The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security Laymans Terms

Discussion in 'Security' started by keat63, Oct 12, 2016.

Tags:
  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Does anyone know of a list of MOD Sec rules, but in Laymans terms, something that explains in Laymans terms what was going on.

    For instance:

    960034: HTTP protocol version is not allowed by policy.
    Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required.

    Means absolutely nothing.

    And then the actual rule text, might as well be in chinese.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    You may find the following OWASP configuration file helpful:

    owasp-modsecurity-crs/modsecurity_crs_30_http_policy.conf at master · SpiderLabs/owasp-modsecurity-crs · GitHub

    For instance, if you search that file for the term "HTTP protocol version is not allowed by policy", you can see additional information about the purpose of the rule in the commented lines. EX:

    Code:
    # Restrict protocol versions.
    #
    # TODO All modern browsers use HTTP version 1.1. For tight security, allow only
    # this version.
    #
    # NOTE Automation programs, both malicious and non malicious many times use
    # other HTTP versions. If you want to allow a specific automated program
    # to use your site, try to create a narrower expection and not allow any
    # client to send HTTP requests in a version lower than 1.1
    #
    SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" "phase:2,t:none,block,msg:'HTTP protocol version is not allowed by policy',severity:'2',rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'9',id:'960034',tag:'OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A6',tag:'PCI/6.5.10',logdata:'%{matched_var}',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED-%{matched_var_name}=%{matched_var}" 
    Thank you.
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thank You.
     
    cPanelMichael likes this.
Loading...

Share This Page