[Owasp-modsecurity-core-rule-set] New CRS Release - v2.0.5
rcbarnett at gmail.com
Fri Feb 5 16:03:13 EST 2010
Version 2.0.5 - 02/01/2100
- Removed previous 10 config files as they may conflict with local customized Mod configs.
- Added a new 10 config file that allows the user to globally set TX variables to turn on/off
PARANOID_MODE inspection, set anomaly score levels and http policies.
Must have ModSecurity 2.5.12 to use the macro expansion in numeric operators.
- Added Rule Logic and Reference links to rules descriptions.
- Added Rule IDs to all rules.
- Added tag data mapping to new OWASP Top 10 and AppSensor Projects, WASC Threat
- Removed Apache limit directives from the 23 file
- Added macro expansion to 23 file checks.
- Added @pmFromFile check to 35 bad robots file
- Added malicious UA strings to 35 bad robots check
- Created an experimental rules file
- Updated HTTP Parameter Pollution (HPP) rule logic to concat data into a TX variable for
- Removed TX inspections for generic attacks and reverted to standard ARGS inspection
- Updated the variable list for standard inspections (ARGS|ARGS_NAMES|XML:/*) and moved
the other variables to the PARANOID list (REQUEST_URI|REQUEST_BODY|REQUEST_HEADERS|
- Moved converted ET Snort rules to the /optional_rules directory
- Created a new Header Tagging ruleset (optional_rules) that will add matched rule data to
the request headers.
- Updated Inbound blocking conf file to use macro expansion from the 10 config file settings
- Added separate anomaly scores for inbound, outbound and total to be evaluated for
- Updated the regex logic in the (1=1) rule to factor in quotes and other logical
- Updated the SPAMMER RBL check rules logic to only check once per IP/Day.
- Added new outbound malware link detection rules.
- Added PHP "call_user_func" to blacklist
Identified by SOGETI ESEC R&D
- Removed Non-numeric Rule IDs
- Updated the variable list on SQLi rules.
- Fixed outbound @pmFromFile action from allow to skipAfter to allow for outbound anomaly
scoring and blocking
Ryan C. Barnett
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security
More information about the Owasp-modsecurity-core-rule-set