/usr/share/modsecurity-crs/util/debug/RESPONSE-981-DEBUG.conf is in modsecurity-crs 3.0.2-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | #
# -- [[ Debug Mode ]] ----------------------------------------------------------
#
# To enable rule development and debugging, CRS has an optional debug mode
# that does not block a request, but instead sends detection information
# back to the HTTP client.
#
# This functionality is currently only supported with the Apache web server.
# The Apache mod_headers module is required.
#
# In debug mode, the webserver inserts "X-WAF-Events" / "X-WAF-Score"
# response headers whenever a debug client makes a request. Example:
#
# # curl -v 'http://192.168.1.100/?foo=../etc/passwd'
# X-WAF-Events: TX:930110-OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL-REQUEST_URI,
# TX:930120-OWASP_CRS/WEB_ATTACK/FILE_INJECTION-ARGS:foo,
# TX:932160-OWASP_CRS/WEB_ATTACK/RCE-ARGS:foo
# X-WAF-Score: Total=15; sqli=0; xss=0; rfi=0; lfi=10; rce=5; php=0; http=0; ses=0
#
# To enable debug mode, see the section "Debug Mode" in crs-setup.conf.
#
SecRule &TX:CRS_DEBUG_MODE|TX:CRS_DEBUG_MODE "@eq 0" \
"phase:4,\
t:none,\
nolog,\
id:981228,\
pass,\
skipAfter:END_RESPONSE_HEADER_TAGGING"
SecRule TX:ANOMALY_SCORE "@eq 0" \
"phase:4,\
id:981229,\
t:none,\
nolog,\
pass,\
skipAfter:END_RESPONSE_HEADER_TAGGING"
SecRule TX:/^\d*\-/ "." \
"phase:4,\
id:981230,\
t:none,\
nolog,\
pass,\
setvar:tx.counter=+1,\
setenv:matched_rule-%{tx.counter}=%{matched_var_name},\
setenv:anomaly_score=%{tx.anomaly_score},\
setenv:sql_injection_score=%{tx.sql_injection_score},\
setenv:xss_score=%{tx.xss_score},\
setenv:rfi_score=%{tx.rfi_score},\
setenv:lfi_score=%{tx.lfi_score},\
setenv:rce_score=%{tx.rce_score},\
setenv:php_injection_score=%{tx.php_injection_score},\
setenv:http_violation_score=%{tx.http_violation_score},\
setenv:session_fixation_score=%{tx.session_fixation_score}"
Header append X-WAF-Events "%{matched_rule-1}e" env=matched_rule-1
Header append X-WAF-Events "%{matched_rule-2}e" env=matched_rule-2
Header append X-WAF-Events "%{matched_rule-3}e" env=matched_rule-3
Header append X-WAF-Events "%{matched_rule-4}e" env=matched_rule-4
Header append X-WAF-Events "%{matched_rule-5}e" env=matched_rule-5
Header append X-WAF-Events "%{matched_rule-6}e" env=matched_rule-6
Header append X-WAF-Events "%{matched_rule-7}e" env=matched_rule-7
Header append X-WAF-Events "%{matched_rule-8}e" env=matched_rule-8
Header append X-WAF-Events "%{matched_rule-9}e" env=matched_rule-9
Header append X-WAF-Events "%{matched_rule-10}e" env=matched_rule-10
Header append X-WAF-Events "%{matched_rule-11}e" env=matched_rule-11
Header append X-WAF-Events "%{matched_rule-12}e" env=matched_rule-12
Header append X-WAF-Events "%{matched_rule-13}e" env=matched_rule-13
Header append X-WAF-Events "%{matched_rule-14}e" env=matched_rule-14
Header append X-WAF-Events "%{matched_rule-15}e" env=matched_rule-15
Header append X-WAF-Events "%{matched_rule-16}e" env=matched_rule-16
Header append X-WAF-Events "%{matched_rule-17}e" env=matched_rule-17
Header append X-WAF-Events "%{matched_rule-18}e" env=matched_rule-18
Header append X-WAF-Events "%{matched_rule-19}e" env=matched_rule-19
Header append X-WAF-Events "%{matched_rule-20}e" env=matched_rule-20
Header set X-WAF-Score "Total=%{anomaly_score}e; sqli=%{sql_injection_score}e; xss=%{xss_score}e; rfi=%{rfi_score}e; lfi=%{lfi_score}e; rce=%{rce_score}e; php=%{php_injection_score}e; http=%{http_violation_score}e; ses=%{session_fixation_score}e" env=anomaly_score
SecMarker END_RESPONSE_HEADER_TAGGING
|