@abtnode/router-provider 1.16.46-beta-20250703-024219-4029ee97 → 1.16.46-beta-20250704-234926-09d872ad

package/lib/nginx/includes/security/crs4/rules/RESPONSE-959-BLOCKING-EVALUATION.conf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------
-# OWASP CRS ver.4.9.0
+# OWASP CRS ver.4.16.0
 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
-# Copyright (c) 2021-2024 CRS project. All rights reserved.
+# Copyright (c) 2021-2025 CRS project. All rights reserved.
 #
 # The OWASP CRS is distributed under
 # Apache Software License (ASL) version 2
@@ -35,7 +35,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
@@ -45,7 +45,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
 
 SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
@@ -55,7 +55,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
@@ -65,7 +65,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
 
 SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
@@ -75,7 +75,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
@@ -85,7 +85,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
 
 SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
@@ -95,7 +95,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
@@ -105,7 +105,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
 
 # at start of phase 4, we reset the aggregate scores to 0 to prevent duplicate counting of per-PL scores
@@ -117,7 +117,7 @@ SecAction \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=0'"
 
 SecAction \
@@ -127,7 +127,7 @@ SecAction \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=0'"
 
 SecMarker "EARLY_BLOCKING_ANOMALY_SCORING"
@@ -141,7 +141,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
@@ -151,7 +151,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl1}'"
 
 SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
@@ -161,7 +161,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
@@ -171,7 +171,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl2}'"
 
 SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
@@ -181,7 +181,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
@@ -191,7 +191,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl3}'"
 
 SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
@@ -201,7 +201,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
 
 SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
@@ -211,7 +211,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \
     t:none,\
     nolog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.detection_outbound_anomaly_score=+%{tx.outbound_anomaly_score_pl4}'"
 
 #
@@ -227,7 +227,7 @@ SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_thre
     msg:'Outbound Anomaly Score Exceeded in phase 3 (Total Score: %{tx.blocking_outbound_anomaly_score})',\
     tag:'anomaly-evaluation',\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     chain"
     SecRule TX:EARLY_BLOCKING "@eq 1"
 
@@ -240,34 +240,34 @@ SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_thre
     msg:'Outbound Anomaly Score Exceeded (Total Score: %{tx.blocking_outbound_anomaly_score})',\
     tag:'anomaly-evaluation',\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0'"
+    ver:'OWASP_CRS/4.16.0'"
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:959012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
 #
 # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
 #
 
 
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:959014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
 #
 # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
 #
 
 
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:959016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
 #
 # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
 #
 
 
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:959018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-959-BLOCKING-EVALUATION"
 #
 # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
 #

package/lib/nginx/includes/security/crs4/rules/RESPONSE-980-CORRELATION.conf

@@ -1,7 +1,7 @@
 # ------------------------------------------------------------------------
-# OWASP CRS ver.4.9.0
+# OWASP CRS ver.4.16.0
 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved.
-# Copyright (c) 2021-2024 CRS project. All rights reserved.
+# Copyright (c) 2021-2025 CRS project. All rights reserved.
 #
 # The OWASP CRS is distributed under
 # Apache Software License (ASL) version 2
@@ -28,7 +28,7 @@ SecAction \
     nolog,\
     noauditlog,\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0',\
+    ver:'OWASP_CRS/4.16.0',\
     setvar:'tx.blocking_anomaly_score=%{tx.blocking_inbound_anomaly_score}',\
     setvar:'tx.blocking_anomaly_score=+%{tx.blocking_outbound_anomaly_score}',\
     setvar:'tx.detection_anomaly_score=%{tx.detection_inbound_anomaly_score}',\
@@ -41,33 +41,33 @@ SecAction \
 #
 
 # -= Reporting Level 0 =- (Skip over reporting when tx.reporting_level is 0)
-SecRule TX:REPORTING_LEVEL "@eq 0" "id:980041,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-REPORTING"
+SecRule TX:REPORTING_LEVEL "@eq 0" "id:980041,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-REPORTING"
 
 # -= Reporting Level 5 =- (Jump to reporting rule immediately when tx.reporting_level is 5 or greater)
-SecRule TX:REPORTING_LEVEL "@ge 5" "id:980042,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:LOG-REPORTING"
+SecRule TX:REPORTING_LEVEL "@ge 5" "id:980042,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:LOG-REPORTING"
 
 # -= Zero detection score =- (Skip over reporting when sum of inbound and outbound detection score is equal to 0)
-SecRule TX:DETECTION_ANOMALY_SCORE "@eq 0" "id:980043,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-REPORTING"
+SecRule TX:DETECTION_ANOMALY_SCORE "@eq 0" "id:980043,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-REPORTING"
 
 # -= Blocking score exceeds threshold =- (Jump to reporting rule immediately if a blocking score exceeds a threshold)
-SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980044,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:LOG-REPORTING"
-SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980045,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:LOG-REPORTING"
+SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980044,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:LOG-REPORTING"
+SecRule TX:BLOCKING_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980045,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:LOG-REPORTING"
 
 # -= Reporting Level 2 =- (Skip over reporting when tx.reporting_level is less than 2)
-SecRule TX:REPORTING_LEVEL "@lt 2" "id:980046,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-REPORTING"
+SecRule TX:REPORTING_LEVEL "@lt 2" "id:980046,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-REPORTING"
 
 # -= Detection score exceeds threshold =- (Jump to reporting rule immediately if a detection score exceeds a threshold)
-SecRule TX:DETECTION_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980047,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:LOG-REPORTING"
-SecRule TX:DETECTION_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980048,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:LOG-REPORTING"
+SecRule TX:DETECTION_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" "id:980047,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:LOG-REPORTING"
+SecRule TX:DETECTION_OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" "id:980048,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:LOG-REPORTING"
 
 # -= Reporting Level 3 =- (Skip over reporting when tx.reporting_level is less than 3)
-SecRule TX:REPORTING_LEVEL "@lt 3" "id:980049,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-REPORTING"
+SecRule TX:REPORTING_LEVEL "@lt 3" "id:980049,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-REPORTING"
 
 # -= Blocking score greater than zero =- (Jump to reporting rule immediately when sum of inbound and outbound blocking score is greater than zero)
-SecRule TX:BLOCKING_ANOMALY_SCORE "@gt 0" "id:980050,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:LOG-REPORTING"
+SecRule TX:BLOCKING_ANOMALY_SCORE "@gt 0" "id:980050,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:LOG-REPORTING"
 
 # -= Reporting Level 4 =- (Skip over reporting when tx.reporting_level is less than 4)
-SecRule TX:REPORTING_LEVEL "@lt 4" "id:980051,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-REPORTING"
+SecRule TX:REPORTING_LEVEL "@lt 4" "id:980051,phase:5,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-REPORTING"
 
 # At this point, the reporting level is 4 and there's a non-zero detection
 # score (already established by rule 980043) so fall through to the reporting
@@ -95,37 +95,37 @@ SecAction \
 (SQLI=%{tx.sql_injection_score}, XSS=%{tx.xss_score}, RFI=%{tx.rfi_score}, LFI=%{tx.lfi_score}, RCE=%{tx.rce_score}, PHPI=%{tx.php_injection_score}, HTTP=%{tx.http_violation_score}, SESS=%{tx.session_fixation_score}, COMBINED_SCORE=%{tx.anomaly_score})',\
     tag:'reporting',\
     tag:'OWASP_CRS',\
-    ver:'OWASP_CRS/4.9.0'"
+    ver:'OWASP_CRS/4.16.0'"
 
 SecMarker "END-REPORTING"
 
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:980012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
 #
 # -= Paranoia Level 1 (default) =- (apply only when tx.detection_paranoia_level is sufficiently high: 1 or higher)
 #
 
 
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:980014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
 #
 # -= Paranoia Level 2 =- (apply only when tx.detection_paranoia_level is sufficiently high: 2 or higher)
 #
 
 
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:980016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
 #
 # -= Paranoia Level 3 =- (apply only when tx.detection_paranoia_level is sufficiently high: 3 or higher)
 #
 
 
 
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
-SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.9.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
+SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:980018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.16.0',skipAfter:END-RESPONSE-980-CORRELATION"
 #
 # -= Paranoia Level 4 =- (apply only when tx.detection_paranoia_level is sufficiently high: 4 or higher)
 #

package/lib/nginx/includes/security/crs4/rules/java-classes.data

@@ -34,6 +34,7 @@ java.io.InputStream
 java.io.InputStreamReader
 java.io.IOException
 java.io.LineNumberReader
+java.io.ObjectInputStream
 java.io.ObjectOutputStream
 java.io.OutputStream
 java.io.PipedOutputStream
@@ -53,12 +54,22 @@ java.lang.Runtime
 java.lang.String
 java.lang.StringBuilder
 java.lang.System
+java.net.HttpURLConnection
+java.net.ServerSocket
 java.net.Socket
+java.net.URL
 javassist
+javax.naming.InitialContext
 javax.script.ScriptEngineManager
+javax.xml.parsers
+javax.xml.stream
 org.apache.commons
 org.apache.struts
 org.apache.struts2
+org.dom4j.io.SAXReader
+org.jdom2.input.SAXBuilder
 org.omg.CORBA
+org.xml.sax
 java.beans.XMLDecode
+java.nio.file
 sun.reflect