Go WAF Plugin (#400)

plugins/wasm-go/extensions/waf/wasmplugin/rules/crs/REQUEST-905-COMMON-EXCEPTIONS.conf

@@ -0,0 +1,55 @@
+# ------------------------------------------------------------------------
+# OWASP ModSecurity Core Rule Set ver.4.0.0-rc1
+# Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
+# Copyright (c) 2021-2022 Core Rule Set project. All rights reserved.
+#
+# The OWASP ModSecurity Core Rule Set is distributed under
+# Apache Software License (ASL) version 2
+# Please see the enclosed LICENSE file for full details.
+# ------------------------------------------------------------------------
+
+
+# This file is used as an exception mechanism to remove common false positives
+# that may be encountered.
+#
+# Exception for Apache SSL pinger
+#
+SecRule REQUEST_LINE "@streq GET /" \
+    "id:905100,\
+    phase:1,\
+    pass,\
+    t:none,\
+    nolog,\
+    tag:'application-multi',\
+    tag:'language-multi',\
+    tag:'platform-apache',\
+    tag:'attack-generic',\
+    ver:'OWASP_CRS/4.0.0-rc1',\
+    chain"
+    SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \
+        "t:none,\
+        ctl:ruleRemoveByTag=OWASP_CRS,\
+        ctl:auditEngine=Off"
+
+#
+# Exception for Apache internal dummy connection
+#
+SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \
+    "id:905110,\
+    phase:1,\
+    pass,\
+    t:none,\
+    nolog,\
+    tag:'application-multi',\
+    tag:'language-multi',\
+    tag:'platform-apache',\
+    tag:'attack-generic',\
+    ver:'OWASP_CRS/4.0.0-rc1',\
+    chain"
+    SecRule REQUEST_HEADERS:User-Agent "@endsWith (internal dummy connection)" \
+        "t:none,\
+        chain"
+        SecRule REQUEST_LINE "@rx ^(?:GET /|OPTIONS \*) HTTP/[12]\.[01]$" \
+            "t:none,\
+            ctl:ruleRemoveByTag=OWASP_CRS,\
+            ctl:auditEngine=Off"