Resolves: RHEL-16358 - A form data, "会社"(Company in Japanese) is forbade
with REQUEST-941-APPLICATION-ATTACK-XSS.conf of mod_security_crs
This commit is contained in:
parent
e83f3e411a
commit
8eea142c6a
16
mod_security_crs-rule-941310-dont-match-japanese-word.patch
Normal file
16
mod_security_crs-rule-941310-dont-match-japanese-word.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
--- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2020-07-01 18:38:19.000000000 +0200
|
||||||
|
+++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf 2023-02-16 09:14:52.151838881 +0100
|
||||||
|
@@ -543,8 +543,11 @@
|
||||||
|
ctl:auditLogParts=+E,\
|
||||||
|
ver:'OWASP_CRS/3.3.4',\
|
||||||
|
severity:'CRITICAL',\
|
||||||
|
- setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
|
||||||
|
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
|
||||||
|
+ chain"
|
||||||
|
+ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx [^\xe4]\xbc[^\x9a][^\xbe>]*[^\xe7][^\xa4][\xbe>]|<[^\xbe]*[^\xe7][^\xa4]\xbe" \
|
||||||
|
+ "t:none,t:lowercase,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\
|
||||||
|
+ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
|
||||||
|
+ setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
|
||||||
|
|
||||||
|
#
|
||||||
|
# https://nedbatchelder.com/blog/200704/xss_with_utf7.html
|
@ -1,7 +1,7 @@
|
|||||||
Summary: ModSecurity Rules
|
Summary: ModSecurity Rules
|
||||||
Name: mod_security_crs
|
Name: mod_security_crs
|
||||||
Version: 3.3.4
|
Version: 3.3.4
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
|
URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
|
||||||
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
|
||||||
@ -9,13 +9,16 @@ BuildArch: noarch
|
|||||||
Requires: mod_security >= 2.9.6
|
Requires: mod_security >= 2.9.6
|
||||||
Obsoletes: mod_security_crs-extras < 3.0.0
|
Obsoletes: mod_security_crs-extras < 3.0.0
|
||||||
Patch0: mod_security_crs-early-blocking.patch
|
Patch0: mod_security_crs-early-blocking.patch
|
||||||
|
# https://issues.redhat.com/browse/RHEL-16358
|
||||||
|
Patch1: mod_security_crs-rule-941310-dont-match-japanese-word.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package provides the base rules for mod_security.
|
This package provides the base rules for mod_security.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n coreruleset-%{version}
|
%setup -q -n coreruleset-%{version}
|
||||||
%patch0 -p1 -b.early_blocking
|
%patch0 -p1 -b .early_blocking
|
||||||
|
%patch1 -p1 -b .rule_941310
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -48,6 +51,10 @@ done
|
|||||||
%{_datarootdir}/mod_modsecurity_crs
|
%{_datarootdir}/mod_modsecurity_crs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Feb 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-2
|
||||||
|
- Resolves: RHEL-16358 - A form data, "会社"(Company in Japanese) is forbade
|
||||||
|
with REQUEST-941-APPLICATION-ATTACK-XSS.conf of mod_security_crs
|
||||||
|
|
||||||
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
|
* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
|
||||||
- new version 3.3.4
|
- new version 3.3.4
|
||||||
- Resolves: #2143210 - [RFE] upgrade mod_security_crs to latest upstream 3.3.x
|
- Resolves: #2143210 - [RFE] upgrade mod_security_crs to latest upstream 3.3.x
|
||||||
|
Loading…
Reference in New Issue
Block a user