# --------------------------------------------------------------- # Core ModSecurity Rule Set ver.2.2.8 # Copyright (C) 2006-2012 Trustwave All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # This file is used as an exception mechanism to remove common false positives # that may be encountered. # # Exception for Apache SSL pinger # SecRule REQUEST_LINE "^GET /$" "chain,phase:2,id:'981020',t:none,pass,nolog" SecRule REMOTE_ADDR "^(127\.0\.0\.|\:\:)1$" "chain,t:none" SecRule TX:'/PROTOCOL_VIOLATION\\\/MISSING_HEADER/' ".*" "chain,setvar:tx.missing_header=+1,setvar:tx.missing_header_%{tx.missing_header}=%{matched_var_name}" SecRule TX:'/MISSING_HEADER_/' "TX\:(.*)" "capture,t:none,setvar:!tx.%{tx.1}" # # Exception for Apache internal dummy connection # SecRule REQUEST_LINE "^(GET /|OPTIONS \*) HTTP/1.0$" "chain,phase:2,id:'981021',t:none,pass,nolog" SecRule REMOTE_ADDR "^(127\.0\.0\.|\:\:)1$" "chain,t:none" SecRule REQUEST_HEADERS:User-Agent "^.*\(internal dummy connection\)$" "t:none,t:none,chain" SecRule TX:'/PROTOCOL_VIOLATION\\\/MISSING_HEADER/' ".*" "chain,setvar:tx.missing_header=+1,setvar:tx.missing_header_%{tx.missing_header}=%{matched_var_name}" SecRule TX:'/MISSING_HEADER_/' "TX\:(.*)" "capture,t:none,setvar:!tx.%{tx.1}" # # Exception for Adobe Flash Player # https://www.modsecurity.org/tracker/browse/CORERULES-57 # SecRule REQUEST_METHOD "@streq POST" "chain,phase:2,id:'981022',t:none,pass,nolog" SecRule REQUEST_HEADERS:User-Agent "@contains Adobe Flash Player" "chain,t:none" SecRule REQUEST_HEADERS:X-Flash-Version ".*" "chain,t:none" SecRule REQUEST_HEADERS:Content-Type "@contains application/x-amf" "chain,t:none" SecRule TX:'/PROTOCOL_VIOLATION\\\/MISSING_HEADER/' ".*" "chain,setvar:tx.missing_header=+1,setvar:tx.missing_header_%{tx.missing_header}=%{matched_var_name}" SecRule TX:'/MISSING_HEADER_/' "TX\:(.*)" "capture,t:none,setvar:!tx.%{tx.1},setvar:tx.anomaly_score=-5"