Hi ,
How can I block upload a specific file such as (.jsp/.php)
I configured this rule :
/etc/httpd/modsecurity-crs/base_rules/modsecurity_crs_30_http_policy.conf
with this :
SecAction \
"id:'900012', \
phase:1,
\
t:none, \
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json',
\
setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
setvar:'tx.restricted_extensions=.asa/ .jsp/ .asax/ .ascx/ .axd/ .backup/
.bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/
.csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ \
.idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/
.pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/
.vsdisco/ .webinfo/ .xsd/ .xsx/', \
setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/
/Content-Range/ /Translate/ /via/ /if/', \
nolog, \
pass
But it's don't stop upload .jsp file.
Have you any idea ?
Thank you
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
