Skip to content

Commit

Permalink
chore: prepare for release (#26)
Browse files Browse the repository at this point in the history
  • Loading branch information
EsadCetiner authored Nov 28, 2024
1 parent 7bf31fc commit e9b29e0
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 22 deletions.
38 changes: 19 additions & 19 deletions plugins/roundcube-rule-exclusions-before.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
# Plugin name: roundcube-rule-exclusions-plugin
# Plugin description: OWASP CRS 3rd party plugin for Roundcube webmail
# Rule ID block base: 9,519,000 - 9,519,999
# Plugin version: 1.0.2
# Plugin version: 1.0.3

# See readme.md for documentation

Expand All @@ -29,7 +29,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \
phase:1,\
pass,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |text/xml| |application/xml| |application/soap+xml| |application/json|'"

# Since Roundcube does everything within the same URL path, this plugin tries to improve code readability by creating seperate rules based
Expand All @@ -48,7 +48,7 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \
ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES_NAMES:identviewsplitter,\
ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:roundcube_sessid,\
ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:roundcube_sessauth,\
ver:'roundcube-rule-exclusions-plugin/1.0.2'"
ver:'roundcube-rule-exclusions-plugin/1.0.3'"

# When logging into Roundcube
SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
Expand All @@ -57,7 +57,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq login" \
"t:none,\
Expand All @@ -79,7 +79,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule REQUEST_HEADERS:referer "@rx ^https://.+/\?_task=(?:mail|settings|logout&_token=[a-zA-Z0-9]+$)" \
"t:none,\
Expand All @@ -93,7 +93,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_token "@rx ^[a-zA-Z0-9]+$" \
"t:none,\
Expand All @@ -113,7 +113,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
nolog,\
ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\
ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\
ver:'roundcube-rule-exclusions-plugin/1.0.2'"
ver:'roundcube-rule-exclusions-plugin/1.0.3'"

# The text "Maximum allowed file size is 10 MB" in the response body triggers a FP with rule 953101.
SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
Expand All @@ -122,7 +122,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule RESPONSE_BODY "@rx maximum allowed file size is [0-9]+ [kmg]b" \
"t:none,\
Expand All @@ -136,7 +136,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq mail" \
"t:none,\
Expand All @@ -153,7 +153,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq mail" \
"t:none,\
Expand All @@ -170,7 +170,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq mail" \
"t:none,\
Expand All @@ -196,7 +196,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq utils" \
"t:none,\
Expand All @@ -212,7 +212,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule REQUEST_HEADERS:referer "@rx ^https://.+/\?_task=mail&_action=plugin\.managesieve&_framed=1&r\[[0-9]+\]=" \
"t:none,\
Expand All @@ -229,7 +229,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq addressbook" \
"t:none,\
Expand Down Expand Up @@ -297,7 +297,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
nolog,\
ctl:ruleRemoveTargetById=920273;ARGS:_email,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_signature,\
ver:'roundcube-rule-exclusions-plugin/1.0.2'"
ver:'roundcube-rule-exclusions-plugin/1.0.3'"

# Creating/editing/deleting identities
SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
Expand All @@ -306,7 +306,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_action "@streq identities" \
"t:none,\
Expand All @@ -319,7 +319,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq settings" \
"t:none,\
Expand All @@ -345,7 +345,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[5][],\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_custom_var[0][],\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:rawsetcontent,\
ver:'roundcube-rule-exclusions-plugin/1.0.2'"
ver:'roundcube-rule-exclusions-plugin/1.0.3'"

# Configuring out of office reply messages
# Out of office message/subject could be anything
Expand All @@ -355,7 +355,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
pass,\
t:none,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
chain"
SecRule ARGS:_task "@streq settings" \
"t:none,\
Expand Down
6 changes: 3 additions & 3 deletions plugins/roundcube-rule-exclusions-config.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
# Plugin name: roundcube-rule-exclusions-plugin
# Plugin description: OWASP CRS 3rd party plugin for Roundcube webmail
# Rule ID block base: 9,519,000 - 9,519,999
# Plugin version: 1.0.2
# Plugin version: 1.0.3

# See readme.md for documentation

Expand Down Expand Up @@ -39,7 +39,7 @@
# phase:1,\
# pass,\
# nolog,\
# ver:'roundcube-rule-exclusions-plugin/1.0.2',\
# ver:'roundcube-rule-exclusions-plugin/1.0.3',\
# setvar:'tx.roundcube-rule-exclusions-plugin=0'"
#
# Since Roundcube sends all requests to the same URL path, by default this plugin will
Expand All @@ -54,5 +54,5 @@ SecAction \
phase:1,\
pass,\
nolog,\
ver:'roundcube-rule-exclusions-plugin/1.0.2',\
ver:'roundcube-rule-exclusions-plugin/1.0.3',\
setvar:'tx.roundcube-rule-exclusions-path=/'"

0 comments on commit e9b29e0

Please sign in to comment.