Current File : //23_ROR_RORGen.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule REQUEST_HEADERS:Content-Type "@contains application/xml" \
	"id:218600,phase:1,pass,nolog,ctl:forceRequestBodyVariable=on,rev:5,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx type.{0,399}yaml.{0,399}--- !ruby\/hash:ActionController::Routing::RouteSet::NamedRouteCollection.{0,399}\n.{0,399}!ruby\/object:ActionController::Routing::Route.{0,399}\n\s*segments.{0,399}\n\s*requirements" \
	"id:218601,msg:'COMODO WAF: Arbitrary code execution and denial of service vulnerability in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 (CVE-2013-0156)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:5,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx type.{0,399}yaml.{0,399}--- !ruby\/hash:ActionDispatch::Routing::RouteSet::NamedRouteCollection.{0,399}\n.{0,399}!ruby\/object:OpenStruct.{0,399}\n\s*table.{0,399}\n.{0,399}defaults" \
	"id:218602,msg:'COMODO WAF: Arbitrary code execution and denial of service vulnerability in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 (CVE-2013-0156)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:5,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_HEADERS:Content-Type "@contains application/json" \
	"id:218610,phase:1,pass,nolog,ctl:forceRequestBodyVariable=on,rev:3,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx \Q--- !ruby/hash\u003aActionController\u003a\u003aRouting\u003a\u003aRouteSet\u003a\u003aNamedRouteCollection\E\n.+\Q!ruby/object\u003aActionController\u003a\u003aRouting\u003a\u003aRoute\E\n.+\Qsegments\u003a\E.+\Qrequirements\u003a\E" \
	"id:218611,msg:'COMODO WAF: Arbitrary code execution conducting SQL injection attacks vulnerability in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 (CVE-2013-0333)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:504,log,rev:3,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx \Q--- !ruby/hash\u003aActionDispatch\u003a\u003aRouting\u003a\u003aRouteSet\u003a\u003aNamedRouteCollection\E\n.+\Q!ruby/object\u003aOpenStruct\E\n.+\Qtable\u003a\E\n.+\Q\u003adefaults\u003a\E" \
	"id:218612,msg:'COMODO WAF: Arbitrary code execution conducting SQL injection attacks vulnerability in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 (CVE-2013-0333)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:504,log,rev:3,severity:2,tag:'CWAF',tag:'RORGen'"