[Owasp-modsecurity-core-rule-set] [BUGFIX] "modsecurity_crs_41_xss_attacks.conf" performance optimization test not working

rm4dillo D rm4dillo at gmail.com
Fri Nov 9 14:13:43 UTC 2012


Hi,

The "base_rules/modsecurity_crs_41_xss_attacks.conf" rules file starts with
a smart rule that checks the presence of some keywords (Ex. script
javascript...) and depending on the result, it decides to run deeper rules
or just skip them. The problem is that the conditional "skip" never works
because it tests the "pm_xss_score" variable which is not initialized.

    SecRule TX:PM_XSS_SCORE "@eq 0"
"phase:2,id:'981018',t:none,pass,skipAfter:END_XSS_CHECK,nolog"

To fix this, I just directive this at the beginning of the file:

    SecAction
"phase:2,rev:'2.2.5',t:none,pass,nolog,setvar:tx.pm_xss_score=0"

It would be nice to fix this in the next core rule set release.

Thank you in advance.

Rm4dillo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20121109/23d11620/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list