11# ------------------------------------------------------------------------
2- # OWASP CRS ver.4.24.1
2+ # OWASP CRS ver.4.25.0
33# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
44# Copyright (c) 2021-2026 CRS project. All rights reserved.
55#
@@ -182,7 +182,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
182182# t:none,\
183183# nolog,\
184184# tag:'OWASP_CRS',\
185- # ver:'OWASP_CRS/4.24.1 ',\
185+ # ver:'OWASP_CRS/4.25.0 ',\
186186# setvar:tx.blocking_paranoia_level=1"
187187
188188
@@ -210,7 +210,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
210210# t:none,\
211211# nolog,\
212212# tag:'OWASP_CRS',\
213- # ver:'OWASP_CRS/4.24.1 ',\
213+ # ver:'OWASP_CRS/4.25.0 ',\
214214# setvar:tx.detection_paranoia_level=1"
215215
216216
@@ -236,7 +236,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
236236# t:none,\
237237# nolog,\
238238# tag:'OWASP_CRS',\
239- # ver:'OWASP_CRS/4.24.1 ',\
239+ # ver:'OWASP_CRS/4.25.0 ',\
240240# setvar:tx.enforce_bodyproc_urlencoded=1"
241241
242242
@@ -271,7 +271,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
271271# t:none,\
272272# nolog,\
273273# tag:'OWASP_CRS',\
274- # ver:'OWASP_CRS/4.24.1 ',\
274+ # ver:'OWASP_CRS/4.25.0 ',\
275275# setvar:tx.critical_anomaly_score=5,\
276276# setvar:tx.error_anomaly_score=4,\
277277# setvar:tx.warning_anomaly_score=3,\
@@ -332,7 +332,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
332332# t:none,\
333333# nolog,\
334334# tag:'OWASP_CRS',\
335- # ver:'OWASP_CRS/4.24.1 ',\
335+ # ver:'OWASP_CRS/4.25.0 ',\
336336# setvar:tx.inbound_anomaly_score_threshold=5,\
337337# setvar:tx.outbound_anomaly_score_threshold=4"
338338
@@ -393,7 +393,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
393393# t:none,\
394394# nolog,\
395395# tag:'OWASP_CRS',\
396- # ver:'OWASP_CRS/4.24.1 ',\
396+ # ver:'OWASP_CRS/4.25.0 ',\
397397# setvar:tx.reporting_level=4"
398398
399399
@@ -418,15 +418,15 @@ SecDefaultAction "phase:2,log,auditlog,pass"
418418# does not get evaluated if the request is being blocked early. So when you
419419# disabled early blocking again at some point in the future, then new alerts
420420# from phase 2 might pop up.
421- SecAction \
422- "id:900120,\
423- phase:1,\
424- pass,\
425- t:none,\
426- nolog,\
427- tag:'OWASP_CRS',\
428- ver:'OWASP_CRS/4.24.1 ',\
429- setvar:tx.early_blocking=1"
421+ SecAction \
422+ "id:900120,\
423+ phase:1,\
424+ pass,\
425+ t:none,\
426+ nolog,\
427+ tag:'OWASP_CRS',\
428+ ver:'OWASP_CRS/4.25.0 ',\
429+ setvar:tx.early_blocking=1"
430430
431431
432432#
@@ -446,7 +446,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
446446# t:none,\
447447# nolog,\
448448# tag:'OWASP_CRS',\
449- # ver:'OWASP_CRS/4.24.1 ',\
449+ # ver:'OWASP_CRS/4.25.0 ',\
450450# setvar:tx.enable_default_collections=1"
451451
452452
@@ -484,7 +484,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
484484# t:none,\
485485# nolog,\
486486# tag:'OWASP_CRS',\
487- # ver:'OWASP_CRS/4.24.1 ',\
487+ # ver:'OWASP_CRS/4.25.0 ',\
488488# setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'"
489489
490490#
@@ -514,7 +514,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
514514# pass,\
515515# nolog,\
516516# tag:'OWASP_CRS',\
517- # ver:'OWASP_CRS/4.24.1 ',\
517+ # ver:'OWASP_CRS/4.25.0 ',\
518518# setvar:'tx.allow_method_override_parameter=1'"
519519
520520# Content-Types that a client is allowed to send in a request.
@@ -554,7 +554,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
554554# t:none,\
555555# nolog,\
556556# tag:'OWASP_CRS',\
557- # ver:'OWASP_CRS/4.24.1 ',\
557+ # ver:'OWASP_CRS/4.25.0 ',\
558558# chain"
559559# SecRule REQUEST_URI "@rx ^/foo/bar" \
560560# "t:none,\
@@ -573,7 +573,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
573573# t:none,\
574574# nolog,\
575575# tag:'OWASP_CRS',\
576- # ver:'OWASP_CRS/4.24.1 ',\
576+ # ver:'OWASP_CRS/4.25.0 ',\
577577# setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |text/xml| |application/xml| |application/soap+xml| |application/json|'"
578578
579579# Allowed HTTP versions.
@@ -589,7 +589,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
589589# t:none,\
590590# nolog,\
591591# tag:'OWASP_CRS',\
592- # ver:'OWASP_CRS/4.24.1 ',\
592+ # ver:'OWASP_CRS/4.25.0 ',\
593593# setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'"
594594
595595# Forbidden file extensions.
@@ -613,7 +613,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
613613# t:none,\
614614# nolog,\
615615# tag:'OWASP_CRS',\
616- # ver:'OWASP_CRS/4.24.1 ',\
616+ # ver:'OWASP_CRS/4.25.0 ',\
617617# setvar:'tx.restricted_extensions=.ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/'"
618618
619619# Restricted request headers.
@@ -669,7 +669,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
669669# t:none,\
670670# nolog,\
671671# tag:'OWASP_CRS',\
672- # ver:'OWASP_CRS/4.24.1 ',\
672+ # ver:'OWASP_CRS/4.25.0 ',\
673673# setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/ /x-middleware-subrequest/ /expect/'"
674674#
675675# [ Extended ]
@@ -695,7 +695,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
695695# t:none,\
696696# nolog,\
697697# tag:'OWASP_CRS',\
698- # ver:'OWASP_CRS/4.24.1 ',\
698+ # ver:'OWASP_CRS/4.25.0 ',\
699699# setvar:'tx.restricted_headers_extended=/accept-charset/'"
700700
701701# Content-Types charsets that a client is allowed to send in a request.
@@ -714,7 +714,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
714714# t:none,\
715715# nolog,\
716716# tag:'OWASP_CRS',\
717- # ver:'OWASP_CRS/4.24.1 ',\
717+ # ver:'OWASP_CRS/4.25.0 ',\
718718# setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'"
719719
720720#
@@ -740,7 +740,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
740740# t:none,\
741741# nolog,\
742742# tag:'OWASP_CRS',\
743- # ver:'OWASP_CRS/4.24.1 ',\
743+ # ver:'OWASP_CRS/4.25.0 ',\
744744# setvar:tx.max_num_args=255"
745745
746746# Block request if the length of any argument name is too high
@@ -754,7 +754,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
754754# t:none,\
755755# nolog,\
756756# tag:'OWASP_CRS',\
757- # ver:'OWASP_CRS/4.24.1 ',\
757+ # ver:'OWASP_CRS/4.25.0 ',\
758758# setvar:tx.arg_name_length=100"
759759
760760# Block request if the length of any argument value is too high
@@ -768,7 +768,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
768768# t:none,\
769769# nolog,\
770770# tag:'OWASP_CRS',\
771- # ver:'OWASP_CRS/4.24.1 ',\
771+ # ver:'OWASP_CRS/4.25.0 ',\
772772# setvar:tx.arg_length=400"
773773
774774# Block request if the total length of all combined arguments is too high
@@ -782,7 +782,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
782782# t:none,\
783783# nolog,\
784784# tag:'OWASP_CRS',\
785- # ver:'OWASP_CRS/4.24.1 ',\
785+ # ver:'OWASP_CRS/4.25.0 ',\
786786# setvar:tx.total_arg_length=64000"
787787
788788# Block request if the file size of any individual uploaded file is too high
@@ -796,7 +796,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
796796# t:none,\
797797# nolog,\
798798# tag:'OWASP_CRS',\
799- # ver:'OWASP_CRS/4.24.1 ',\
799+ # ver:'OWASP_CRS/4.25.0 ',\
800800# setvar:tx.max_file_size=1048576"
801801
802802# Block request if the total size of all combined uploaded files is too high
@@ -810,7 +810,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
810810# t:none,\
811811# nolog,\
812812# tag:'OWASP_CRS',\
813- # ver:'OWASP_CRS/4.24.1 ',\
813+ # ver:'OWASP_CRS/4.25.0 ',\
814814# setvar:tx.combined_file_sizes=1048576"
815815
816816
@@ -850,7 +850,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
850850# pass,\
851851# nolog,\
852852# tag:'OWASP_CRS',\
853- # ver:'OWASP_CRS/4.24.1 ',\
853+ # ver:'OWASP_CRS/4.25.0 ',\
854854# setvar:tx.sampling_percentage=100"
855855
856856
@@ -871,7 +871,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
871871# t:none,\
872872# nolog,\
873873# tag:'OWASP_CRS',\
874- # ver:'OWASP_CRS/4.24.1 ',\
874+ # ver:'OWASP_CRS/4.25.0 ',\
875875# setvar:tx.crs_validate_utf8_encoding=1"
876876
877877# -- [[ Skip Checking Responses ]] ------------------------------------------------
@@ -893,7 +893,7 @@ SecDefaultAction "phase:2,log,auditlog,pass"
893893# t:none,\
894894# nolog,\
895895# tag:'OWASP_CRS',\
896- # ver:'OWASP_CRS/4.24.1 ',\
896+ # ver:'OWASP_CRS/4.25.0 ',\
897897# setvar:tx.crs_skip_response_analysis=1"
898898
899899#
@@ -914,5 +914,5 @@ SecAction \
914914 t:none,\
915915 nolog,\
916916 tag:'OWASP_CRS',\
917- ver:'OWASP_CRS/4.24.1 ',\
918- setvar:tx.crs_setup_version=4241 "
917+ ver:'OWASP_CRS/4.25.0 ',\
918+ setvar:tx.crs_setup_version=4250 "
0 commit comments