Commits

Daniel Cid committed 79df87b Draft

Small improvements to these web rules.

Comments (0)

Files changed (2)

etc/rules/web_appsec_rules.xml

   <!-- BAD/Annoying user agents -->
   <rule id="31508" level="6">
     <if_sid>31100</if_sid>
-    <match> "ZmEu"| "libwww-perl/</match>
+    <match> "ZmEu"| "libwww-perl/|"the beast"|"Morfeus|"ZmEu|"Nikto</match>
     <description>Blacklisted user agent (known malicious user agent).</description>
   </rule>
 

etc/rules/web_rules.xml

     
     <!-- Attempt to do directory transversal, simple sql injections,
       -  or access to the etc or bin directory (unix). -->
-    <url>%027|%00|%01|%7f|%2E%2E|%0A|%0D|../..|..\..|echo;|..|</url>
+    <url>%027|%00|%01|%7f|%2E%2E|%0A|%0D|../..|..\..|echo;|</url>
     <url>cmd.exe|root.exe|_mem_bin|msadc|/winnt/|</url>
     <url>/x90/|default.ida|/sumthin|nsiislog.dll|chmod%|wget%|cd%20|</url>
     <url>cat%20|exec%20|rm%20</url>