Fix patch for early blocking

Related: rhbz#2115313
2022-08-05 13:21:57 +02:00 · 2022-08-05 13:21:57 +02:00 · 0e3df4b5c0
commit 0e3df4b5c0
parent 5ac54f1ac0
2 changed files with 5 additions and 139 deletions
--- a/mod_security_crs-early-blocking.patch
+++ b/mod_security_crs-early-blocking.patch
@ -176,144 +176,6 @@ index 5f370a1..338ce88 100644
 
 
 SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-diff --git a/rules/REQUEST-949-BLOCKING-EVALUATION.conf.orig b/rules/REQUEST-949-BLOCKING-EVALUATION.conf.orig
-new file mode 100644
-index 0000000..5f370a1
--- /dev/null
-+++ b/rules/REQUEST-949-BLOCKING-EVALUATION.conf.orig
-@@ -0,0 +1,132 @@
-+# ------------------------------------------------------------------------
-+# OWASP ModSecurity Core Rule Set ver.3.3.0
-+# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
-+#
-+# The OWASP ModSecurity Core Rule Set is distributed under
-+# Apache Software License (ASL) version 2
-+# Please see the enclosed LICENSE file for full details.
-+# ------------------------------------------------------------------------
-+
-+#
-+# -= Paranoia Level 0 (empty) =- (apply unconditionally)
-+#
-+
-+# Summing up the anomaly score.
-+
-+# NOTE: tx.anomaly_score should not be set initially, but masking would lead to difficult bugs.
-+# So we add to it.
-+SecRule TX:PARANOIA_LEVEL "@ge 1" \
-+    "id:949060,\
-+    phase:2,\
-+    pass,\
-+    t:none,\
-+    nolog,\
-+    setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl1}'"
-+
-+SecRule TX:PARANOIA_LEVEL "@ge 2" \
-+    "id:949061,\
-+    phase:2,\
-+    pass,\
-+    t:none,\
-+    nolog,\
-+    setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl2}'"
-+
-+SecRule TX:PARANOIA_LEVEL "@ge 3" \
-+    "id:949062,\
-+    phase:2,\
-+    pass,\
-+    t:none,\
-+    nolog,\
-+    setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl3}'"
-+
-+SecRule TX:PARANOIA_LEVEL "@ge 4" \
-+    "id:949063,\
-+    phase:2,\
-+    pass,\
-+    t:none,\
-+    nolog,\
-+    setvar:'tx.anomaly_score=+%{tx.anomaly_score_pl4}'"
-+
-+
-+SecMarker "BEGIN-REQUEST-BLOCKING-EVAL"
-+
-+# These rules use the anomaly score settings specified in the 10 config file.
-+# You should also set the desired disruptive action (deny, redirect, etc...).
-+#
-+# -=[ IP Reputation Checks ]=-
-+#
-+# Block based on variable IP.REPUT_BLOCK_FLAG and TX.DO_REPUT_BLOCK
-+#
-+SecRule IP:REPUT_BLOCK_FLAG "@eq 1" \
-+    "id:949100,\
-+    phase:2,\
-+    deny,\
-+    log,\
-+    msg:'Request Denied by IP Reputation Enforcement',\
-+    logdata:'Previous Block Reason: %{ip.reput_block_reason}',\
-+    tag:'application-multi',\
-+    tag:'language-multi',\
-+    tag:'platform-multi',\
-+    tag:'attack-reputation-ip',\
-+    ver:'OWASP_CRS/3.3.0',\
-+    severity:'CRITICAL',\
-+    chain"
-+    SecRule TX:DO_REPUT_BLOCK "@eq 1" \
-+        "setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
-+
-+#
-+# -=[ Anomaly Mode: Overall Transaction Anomaly Score ]=-
-+#
-+SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
-+    "id:949110,\
-+    phase:2,\
-+    deny,\
-+    t:none,\
-+    log,\
-+    msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
-+    tag:'application-multi',\
-+    tag:'language-multi',\
-+    tag:'platform-multi',\
-+    tag:'attack-generic',\
-+    ver:'OWASP_CRS/3.3.0',\
-+    severity:'CRITICAL',\
-+    setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
-+
-+
-+
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+#
-+# -= Paranoia Level 1 (default) =- (apply only when tx.executing_paranoia_level is sufficiently high: 1 or higher)
-+#
-+
-+
-+
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+#
-+# -= Paranoia Level 2 =- (apply only when tx.executing_paranoia_level is sufficiently high: 2 or higher)
-+#
-+
-+
-+
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+#
-+# -= Paranoia Level 3 =- (apply only when tx.executing_paranoia_level is sufficiently high: 3 or higher)
-+#
-+
-+
-+
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+SecRule TX:EXECUTING_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,skipAfter:END-REQUEST-949-BLOCKING-EVALUATION"
-+#
-+# -= Paranoia Level 4 =- (apply only when tx.executing_paranoia_level is sufficiently high: 4 or higher)
-+#
-+
-+
-+
-+#
-+# -= Paranoia Levels Finished =-
-+#
-+SecMarker "END-REQUEST-949-BLOCKING-EVALUATION"
 diff --git a/rules/RESPONSE-950-DATA-LEAKAGES.conf b/rules/RESPONSE-950-DATA-LEAKAGES.conf
 index c34607e..a192359 100644
 --- a/rules/RESPONSE-950-DATA-LEAKAGES.conf
--- a/mod_security_crs.spec
+++ b/mod_security_crs.spec
@ -1,7 +1,7 @@
 Summary: ModSecurity Rules
 Name: mod_security_crs
 Version: 3.3.0
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: ASL 2.0
 URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
 Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
@ -46,6 +46,10 @@ done
 %{_datarootdir}/mod_modsecurity_crs

 %changelog
+* Fri Aug 05 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-5
+- Fix patch for early blocking
+- Related: rhbz#2115313
+
 * Thu Aug 04 2022 Tomas Korbar <tkorbar@redhat.com> - 3.3.0-4
 - Backport early blocking feature
 - Resolves: rhbz#2115313