diff --git a/plugins/sogo-rule-exclusions-before.conf b/plugins/sogo-rule-exclusions-before.conf index a0cdbcb..c8ec7be 100644 --- a/plugins/sogo-rule-exclusions-before.conf +++ b/plugins/sogo-rule-exclusions-before.conf @@ -9,7 +9,7 @@ # Plugin name: sogo-rule-exclusions-plugin # Plugin description: OWASP CRS 3rd party plugin for SOGo Groupware # Rule ID block base: 9,520,000 - 9,520,999 -# Plugin version: 1.0.1 +# Plugin version: 1.0.2 # See readme.md for documentation @@ -29,7 +29,7 @@ SecRule &TX:allowed_methods "@eq 0" \ phase:1,\ pass,\ nolog,\ - ver:'sogo-rule-exclusions-plugin/1.0.1',\ + ver:'sogo-rule-exclusions-plugin/1.0.2',\ setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" # Copy of CRS rule 901162. @@ -38,7 +38,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \ phase:1,\ pass,\ nolog,\ - ver:'sogo-rule-exclusions-plugin/1.0.1',\ + ver:'sogo-rule-exclusions-plugin/1.0.2',\ setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" # Fix SOGo cookie false positive @@ -54,7 +54,7 @@ SecRule REQUEST_FILENAME "@beginsWith /SOGo/" \ ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:XSRF-TOKEN,\ ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES:0xHIGHFLYxSOGo,\ ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:0xHIGHFLYxSOGo,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # When logging into SOGo webmail SecRule REQUEST_FILENAME "@streq /SOGo/connect" \ @@ -69,7 +69,7 @@ SecRule REQUEST_FILENAME "@streq /SOGo/connect" \ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:password,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.password,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # SOGo displays domain names inside the request uri, domains most commonly end in .com which triggers 920440. SecRule REQUEST_FILENAME "@rx ^/SOGo/(?:dav/|so/)?[^/]+\.(?:com|inc)$" \ @@ -79,7 +79,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/(?:dav/|so/)?[^/]+\.(?:com|inc)$" \ t:none,\ nolog,\ ctl:ruleRemoveById=920440,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # SOGo sometimes sets funny referrers SecRule REQUEST_FILENAME "@beginsWith /SOGo" \ @@ -89,7 +89,7 @@ SecRule REQUEST_FILENAME "@beginsWith /SOGo" \ t:none,\ nolog,\ ctl:ruleRemoveTargetById=932237;REQUEST_HEADERS:referer,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # Writing or saving an email # Email content can be anything @@ -109,7 +109,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Mail/[0-9]/folderDrafts/newDraft[0 ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.text,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:subject,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:text,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # Entering an invalid password on login SecRule REQUEST_FILENAME "@streq /SOGo/so/passwordRecoveryEnabled" \ @@ -122,7 +122,7 @@ SecRule REQUEST_FILENAME "@streq /SOGo/so/passwordRecoveryEnabled" \ ctl:ruleRemoveTargetById=920273;ARGS:json.userName,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # Viewing mail inbox # SOGo is written in Objective-C and not PHP, disabling PHP @@ -134,7 +134,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Mail/view$" \ t:none,\ nolog,\ ctl:ruleRemoveById=953100,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # # [ SOGo Settings ] @@ -153,7 +153,7 @@ SecRule REQUEST_FILENAME "@streq /SOGo/so/changePassword" \ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.newPassword,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:oldPassword,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newPassword,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # When changing settings in SOGo # Some rules are disabled for all ARGS_NAMES or ARGS since the @@ -180,7 +180,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Preferences/save$" \ ctl:ruleRemoveTargetById=920272;ARGS:json.defaults.SOGoShortDateFormat,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # # [ SOGo Contacts ] @@ -202,7 +202,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/[^/]+\.vcf/saveAsCo ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # When modifying properties for Addressbook # Enabling/disabling Microsoft ActiveSync @@ -227,7 +227,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Contacts/[^/]+/save$" \ ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # # [ SOGo Calendar ] @@ -250,7 +250,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/[^/]+\.ics/(?:occur ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # When modifying properties for Calendars # Adding a remote webcal @@ -295,7 +295,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/[^/]+/save$" \ ctl:ruleRemoveTargetById=932236;ARGS_NAMES:id,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # When adding a remote web calendar SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/addWebCalendar$" \ @@ -310,7 +310,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/so/[^/]+/Calendar/addWebCalendar$" \ ctl:ruleRemoveTargetById=931130;ARGS:url,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'sogo-rule-exclusions-plugin/1.0.1'" + ver:'sogo-rule-exclusions-plugin/1.0.2'" # # [ SOGo mobile DAV clients ] @@ -331,7 +331,7 @@ SecRule REQUEST_FILENAME "@beginsWith /SOGo/dav" \ ctl:ruleRemoveTargetById=942421;XML:/*,\ ctl:ruleRemoveTargetById=942432;XML:/*,\ ctl:ruleRemoveTargetById=942440;XML:/*,\ - ver:'sogo-rule-exclusions-plugin/1.0.1',\ + ver:'sogo-rule-exclusions-plugin/1.0.2',\ setvar:'tx.allowed_methods=%{tx.allowed_methods} PUT DELETE PROPFIND REPORT MKCOL'" # When modifying/creating contacts via mobile dav client @@ -341,7 +341,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/dav/[^/]+/Contacts/[^/]+/[^/]+\.vcf$" \ pass,\ t:none,\ nolog,\ - ver:'sogo-rule-exclusions-plugin/1.0.1',\ + ver:'sogo-rule-exclusions-plugin/1.0.2',\ setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type} |text/vcard|'" # When modifying/creating calendar via mobile dav client @@ -351,7 +351,7 @@ SecRule REQUEST_FILENAME "@rx ^/SOGo/dav/[^/]+/Calendar/[^/]+/[^/]+\.ics$" \ pass,\ t:none,\ nolog,\ - ver:'sogo-rule-exclusions-plugin/1.0.1',\ + ver:'sogo-rule-exclusions-plugin/1.0.2',\ setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type} |text/calendar|'" # Allow dav clients to scan for caldav/cardav path @@ -361,5 +361,5 @@ SecRule REQUEST_FILENAME "@streq /" \ pass,\ t:none,\ nolog,\ - ver:'sogo-rule-exclusions-plugin/1.0.1',\ + ver:'sogo-rule-exclusions-plugin/1.0.2',\ setvar:'tx.allowed_methods=%{tx.allowed_methods} PROPFIND'" diff --git a/plugins/sogo-rule-exclusions-config.conf b/plugins/sogo-rule-exclusions-config.conf index f56e5f2..2081d09 100644 --- a/plugins/sogo-rule-exclusions-config.conf +++ b/plugins/sogo-rule-exclusions-config.conf @@ -9,7 +9,7 @@ # Plugin name: sogo-rule-exclusions-plugin # Plugin description: OWASP CRS 3rd party plugin for SOGo Groupware # Rule ID block base: 9,520,000 - 9,520,999 -# Plugin version: 1.0.1 +# Plugin version: 1.0.2 # See readme.md for documentation @@ -39,5 +39,5 @@ # phase:1,\ # pass,\ # nolog,\ -# ver:'sogo-rule-exclusions-plugin/1.0.1',\ +# ver:'sogo-rule-exclusions-plugin/1.0.2',\ # setvar:'tx.sogo-rule-exclusions-plugin=0'"