2,deny,status:403,msg:'XSS/HTML Injection Detected',log"
# command injection # command injection
SecRule ARGS "exec|cat|more|ls|dir|/etc/passwd" \ SecRule ARGS "(\"role\".*:.*\"admin\")|exec|cat|more|ls|dir|/etc/passwd" \
"id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log" "id:950006,phase:2,deny,status:403,msg:'Command Injection Detected',log"
# path traversal # path traversal
SecRule ARGS "(\./|\.\./)|ftp|metrics|api-docs" \ SecRule ARGS "(\./|\.\./)|ftp|metrics|api-docs" \
"id:950007,phase:2,deny,status:403,msg:'Path Traversal Attempt',log" "id:950007,phase:2,deny,status:403,msg:'Path Traversal Attempt',log"
# exposed stuff
SecRule REQUEST_URI "ftp|metrics|api-docs" \
"id:950008,phase:2,deny,status:500,msg:'Attempt to access ftp, metrics, api-docs',log"
# rate limiting on login endpoint
# (max 5 requests per 30s per IP)
SecAction \
"id:950009,phase:1,initcol:ip=%{REMOTE_ADDR},pass,nolog"
SecRule REQUEST_URI "@streq /rest/user/login" \
"id:950010,phase:2,pass,nolog,setvar:ip.login_count=+1,expirevar:ip.login_count=30"
SecRule IP:LOGIN_COUNT "@gt 5" \
"id:950011,phase:2,deny,status:429,msg:'Rate Limit Exceeded on Login',log"