mod_security_crs/SOURCES/mod_security_crs-rule-941310-dont-match-japanese-word.patch

19 lines
1.0 KiB
Diff

diff --git a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
index 3b2376b..504eb26 100644
--- a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
+++ b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
@@ -543,8 +543,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME
ctl:auditLogParts=+E,\
ver:'OWASP_CRS/3.3.5',\
severity:'CRITICAL',\
- setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
- setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
+ chain"
+ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx [^\xe4]\xbc[^\x9a][^\xbe>]*[^\xe7][^\xa4][\xbe>]|<[^\xbe]*[^\xe7][^\xa4]\xbe" \
+ "t:none,t:lowercase,t:urlDecode,t:htmlEntityDecode,t:jsDecode,\
+ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\
+ setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'"
#
# https://nedbatchelder.com/blog/200704/xss_with_utf7.html