Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/esadcetiner/roundcube-rule-exclusions-plugin
OWASP CRS 3rd party plugin for Roundcube webmail
https://github.com/esadcetiner/roundcube-rule-exclusions-plugin
coraza-waf coreruleset coreruleset-plugin crs-plugin modsecurity roundcube-webmail
Last synced: 12 days ago
JSON representation
OWASP CRS 3rd party plugin for Roundcube webmail
- Host: GitHub
- URL: https://github.com/esadcetiner/roundcube-rule-exclusions-plugin
- Owner: EsadCetiner
- License: gpl-2.0
- Created: 2023-06-21T07:36:24.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-11-28T21:23:02.000Z (about 2 months ago)
- Last Synced: 2024-11-28T22:22:12.535Z (about 2 months ago)
- Topics: coraza-waf, coreruleset, coreruleset-plugin, crs-plugin, modsecurity, roundcube-webmail
- Homepage:
- Size: 89.8 KB
- Stars: 4
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
![Integration tests](https://github.com/EsadCetiner/roundcube-rule-exclusions-plugin/actions/workflows/integration.yml/badge.svg)
# Roudcube-rule-exclusions-plugin
This plugin contains rule exclusions to fix false positives when using Roundcube Webmail with the OWASP Core Rule Set.## Requirements
- CRS Version 4.0 or newer
- ModSecurity compatable Web Application Firewall## Installation
For full and up to date instructions on installing plugins, please refer to [How to Install a Plugin](https://coreruleset.org/docs/concepts/plugins/#how-to-install-a-plugin) in the official CRS documentation.
### Conditionally enable plugins for multi-application environments
For full and up to date instructions on how to conditionally enable/disable this plugin on a multisite environment, please refer to [Conditionally enable plugins for multi-application environments](https://coreruleset.org/docs/concepts/plugins/#conditionally-enable-plugins-for-multi-application-environments) in the official CRS documentation.
### Configuration
Since Roundcube sends all requests to the same URL path, by default this plugin will unconditionally apply all rule exclusions to all URL paths. This behavior is configurable, you can choose to only apply rule exclusions to a specific URL path that Roundcube is installed on (For example, /mail/ or /roundcube/) by editing the rule ``9519001`` in ``plugins/roundcube-rule-exclusions-config.conf``. This is useful if you are hosting multiple web applications on the same domain and you only want to enable the Roundcube plugin on Roundcube.
## Sieves filter false positive
If you use sieve filter sets, you may encounter false positives that aren't fully resolved by this plugin. The number within the brackets for parameter ARGS:_rule_target[0][] will change based upon what sieve filter set you are creating a rule for. If you do encounter a false positive then you'll have to fix it like so below:
```
SecRule REQUEST_FILENAME "@beginsWith %{tx.roundcube-rule-exclusions-path}" \
"id:1,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[6][],\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[7][],\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[8][],\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[9][],\
ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:_rule_target[10][],\
ver:'roundcube-rule-exclusions-plugin/1.0.2'"
```Unfortunately, this is the only solution I'm aware of without completely disabling the Core Rule Set. Please open an issue/PR if you think you've found a solution to this issue.
## Reporting false positives
If you find a false positive that this plugin does not cover then please open a new issue or pull request, if creating an issue then please include the following details:1. CRS Version
2. ModSecurity/Coraza Version
3. modsec audit logs
4. what caused the false positivePull requests are welcomed if you know how to fix the issue, but please make sure to include tests if possible.
## License
Copyright (c) 2023-2024 Esad Cetiner
This plugin is distributed under GNU General Public License V2 (GPLv2), please see the included LICENSE file for details.