demus/gitea-proxy-rule-exclusions-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: demus:1.1.0
Branches Tags
demus:main
demus:1.1.0
demus:1.0.0
..
compare: demus:main
Branches Tags
demus:main
demus:1.1.0
demus:1.0.0

1 Commits
1.1.0 ... main

Author SHA1 Message Date
Daniel Demus
c567be56ba Disable PHP rules. Gitea is written in Go 2024-12-26 00:13:39 +01:00
1 changed files with 15 additions and 5 deletions
Show Stats Expand all files Collapse all files

20
plugins/gitea-proxy-rule-exclusions-before.conf
View File

@ -20,7 +20,7 @@ SecRule TX:gitea-proxy-rule-exclusions-plugin_enabled "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'gitea-proxy-rule-exclusions-plugin/1.1.0',\
ver:'gitea-proxy-rule-exclusions-plugin/1.2.0',\
ctl:ruleRemoveById=92002-92999"
#
@ -36,7 +36,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'gitea-proxy-rule-exclusions-plugin/1.1.0',\
ver:'gitea-proxy-rule-exclusions-plugin/1.2.0',\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'"
# Modify CRS rule 901164
@ -45,7 +45,7 @@ SecRule &TX:restricted_extensions "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'gitea-proxy-rule-exclusions-plugin/1.1.0',\
ver:'gitea-proxy-rule-exclusions-plugin/1.2.0',\
setvar:'tx.restricted_extensions=.backup/ .bak/ .cdx/ .cer/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .key/ .printer/ .rdb/ .swp/ .sys/'"
# Modify CRS rule 901165. git-upload-pack has it's own content-type and uses the content-encoding header
@ -54,7 +54,7 @@ SecRule REQUEST_URI "@endsWith git-upload-pack" \
phase:1,\
pass,\
t:none,\
ver:'gitea-proxy-rule-exclusions-plugin/1.1.0',\
ver:'gitea-proxy-rule-exclusions-plugin/1.2.0',\
nolog,\
setvar:'tx.allowed_request_content_type=%{TX.allowed_request_content_type} |application/x-git-upload-pack-request|',\
setvar:'tx.restricted_headers_basic=/proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'"
@ -66,5 +66,15 @@ SecRule REQUEST_FILENAME "@pmFromFile gitea-proxy-whitelisted-files.data" \
pass,\
nolog,\
t:none,\
ver:'gitea-proxy-rule-exclusions-plugin/1.1.0',\
ver:'gitea-proxy-rule-exclusions-plugin/1.2.0',\
ctl:ruleRemoveById=930130"
# Gitea is written in Go, so disable PHP-related rules, as a PHP git project would cause false positives
SecAction \
"id:92040,\
phase:1,\
pass,\
log,\
t:none,\
ver:'gitea-proxy-rule-exclusions-plugin/1.2.0',\
ctl:ruleRemoveByTag=language-php"