Current File : //05_Global_Incoming.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule TX:POINTS "@gt 0" \
	"id:214300,chain,msg:'COMODO WAF: Inbound Attack Targeting OSVDB Flagged Resource.||%{tx.domain}|%{tx.mode}|2',phase:2,deny,setvar:'tx.inbound_tx_msg=%{tx.msg}',setvar:'tx.incoming_points=%{tx.points}',log,t:none,rev:2,severity:2,tag:'CWAF',tag:'Incoming'"
SecRule RESOURCE:OSVDB_VULNERABLE "@eq 1" \
	"chain"
SecRule TX:POINTS_BLOCKING "@streq on"

SecRule TX:POINTS "@gt 0" \
	"id:214310,chain,msg:'COMODO WAF: Inbound Points Exceeded|Total Points: %{TX.points}|%{tx.domain}|%{tx.mode}|2',phase:2,deny,setvar:'tx.inbound_tx_msg=%{tx.msg}',setvar:'tx.incoming_points=%{tx.points}',log,logdata:'Last Matched Data: %{matched_var}',t:none,rev:2,severity:2,tag:'CWAF',tag:'Incoming'"
SecRule TX:POINTS "@ge %{tx.incoming_points_limit}" \
	"chain"
SecRule TX:POINTS_BLOCKING "@streq on" \
	"chain"
SecRule TX:/^\d+\-/ "(.{0,})"