Merge branch 'v3.3/dev' into 900200-soap-xml

rules/REQUEST-901-INITIALIZATION.conf

@@ -58,6 +58,7 @@ SecRule &TX:crs_setup_version "@eq 0" \
     log,\
     auditlog,\
     msg:'ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\
+    ver:'OWASP_CRS/3.2.0',\
     severity:'CRITICAL'"
 
 
@@ -75,6 +76,7 @@ SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.inbound_anomaly_score_threshold=5'"
 
 # Default Outbound Anomaly Threshold Level (rule 900110 in setup.conf)
@@ -83,6 +85,7 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.outbound_anomaly_score_threshold=4'"
 
 # Default Paranoia Level (rule 900000 in setup.conf)
@@ -91,6 +94,7 @@ SecRule &TX:paranoia_level "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.paranoia_level=1'"
 
 # Default Executing Paranoia Level (rule 900000 in setup.conf)
@@ -99,6 +103,7 @@ SecRule &TX:executing_paranoia_level "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.executing_paranoia_level=%{TX.PARANOIA_LEVEL}'"
 
 # Default Sampling Percentage (rule 900400 in setup.conf)
@@ -107,6 +112,7 @@ SecRule &TX:sampling_percentage "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.sampling_percentage=100'"
 
 # Default Anomaly Scores (rule 900100 in setup.conf)
@@ -115,27 +121,31 @@ SecRule &TX:critical_anomaly_score "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.critical_anomaly_score=5'"
 
 SecRule &TX:error_anomaly_score "@eq 0" \
     "id:901141,\
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.error_anomaly_score=4'"
 
 SecRule &TX:warning_anomaly_score "@eq 0" \
     "id:901142,\
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.warning_anomaly_score=3'"
 
 SecRule &TX:notice_anomaly_score "@eq 0" \
     "id:901143,\
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.notice_anomaly_score=2'"
 
 # Default do_reput_block
@@ -144,6 +154,7 @@ SecRule &TX:do_reput_block "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.do_reput_block=0'"
 
 # Default block duration
@@ -152,6 +163,7 @@ SecRule &TX:reput_block_duration "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.reput_block_duration=300'"
 
 # Default HTTP policy: allowed_methods (rule 900200)
@@ -160,6 +172,7 @@ SecRule &TX:allowed_methods "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
 
 # Default HTTP policy: allowed_request_content_type (rule 900220)
@@ -168,6 +181,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/x-amf| |application/json| |application/octet-stream| |application/csp-report| |application/xss-auditor-report| |text/plain|'"
 
 # Default HTTP policy: allowed_request_content_type_charset (rule 900270)
@@ -176,6 +190,7 @@ SecRule &TX:allowed_request_content_type_charset "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.allowed_request_content_type_charset=utf-8|iso-8859-1|iso-8859-15|windows-1252'"
 
 # Default HTTP policy: allowed_http_versions (rule 900230)
@@ -184,6 +199,7 @@ SecRule &TX:allowed_http_versions "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0'"
 
 # Default HTTP policy: restricted_extensions (rule 900240)
@@ -192,6 +208,7 @@ SecRule &TX:restricted_extensions "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'"
 
 # Default HTTP policy: restricted_headers (rule 900250)
@@ -200,6 +217,7 @@ SecRule &TX:restricted_headers "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.restricted_headers=/proxy/ /lock-token/ /content-range/ /if/'"
 
 # Default HTTP policy: static_extensions (rule 900260)
@@ -208,6 +226,7 @@ SecRule &TX:static_extensions "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'"
 
 # Default enforcing of body processor URLENCODED
@@ -216,6 +235,7 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.enforce_bodyproc_urlencoded=0'"
 
 #
@@ -233,6 +253,7 @@ SecAction \
     pass,\
     t:none,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.anomaly_score=0',\
     setvar:'tx.anomaly_score_pl1=0',\
     setvar:'tx.anomaly_score_pl2=0',\
@@ -269,6 +290,7 @@ SecRule REQUEST_HEADERS:User-Agent "@rx ^.*$" \
     pass,\
     t:none,t:sha1,t:hexEncode,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'tx.ua_hash=%{MATCHED_VAR}'"
 
 SecAction \
@@ -277,6 +299,7 @@ SecAction \
     pass,\
     t:none,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     initcol:global=global,\
     initcol:ip=%{remote_addr}_%{tx.ua_hash},\
     setvar:'tx.real_ip=%{remote_addr}'"
@@ -347,6 +370,7 @@ SecRule TX:sampling_percentage "@eq 100" \
     phase:1,\
     pass,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     skipAfter:END-SAMPLING"
 
 SecRule UNIQUE_ID "@rx ^." \
@@ -355,6 +379,7 @@ SecRule UNIQUE_ID "@rx ^." \
     pass,\
     t:sha1,t:hexEncode,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'TX.sampling_rnd100=%{MATCHED_VAR}'"
 
 SecRule DURATION "@rx (..)$" \
@@ -363,6 +388,7 @@ SecRule DURATION "@rx (..)$" \
     pass,\
     capture,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'TX.sampling_rnd100=%{TX.sampling_rnd100}%{TX.1}'"
 
 SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
@@ -371,6 +397,7 @@ SecRule TX:sampling_rnd100 "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \
     pass,\
     capture,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'"
 
 SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \
@@ -379,6 +406,7 @@ SecRule TX:sampling_rnd100 "@rx ^0([0-9])" \
     pass,\
     capture,\
     nolog,\
+    ver:'OWASP_CRS/3.2.0',\
     setvar:'TX.sampling_rnd100=%{TX.1}'"
 
 
@@ -403,7 +431,8 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \
     noauditlog,\
     msg:'Sampling: Disable the rule engine based on sampling_percentage \
 %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\
-    ctl:ruleEngine=Off"
+    ctl:ruleEngine=Off,\
+    ver:'OWASP_CRS/3.2.0'"
 
 SecMarker "END-SAMPLING"
 
@@ -420,4 +449,5 @@ SecRule TX:executing_paranoia_level "@lt %{tx.paranoia_level}" \
     status:500,\
     t:none,\
     log,\
-    msg:'Executing paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting'"
+    msg:'Executing paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\
+    ver:'OWASP_CRS/3.2.0'"