[Owasp-modsecurity-core-rule-set] Can't process with allowing "application/x-git-upload-pack-request" in CRS

Shakitko, Ilia ilia.shakitko at accenture.com
Fri Jul 6 14:53:31 UTC 2018


Hi ModSecurity CRS Mailing List members,

I am running into issue with CI for my GitLab. After enabling mod_security (crs-3.0.0), I’ve got few errors and latest one I am not able to resolve – it relates to the request content type (application/x-git-upload-pack-request) is not allowed by policy. I found two places where I can add exception to allow content types, but enabling this doesn’t work -> please see the log below.

Files:
/usr/local/owasp-modsecurity-crs-3.0.0/crs-setup.conf
and
/usr/local/owasp-modsecurity-crs-3.0.0/rules/REQUEST-901-INITIALIZATION.conf

Result is still:

ModSecurity: Warning. Matched "Operator Rx' with parameter^application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/x-git-upload-pack-request'$' against variable TX:0' (Value:application/x-git-upload-pack-request' ) [file "/usr/local/owasp-modsecurity-crs-3.0.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "911"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/x-git-upload-pack-request"] [severity "2"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "23.100.14.202"] [uri "/ilia.shakitko/pass357.git/git-upload-pack"] [unique_id "153088618260.910992"] [ref "v0,4o0,37o0,37v232,37"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator Ge' with parameter5' against variable TX:ANOMALY_SCORE' (Value:5' ) [file "/usr/local/owasp-modsecurity-crs-3.0.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "36"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver ""] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "23.100.14.202"] [uri "/ilia.shakitko/pass357.git/git-upload-pack"] [unique_id "153088618260.910992"] [ref ""]

What am I doing wrong? And how to win the challenge? Looks like the changes I mage should just work…

Thank you in advance.

Met vriendelijke groet / With kind regards,

Ilia Shakitko



________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180706/ee396aa0/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list