D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
etc
/
apache2
/
conf.d
/
modsec2
/
Filename :
log4j.conf
back
Copy
# log4j CVE-2021-44228, see: # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 # # rules adapted from: # https://coreruleset.org/20211213/crs-and-log4j-log4shell-cve-2021-44228/ # https://github.com/coreruleset/coreruleset/issues/2331 # https://robert.penz.name/1602/modsecurity-rule-to-filter-cve-2021-44228-logjam-log4shell/ # # Targeted rules, can be evaded: SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* "@rx \${jndi:(?:ldaps?|iiop|dns|rmi)://" \ "id:4044052,\ phase:2,\ t:none,t:lowercase,t:urlDecodeUni,\ multimatch,\ auditlog,\ msg:'Remote Command Execution: Log4j CVE-2021-44228',\ logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}'" SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \ "id:4044053,\ phase:1,\ t:none,\ auditlog,\ msg:'DVT: CVE-2021-44228 - phase 1 - deny known \"jndi:\" pattern',\ logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}'" SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \ "id:4044054,\ phase:2,\ t:none,\ auditlog,\ msg:'DVT: CVE-2021-44228 - phase 2 - deny known \"jndi:\" pattern',\ logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}'"