..
Owasp Crs copy
Rule creation
OWASP1 provides many great open source tools to enhance security. One I value most at the moment is the OWASP Coreruleset. Together with ModSecurity it makes a perfect WAF. I also wrote about it earlier here; ModSecurity on Nginx.
First you need to checkout following posts to be able to detect false positives on your waf; guides.
In the following, I will write about, how I create my rules.
On specific arguments and a tag(don’t forget the target):
SecRule REQUEST_URI "@beginsWith /jenkins" "id:1010, phase:2,pass,nolog,ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:command"
SecRule REQUEST_URI "@endsWith /jenkins" "id:1010, phase:2,pass,nolog,ctl:ruleRemoveTargetByTag=attack-sqli;ARGS:command"
in general on tag without ARGS:
SecRule REQUEST_URI "@beginsWith /jenkins" "id:1013, phase:2,pass,nolog,ctl:ruleRemoveByTag=attack-xss"
-
OWASP = Open Worldwide Application Security Project ↩