Merge pull request #253 from theseion/bugfix/252-add-missing-json-rule

fix: add missing JSON Content-Type rule
coreruleset · May 10, 2024 · 318a288 · 318a288
2 parents 1c4cffa + bb9021d
commit 318a288
Showing 1 changed file with 37 additions and 30 deletions.
diff --git a/src/etc/modsecurity.d/modsecurity.conf b/src/etc/modsecurity.d/modsecurity.conf
@@ -1,53 +1,52 @@
 # Original of the latest recommended version:
 # https://github.com/owasp-modsecurity/ModSecurity/blob/v3/master/modsecurity.conf-recommended
 
-SecArgumentSeparator ${MODSEC_ARGUMENT_SEPARATOR}
+# Directives configured upstream (in the same order)
+SecRuleEngine ${MODSEC_RULE_ENGINE}
+SecRequestBodyAccess ${MODSEC_REQ_BODY_ACCESS}
+SecRequestBodyLimit ${MODSEC_REQ_BODY_LIMIT}
+SecRequestBodyNoFilesLimit ${MODSEC_REQ_BODY_NOFILES_LIMIT}
+SecRequestBodyLimitAction ${MODSEC_REQ_BODY_LIMIT_ACTION}
+SecRequestBodyJsonDepthLimit ${MODSEC_REQ_BODY_JSON_DEPTH_LIMIT}
 SecArgumentsLimit ${MODSEC_ARGUMENTS_LIMIT}
+SecPcreMatchLimit ${MODSEC_PCRE_MATCH_LIMIT}
+SecPcreMatchLimitRecursion ${MODSEC_PCRE_MATCH_LIMIT_RECURSION}
+SecResponseBodyAccess ${MODSEC_RESP_BODY_ACCESS}
+SecResponseBodyMimeType ${MODSEC_RESP_BODY_MIMETYPE}
+SecResponseBodyLimit ${MODSEC_RESP_BODY_LIMIT}
+SecResponseBodyLimitAction ${MODSEC_RESP_BODY_LIMIT_ACTION}
+SecTmpDir ${MODSEC_TMP_DIR}
+SecDataDir ${MODSEC_DATA_DIR}
 SecAuditEngine ${MODSEC_AUDIT_ENGINE}
-SecAuditLog ${MODSEC_AUDIT_LOG}
-SecAuditLogFormat ${MODSEC_AUDIT_LOG_FORMAT}
-SecAuditLogParts ${MODSEC_AUDIT_LOG_PARTS}
 SecAuditLogRelevantStatus "${MODSEC_AUDIT_LOG_RELEVANT_STATUS}"
-SecAuditLogStorageDir ${MODSEC_AUDIT_STORAGE_DIR}
+SecAuditLogParts ${MODSEC_AUDIT_LOG_PARTS}
 SecAuditLogType ${MODSEC_AUDIT_LOG_TYPE}
+SecAuditLog ${MODSEC_AUDIT_LOG}
+SecArgumentSeparator ${MODSEC_ARGUMENT_SEPARATOR}
 SecCookieFormat ${MODSEC_COOKIE_FORMAT}
-SecDataDir ${MODSEC_DATA_DIR}
+SecUnicodeMapFile unicode.mapping ${MODSEC_UNICODE_MAPPING}
+SecStatusEngine ${MODSEC_STATUS_ENGINE}
+
+# Additional directives
+SecAuditLogFormat ${MODSEC_AUDIT_LOG_FORMAT}
+SecAuditLogStorageDir ${MODSEC_AUDIT_STORAGE_DIR}
 SecDebugLog ${MODSEC_DEBUG_LOG}
 SecDebugLogLevel ${MODSEC_DEBUG_LOGLEVEL}
 SecDisableBackendCompression ${MODSEC_DISABLE_BACKEND_COMPRESSION}
-SecPcreMatchLimit ${MODSEC_PCRE_MATCH_LIMIT}
-SecPcreMatchLimitRecursion ${MODSEC_PCRE_MATCH_LIMIT_RECURSION}
-SecRequestBodyAccess ${MODSEC_REQ_BODY_ACCESS}
-SecRequestBodyJsonDepthLimit ${MODSEC_REQ_BODY_JSON_DEPTH_LIMIT}
-SecRequestBodyLimit ${MODSEC_REQ_BODY_LIMIT}
-SecRequestBodyLimitAction ${MODSEC_REQ_BODY_LIMIT_ACTION}
-SecRequestBodyNoFilesLimit ${MODSEC_REQ_BODY_NOFILES_LIMIT}
-SecResponseBodyAccess ${MODSEC_RESP_BODY_ACCESS}
-SecResponseBodyLimit ${MODSEC_RESP_BODY_LIMIT}
-SecResponseBodyLimitAction ${MODSEC_RESP_BODY_LIMIT_ACTION}
-SecResponseBodyMimeType ${MODSEC_RESP_BODY_MIMETYPE}
-SecRuleEngine ${MODSEC_RULE_ENGINE}
-SecStatusEngine ${MODSEC_STATUS_ENGINE}
-SecTmpDir ${MODSEC_TMP_DIR}
 SecTmpSaveUploadedFiles ${MODSEC_TMP_SAVE_UPLOADED_FILES}
-SecUnicodeMapFile unicode.mapping ${MODSEC_UNICODE_MAPPING}
 SecUploadDir ${MODSEC_UPLOAD_DIR}
 SecUploadFileMode ${MODSEC_UPLOAD_FILE_MODE}
 SecUploadKeepFiles ${MODSEC_UPLOAD_KEEP_FILES}
 
-# Base SecRule configs
+# Rules configured upstream (in the same order)
+SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
+    "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+SecRule REQUEST_HEADERS:Content-Type "^application/json" \
+    "id:'200001',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
 SecRule &ARGS "@ge 1000" \
     "id:'200007', phase:2,t:none,log,deny,status:400,msg:'Failed to fully parse request body due to large argument count',severity:2"
-SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \
-    "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
 SecRule REQBODY_ERROR "!@eq 0" \
     "id:'200002', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
-SecRule REQUEST_HEADERS:Content-Type "^(?:application(?:/soap\+|/)|text/)xml" \
-    "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
-SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
-    "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"
-SecRule TX:/^MSC_/ "!@streq 0" \
-    "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
 SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
     "id:'200003',phase:2,t:none,log,deny,status:400, \
     msg:'Multipart request body failed strict validation: \
@@ -63,3 +62,11 @@ SecRule MULTIPART_STRICT_ERROR "!@eq 0" \
     IP %{MULTIPART_INVALID_PART}, \
     IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
     FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+SecRule MULTIPART_UNMATCHED_BOUNDARY "@eq 1" \
+    "id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
+SecRule TX:/^MSC_/ "!@streq 0" \
+    "id:'200005',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+# Additional rules
+SecRule REQUEST_HEADERS:Content-Type "^application/[a-z0-9.-]+[+]json" \
+    "id:'200006',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=JSON"