921110 add track and path and 921150 lowercase X

spartantri · web-flow · commit 9c8b72e91a68 · 2018-01-08T22:10:22.000+01:00
rule 921110 added track and path 
rule 921150 lowercase x
diff --git a/rules/REQUEST-921-PROTOCOL-ATTACK.conf b/rules/REQUEST-921-PROTOCOL-ATTACK.conf
@@ -67,7 +67,7 @@ SecRule REQUEST_HEADERS:'/(?:Content-Length|Transfer-Encoding)/' "@rx ," \
 # [ References ]
 # http://projects.webappsec.org/HTTP-Request-Smuggling
 #
-SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?:\n|\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\s+" \
+SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?:\n|\r)+(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\s+" \
     "id:921110,\
     phase:2,\
     block,\
@@ -205,7 +205,7 @@ SecRule ARGS_NAMES "@rx [\n\r]" \
     setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/HEADER_INJECTION-%{matched_var_name}=%{tx.0}'"
 
 
-SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?:\n|\r)+(?:\s+|location|refresh|(?:set-)?cookie|(?:X-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\s*:" \
+SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?:\n|\r)+(?:\s+|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\s*:" \
     "id:921160,\
     phase:2,\
     block,\
