From 0ef5a4fc49a2f5e9cc47fd245d5e6d95b5ef9902 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Ch=C3=A1vez?= Date: Mon, 5 Feb 2024 14:38:03 +0100 Subject: [PATCH] chore: upgrades to latest coraza to include SecRuleRemoveByTag documentation. (#242) --- content/docs/seclang/directives.md | 34 +++++++++++++++++++++++++++++- go.mod | 11 +++++----- go.sum | 16 ++++++++++++++ 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/content/docs/seclang/directives.md b/content/docs/seclang/directives.md index b4ba03c4..090ee149 100644 --- a/content/docs/seclang/directives.md +++ b/content/docs/seclang/directives.md @@ -3,7 +3,7 @@ title: "Directives" Description: "The following section outlines all of the Coraza directives. " lead: "The following section outlines all of the Coraza directives. " date: 2020-10-06T08:48:57+00:00 -lastmod: "2023-06-09T11:28:40+02:00" +lastmod: "2024-02-05T09:55:41+01:00" draft: false images: [] menu: @@ -46,6 +46,21 @@ This directive is commonly used to set variables and initialize persistent colle SecAction "nolog,phase:1,initcol:RESOURCE=%{REQUEST_FILENAME}" ``` +## SecArgumentsLimit + +**Description:** Configures the maximum number of ARGS that will be accepted for processing. + +**Syntax:** `SecArgumentsLimit [LIMIT]` + +**Default:** `1000` + +Exceeding the limit will not be included. +With JSON body processing, there is nothing to do when exceed the limit. +**Example:** +```apache +SecArgumentsLimit 1000 +``` + ## SecAuditEngine **Description:** Configures the audit logging engine. @@ -427,4 +442,21 @@ The possible values are: **Syntax:** `SecRuleRemoveById ...[ID OR RANGE]` +## SecRuleRemoveByTag + +**Description:** Removes the matching rules from the current configuration context. + +**Syntax:** `SecRuleRemoveByTag [TAG]` + +Normally, you would use [`SecRuleRemoveById`](#secruleremovebyid) to remove rules, but it may occasionally +be easier to disable an entire group of rules with [`SecRuleRemoveByTag`](#secruleremovebytag). Matching is +by case-sensitive string equality. + +**Example:** +```apache +SecRuleRemoveByTag attack-dos +``` + +**Note:** OWASP CRS has a list of supported tags https://coreruleset.org/docs/rules/metadata/ + diff --git a/go.mod b/go.mod index 0dad709a..75c55286 100644 --- a/go.mod +++ b/go.mod @@ -3,16 +3,17 @@ module github.com/corazawaf/coraza.io go 1.19 require ( - github.com/corazawaf/coraza/v3 v3.0.0 + github.com/corazawaf/coraza/v3 v3.0.5-0.20240205085451-fc71a09e809b github.com/magefile/mage v1.15.0 ) require ( - github.com/corazawaf/libinjection-go v0.1.2 // indirect - github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 // indirect - github.com/tidwall/gjson v1.14.4 // indirect + github.com/corazawaf/libinjection-go v0.1.3 // indirect + github.com/petar-dambovaliev/aho-corasick v0.0.0-20230725210150-fb29fc3c913e // indirect + github.com/tidwall/gjson v1.17.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect - golang.org/x/net v0.10.0 // indirect + golang.org/x/net v0.20.0 // indirect + golang.org/x/sync v0.6.0 // indirect rsc.io/binaryregexp v0.2.0 // indirect ) diff --git a/go.sum b/go.sum index 43fc7189..1cde5259 100644 --- a/go.sum +++ b/go.sum @@ -1,15 +1,27 @@ github.com/corazawaf/coraza/v3 v3.0.0 h1:GvTzxcgtfQ76LneYL19Nkb1/T+2E/s3BRAOEt6h2sY0= github.com/corazawaf/coraza/v3 v3.0.0/go.mod h1:MjV/iyO+B+JcVEWUJi4O2r1sfHeFzlF28MnvAqWfea0= +github.com/corazawaf/coraza/v3 v3.0.4 h1:Llemgoh0hp2NggCwcWN8lNiV4Pfe+AWzf1oEcasT234= +github.com/corazawaf/coraza/v3 v3.0.4/go.mod h1:3fTYjY5BZv3nezLpH6NAap0gr3jZfbQWUAu2GF17ET4= +github.com/corazawaf/coraza/v3 v3.0.5-0.20240205081452-e5fae9f78d28 h1:Was3LvnqKoVUeH9Rc9yzG/Q2iB/L7QA0cIMpEjW9Tw0= +github.com/corazawaf/coraza/v3 v3.0.5-0.20240205081452-e5fae9f78d28/go.mod h1:I7usXIDZaMdBqAW36vtPagZzMBK6W5StZUbnbRSR4RY= +github.com/corazawaf/coraza/v3 v3.0.5-0.20240205085451-fc71a09e809b h1:tXH1yUNH3ME81zBuonCSv2AhZFCQ0UMqjQ2xgSP3m+o= +github.com/corazawaf/coraza/v3 v3.0.5-0.20240205085451-fc71a09e809b/go.mod h1:I7usXIDZaMdBqAW36vtPagZzMBK6W5StZUbnbRSR4RY= github.com/corazawaf/libinjection-go v0.1.2 h1:oeiV9pc5rvJ+2oqOqXEAMJousPpGiup6f7Y3nZj5GoM= github.com/corazawaf/libinjection-go v0.1.2/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= +github.com/corazawaf/libinjection-go v0.1.3 h1:PUplAYho1BBl0tIVbhDsNRuVGIeUYSiCEc9oQpb2rJU= +github.com/corazawaf/libinjection-go v0.1.3/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/magefile/mage v1.15.0 h1:BvGheCMAsG3bWUDbZ8AyXXpCNwU9u5CB6sM+HNb9HYg= github.com/magefile/mage v1.15.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 h1:lL+y4Xv20pVlCGyLzNHRC0I0rIHhIL1lTvHizoS/dU8= github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw= +github.com/petar-dambovaliev/aho-corasick v0.0.0-20230725210150-fb29fc3c913e h1:POJco99aNgosh92lGqmx7L1ei+kCymivB/419SD15PQ= +github.com/petar-dambovaliev/aho-corasick v0.0.0-20230725210150-fb29fc3c913e/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw= github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= +github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -18,6 +30,10 @@ github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhso golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=