DOS Rules : TX:STATIC_EXTENSIONS

32 views
Skip to first unread message

Blason R

unread,
Nov 7, 2022, 12:43:43 PM11/7/22
to ModSecurity Core Rule Set project
Hi Team,

I am trying to set DOS in Modsecurity CRS 3.3.2 and stumbled upon TX:STATIC_EXTENSIONS. How does crs identify static_extensions? Or where do I define TX:STATIC_EXTENSIONS.

So that requests other than TX:STATIC_EXTENSIONS will be identified as DOS.

Blason R

unread,
Nov 7, 2022, 12:47:56 PM11/7/22
to ModSecurity Core Rule Set project
Ok - Got it -


Under - REQUEST-901-INITIALIZATION.conf

SecRule &TX:static_extensions "@eq 0" \
    "id:901166,\
    phase:1,\
    pass,\
    nolog,\
    ver:'OWASP_CRS/3.3.0',\
    setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/'"

Walter Hop

unread,
Nov 7, 2022, 12:50:30 PM11/7/22
to Blason R, CRS Mailinglist
> I am trying to set DOS in Modsecurity CRS 3.3.2 and stumbled upon TX:STATIC_EXTENSIONS. How does crs identify static_extensions? Or where do I define TX:STATIC_EXTENSIONS.
>
> So that requests other than TX:STATIC_EXTENSIONS will be identified as DOS.

You can edit your crs-setup.conf and remove the comments from this rule, like this:

# File extensions considered static files.
# Extensions include the dot, lowercase, enclosed by /slashes/ as delimiters.
# Used in DoS protection rule. See section "Anti-Automation / DoS Protection".
# Default: /.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
# Uncomment this rule to change the default.
SecAction \
"id:900260,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/‘"

The setvar line already contains the defaults. You can add more extensions, keeping in mind that they should be between slashes, e.g. /.ext/

Kind regards,
Walter Hop
CRS co-lead

Reply all
Reply to author
Forward
0 new messages