From d32b928bae227850ff1e745657f3f223c4f0b2ad Mon Sep 17 00:00:00 2001 From: Esad Cetiner <104706115+EsadCetiner@users.noreply.github.com> Date: Thu, 6 Jun 2024 20:40:37 +1000 Subject: [PATCH] chore: prepare for release --- README.md | 2 +- plugins/roundcube-rule-exclusions-before.conf | 38 +++++++++---------- plugins/roundcube-rule-exclusions-config.conf | 6 +-- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 62db184..a6eae53 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[8][],\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[9][],\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[10][],\ - ver:'roundcube-rule-exclusions-plugin/1.0.0'" + ver:'roundcube-rule-exclusions-plugin/1.0.2'" ``` Unfortunately, this is the only solution I'm aware of without completely disabling the Core Rule Set. Please open an issue/PR if you think you've found a solution to this issue. diff --git a/plugins/roundcube-rule-exclusions-before.conf b/plugins/roundcube-rule-exclusions-before.conf index 2d501e1..8f32c7e 100644 --- a/plugins/roundcube-rule-exclusions-before.conf +++ b/plugins/roundcube-rule-exclusions-before.conf @@ -9,7 +9,7 @@ # Plugin name: roundcube-rule-exclusions-plugin # Plugin description: OWASP CRS 3rd party plugin for Roundcube webmail # Rule ID block base: 9,519,000 - 9,519,999 -# Plugin version: 1.0.1 +# Plugin version: 1.0.2 # See readme.md for documentation @@ -29,7 +29,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \ phase:1,\ pass,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" @@ -49,7 +49,7 @@ SecRule REQUEST_FILENAME "@unconditionalMatch" \ ctl:ruleRemoveTargetById=932236;REQUEST_COOKIES_NAMES:identviewsplitter,\ ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:roundcube_sessid,\ ctl:ruleRemoveTargetById=942450;REQUEST_COOKIES:roundcube_sessauth,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1'" + ver:'roundcube-rule-exclusions-plugin/1.0.2'" # When logging into Roundcube SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ @@ -58,7 +58,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq login" \ "t:none,\ @@ -79,7 +79,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule REQUEST_HEADERS:referer "@rx ^https://.+/\?_task=(?:mail|settings|logout&_token=[a-zA-Z0-9]+$)" \ "t:none,\ @@ -93,7 +93,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_token "@rx ^[a-zA-Z0-9]+$" \ "t:none,\ @@ -113,7 +113,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ nolog,\ ctl:ruleRemoveTargetById=920272;REQUEST_BODY,\ ctl:ruleRemoveTargetById=920273;REQUEST_BODY,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1'" + ver:'roundcube-rule-exclusions-plugin/1.0.2'" # The text "Maximum allowed file size is 10 MB" in the response body triggers a FP with rule 953101. SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ @@ -122,7 +122,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule RESPONSE_BODY "@rx maximum allowed file size is [0-9]+ [kmg]b" \ "t:none,\ @@ -136,7 +136,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq mail" \ "t:none,\ @@ -153,7 +153,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq mail" \ "t:none,\ @@ -170,7 +170,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq mail" \ "t:none,\ @@ -194,7 +194,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq utils" \ "t:none,\ @@ -210,7 +210,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule REQUEST_HEADERS:referer "@rx ^https://.+/\?_task=mail&_action=plugin\.managesieve&_framed=1&r\[[0-9]+\]=" \ "t:none,\ @@ -227,7 +227,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq addressbook" \ "t:none,\ @@ -250,7 +250,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ t:none,\ nolog,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_signature,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1'" + ver:'roundcube-rule-exclusions-plugin/1.0.2'" # Creating/editing/deleting identities SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ @@ -259,7 +259,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_action "@streq identities" \ "t:none,\ @@ -272,7 +272,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq settings" \ "t:none,\ @@ -298,7 +298,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[5][],\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_custom_var[0][],\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:rawsetcontent,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1'" + ver:'roundcube-rule-exclusions-plugin/1.0.2'" # Configuring out of office reply messages # Out of office message/subject could be anything @@ -308,7 +308,7 @@ SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \ pass,\ t:none,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ chain" SecRule ARGS:_task "@streq settings" \ "t:none,\ diff --git a/plugins/roundcube-rule-exclusions-config.conf b/plugins/roundcube-rule-exclusions-config.conf index 262d1ff..b9a78a4 100644 --- a/plugins/roundcube-rule-exclusions-config.conf +++ b/plugins/roundcube-rule-exclusions-config.conf @@ -9,7 +9,7 @@ # Plugin name: roundcube-rule-exclusions-plugin # Plugin description: OWASP CRS 3rd party plugin for Roundcube webmail # Rule ID block base: 9,519,000 - 9,519,999 -# Plugin version: 1.0.1 +# Plugin version: 1.0.2 # See readme.md for documentation @@ -39,7 +39,7 @@ # phase:1,\ # pass,\ # nolog,\ -# ver:'roundcube-rule-exclusions-plugin/1.0.1',\ +# ver:'roundcube-rule-exclusions-plugin/1.0.2',\ # setvar:'tx.roundcube-rule-exclusions-plugin=0'" # # Since Roundcube sends all requests to the same URL path, by default this plugin will @@ -54,5 +54,5 @@ SecAction \ phase:1,\ pass,\ nolog,\ - ver:'roundcube-rule-exclusions-plugin/1.0.1',\ + ver:'roundcube-rule-exclusions-plugin/1.0.2',\ setvar:'tx.roundcube-rule-exclusions-path=/'"