# --------------------------------------------------------------- # Core ModSecurity Rule Set ver.2.2.8 # Copyright (C) 2006-2012 Trustwave All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENCE file for full details. # --------------------------------------------------------------- # # The rules in this file will cause ModSecurity to let requests for static # content go into the server without being examined (mostly media content). # This can reduce the load on the server considerably. # # This ruleset will skip all tests for media files, but will skip only the # request body phase (phase 2) for text files. To skip the outbound stage # for text files, add file 47 (skip_outbound_checks) to your configuration, # in addition to this file # # NOTE If you are using mod_rewrite to rewrite URLs, please keep in mind # that some URLs may seem static, when they are not. for example, # if you have a rule like this in your configuration: # RewriteRule (.*).gif images.php?id=$1 [QSA] # then requests to the gif files will pass through ModSecurity without # inspection. # # We skip inspection GET & HEAD requests that have no parameters # and that end with static content file extension SecRule REQUEST_METHOD "^(?:GET|HEAD)$" "chain,phase:2,t:none,skip:1,pass,nolog,id:'900040',severity:'6'" SecRule &ARGS "@eq 0" "t:none,setvar:tx.no_parameters=1" SecAction "phase:2,id:'900041',t:none,nolog,pass,skipAfter:END_STATIC_CONTENT_CHECK" # Determine actions based on static file extensions # Images SecRule REQUEST_FILENAME "\.(?:(?:jpe?|pn)g|gif|ico)$" "phase:2,t:none,t:lowercase,allow,nolog,id:'900042',severity:'6'" # Documents SecRule REQUEST_FILENAME "\.(?:doc|pdf|txt|xls)$" "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'900043',severity:'6'" # HTML SecRule REQUEST_FILENAME "\.(?:(?:cs|j)s|html?)$" "phase:2,t:none,t:lowercase,setvar:tx.text_file_extension=1,allow:phase,nolog,id:'999005',severity:'6'" # Media files SecRule REQUEST_FILENAME "\.(?:mp(?:e?g|3)|avi|flv|swf|wma)$" "phase:2,t:none,t:lowercase,allow,nolog,id:'999006',severity:'6'" SecMarker END_STATIC_CONTENT_CHECK