OWASP ModSecurity Core Rule Set
https://www.netnea.com/cms/core-rule-set-inventory/
可以看到规则非常细,
整理分析文章:https://yq.aliyun.com/ziliao/5287
1、主要规则文件:
REQUEST-910-IP-REPUTATION.conf(可疑IP匹配)
REQUEST-912-DOS-PROTECTION.conf(DDOS攻击)
REQUEST-913-SCANNER-DETECTION.conf(扫描器检测)
REQUEST-920-PROTOCOL-ENFORCEMENT.conf(HTTP协议规范相关规则)
REQUEST-921-PROTOCOL-ATTACK.conf(协议攻击)
举例:HTTP Header Injection Attack、HTTP参数污染
REQUEST-930-APPLICATION-ATTACK-LFI.conf(应用攻击-路径遍历)
REQUEST-931-APPLICATION-ATTACK-RFI.conf(远程文件包含)
REQUEST-932-APPLICATION-ATTACK-RCE.conf(远程命令执行)
REQ