-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathwhitelist.conf
85 lines (73 loc) · 2.65 KB
/
whitelist.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
SecRule REQUEST_HEADERS:Content-Type "text/html;" \
"id:2000,\
phase:1,\
pass,\
log,\
ctl:requestBodyProcessor=XML,\
ctl:ruleRemoveById=2001"
SecRule SERVER_NAME "!@endsWith .sshfortress.com" \
"id:2001,\
phase:1,\
deny,\
log"
SecRule REQUEST_HEADERS:Host "www.sshfortress.com" "id:'2002',phase:2,t:none,t:lowercase,pass,nolog,ctl:ruleRemoveById=933120"
SecRuleRemoveById 920420 920450 200002 920170 200007 920600
SecRule REQUEST_URI "@beginsWith /robots.txt" "id:2003,phase:2,pass,nolog,ctl:ruleRemoveById=949110"
SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \
"id:2004,\
phase:1,\
pass,\
nolog,\
ctl:ruleEngine=Off"
SecRule REQUEST_URI "@beginsWith /admin" "chain,phase:1,id:2004,log,deny,status:403,msg:'Allow access to specified IP only'"
SecRule REMOTE_ADDR "!@ipMatch 1.1.1.1"
# SecRule REQUEST_URI "@beginsWith /index.php" \
# "id:1001,\
# phase:1,\
# pass,\
# nolog,\
# ctl:ruleRemoveTargetById=942100;ARGS:password"
# ModSecurity Rule Exclusion: Disable inspection of ARGS:pwd
# for all rules tagged attack-sqli
# SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
# "id:1002,\
# phase:2,\
# pass,\
# nolog,\
# ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:pwd"
# ModSecurity Rule Exclusion: Disable inspection of ARGS:pwd
# for all CRS rules
# SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
# "id:1003,\
# phase:2,\
# pass,\
# nolog,\
# ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pwd"
# SecRule REQUEST_FILENAME "@beginsWith /admin" \
# "id:1004,\
# phase:2,\
# pass,\
# nolog,\
# ctl:ruleRemoveById=941000-942999"
# SecRule REMOTE_ADDR "@ipMatch 10.0.0.0/8" \
# "id:1005,\
# phase:1,\
# pass,\
# nolog,\
# chain"
# SecRule REQUEST_METHOD "@pm GET HEAD" "chain"
# SecRule REQUEST_HEADERS:User-Agent "@pm ELB-HealthChecker" \
# "ctl:ruleRemoveById=911100,\
# ctl:ruleRemoveById=913100,\
# ctl:ruleRemoveById=913110,\
# ctl:ruleRemoveById=913120,\
# ctl:ruleRemoveById=913101,\
# ctl:ruleRemoveById=913102,\
# ctl:ruleRemoveById=920280,\
# ctl:ruleRemoveById=920350,\
# ctl:ruleRemoveByTag=attack-disclosure"
SecRule REQUEST_HEADERS:Host "tx.xx.com" "id:'1014',log,pass,setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT DELETE'"
SecRule REMOTE_ADDR "@ipMatch 115.xxx.xx.xx" "id:1015,phase:1,ctl:ruleEngine=On"
SecRule REQUEST_URI "@beginsWith /plugin/updateCheck" "id:1016,phase:1,nolog,allow"
# Parameters for decoding Base64 encoding
SecRule ARGS:encoded_param "@rx ^