mirror/caddy-waf
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/caddy-waf.git synced 2025-12-23 22:27:46 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
caddy-waf/rules/csfr.json
fab b957e462b7 Create csfr.json
2025-01-13 12:54:16 +01:00

74 lines
2.7 KiB
JSON
Raw Permalink Blame History

[
{
"id": "csrf-missing-token-post",
"phase": 2,
"pattern": "^$",
"targets": ["BODY"],
"severity": "HIGH",
"action": "log",
"score": 6,
"description": "Log POST requests to write operation endpoints that are missing a CSRF token in the body (use this with a condition to ensure that a write operation was done)."
},
{
"id": "csrf-missing-token-args",
"phase": 2,
"pattern": "^$",
"targets": ["ARGS"],
"severity": "HIGH",
"action": "log",
"score": 6,
"description": "Log requests to write operation endpoints that are missing a CSRF token in the query arguments (use this with a condition to ensure that a write operation was done)."
},
{
"id": "csrf-missing-referer",
"phase": 2,
"pattern": "^$",
"targets": ["HEADERS:Referer"],
"severity": "MEDIUM",
"action": "log",
"score": 4,
"description": "Log requests to write operation endpoints that are missing the Referer header (use this with a condition to ensure that a write operation was done)."
},
{
"id": "csrf-token-name-patterns",
"phase": 2,
"pattern": "(?i)(?:csrf|xsrf|anticsrf|authenticity_token|nonce)",
"targets": ["ARGS","BODY"],
"severity": "LOW",
"action": "log",
"score": 2,
"description": "Log requests containing potential CSRF token names in the body or query arguments (for testing)."
},
{
"id": "csrf-token-length-check",
"phase": 2,
"pattern": "(?i)(?:csrf|xsrf|anticsrf|authenticity_token|nonce)=([^a-zA-Z0-9]*)?([a-zA-Z0-9]{32,})",
"targets": ["ARGS", "BODY"],
"severity": "LOW",
"action": "log",
"score": 3,
"description": "Log CSRF tokens that match a specific length (32+ characters, can be used for testing). Also checks for invalid chars before token."
},
{
"id":"csrf-double-submission-cookies",
"phase":2,
"pattern": "(?i)(?:csrf|xsrf|anticsrf|authenticity_token|nonce)=([^;]*)",
"targets":["COOKIES"],
"severity":"LOW",
"action":"log",
"score": 3,
"description":"Log potential CSRF token in cookies"
},
{
"id":"csrf-token-not-present-in-cookies",
"phase":2,
"pattern":"^$",
"targets": ["COOKIES"],
"severity":"MEDIUM",
"action":"log",
"score": 4,
"description":"Log write requests that do not have a CSRF token in the cookies (use this with a condition to ensure that a write operation was done)"
}
]
Reference in New Issue View Git Blame Copy Permalink