[Owasp-modsecurity-core-rule-set] Can't process with allowing "application/x-git-upload-pack-request" in CRS

Chaim Sanders chaim at chaimsanders.com
Fri Jul 6 21:03:09 UTC 2018


For completeness can we have the version of CRS and the version of modsec
you're running?

On Fri, Jul 6, 2018, 3:56 PM Shakitko, Ilia <ilia.shakitko at accenture.com>
wrote:

> Hi ModSecurity CRS Mailing List members,
>
>
>
> I am running into issue with CI for my GitLab. After enabling mod_security
> (crs-3.0.0), I’ve got few errors and latest one I am not able to resolve –
> it relates to the request content type (
> application/x-git-upload-pack-request) is not allowed by policy. I found
> two places where I can add exception to allow content types, but enabling
> this doesn’t work -> please see the log below.
>
>
>
> *Files:*
>
> /usr/local/owasp-modsecurity-crs-3.0.0/crs-setup.conf
>
> and
>
>
> /usr/local/owasp-modsecurity-crs-3.0.0/rules/REQUEST-901-INITIALIZATION.conf
>
>
>
> *Result is still:*
>
>
>
> ModSecurity: Warning. Matched "Operator Rx' with parameter^application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/x-git-upload-pack-request'$'
> against variable TX:0' (Value:application/x-git-upload-pack-request' )
> [file
> "/usr/local/owasp-modsecurity-crs-3.0.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"]
> [line "911"] [id "920420"] [rev "2"] [msg "Request content type is not
> allowed by policy"] [data "application/x-git-upload-pack-request"]
> [severity "2"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag
> "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag
> "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag
> "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag
> "PCI/12.1"] [hostname "23.100.14.202"] [uri
> "/ilia.shakitko/pass357.git/git-upload-pack"] [unique_id
> "153088618260.910992"] [ref "v0,4o0,37o0,37v232,37"]
> ModSecurity: Access denied with code 403 (phase 2). Matched "Operator Ge'
> with parameter5' against variable TX:ANOMALY_SCORE' (Value:5' ) [file
> "/usr/local/owasp-modsecurity-crs-3.0.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"]
> [line "36"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded
> (Total Score: 5)"] [data ""] [severity "2"] [ver ""] [maturity "0"]
> [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag
> "platform-multi"] [tag "attack-generic"] [hostname "23.100.14.202"] [uri
> "/ilia.shakitko/pass357.git/git-upload-pack"] [unique_id
> "153088618260.910992"] [ref ""]
>
>
>
> What am I doing wrong? And how to win the challenge? Looks like the
> changes I mage should just work…
>
>
>
> Thank you in advance.
>
>
>
> Met vriendelijke groet / With kind regards,
>
>
>
> *Ilia Shakitko*
>
>
>
>
>
> ------------------------------
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy. Your privacy is important to us.
> Accenture uses your personal data only in compliance with data protection
> laws. For further information on how Accenture processes your personal
> data, please see our privacy statement at
> https://www.accenture.com/us-en/privacy-policy.
>
> ______________________________________________________________________________________
>
> www.accenture.com
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180706/48d619cd/attachment-0001.html>


More information about the Owasp-modsecurity-core-rule-set mailing list