system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------
SecRule &TX:WordPress "!@eq 1" \
"id:209501,chain,msg:'COMODO WAF: Start track WordPress session id|%{TX.1}|%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,rev:17,severity:2,tag:'CWAF',tag:'AppsInitialization'"
SecRule REQUEST_COOKIES_NAMES "@rx ^wordpress_(?:(?:sec|logged_in)_)?([0-9a-fA-f]{32})$" \
"capture,setsid:'%{TX.1}',setvar:'SESSION.wp_session=1',setvar:'TX.WordPress=1',expirevar:'SESSION.wp_session=300'"
SecRule REQUEST_COOKIES:/^[a-f0-9]{32}$/ "@rx ^(?:[a-z0-9]{26}|[a-z0-9]{32})$" \
"id:209503,msg:'COMODO WAF: Start tracking Joomla! session||%{tx.domain}|%{tx.mode}|2',phase:2,pass,setsid:'%{MATCHED_VAR}',setvar:'SESSION.joomla_session=1',setvar:'TX.Joomla=1',expirevar:'SESSION.joomla_session=300',nolog,t:none,rev:17,severity:2,tag:'CWAF',tag:'AppsInitialization'"
SecRule REQUEST_COOKIES_NAMES "@rx ^sess([0-9a-f]{32})$" \
"id:209510,msg:'COMODO WAF: Drupal App Initialization||%{tx.domain}|%{tx.mode}|2',phase:2,capture,pass,setsid:'%{TX.1}',setvar:'TX.drupal=1',setvar:'SESSION.drupal=1',expirevar:'SESSION.drupal=300',nolog,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'AppsInitialization'"
SecAction \
"id:219000,phase:2,pass,setvar:'tx.xmlrpc_watch_period=300',setvar:'tx.xmlrpc_requests_limit=5',setvar:'tx.xmlrpc_block_timeout=600',nolog"