> I am trying to set DOS in Modsecurity CRS 3.3.2 and stumbled upon TX:STATIC_EXTENSIONS. How does crs identify static_extensions? Or where do I define TX:STATIC_EXTENSIONS.
>
> So that requests other than TX:STATIC_EXTENSIONS will be identified as DOS.
You can edit your crs-setup.conf and remove the comments from this rule, like this:
# File extensions considered static files.
# Extensions include the dot, lowercase, enclosed by /slashes/ as delimiters.
# Used in DoS protection rule. See section "Anti-Automation / DoS Protection".
# Default: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
# Uncomment this rule to change the default.
SecAction \
"id:900260,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/‘"
The setvar line already contains the defaults. You can add more extensions, keeping in mind that they should be between slashes, e.g. /.ext/
Kind regards,
Walter Hop
CRS co-lead