r4322 - trunk/varnish-tools/security.vcl/vcl/modules

Mon Oct 12 12:13:49 CEST 2009

Author: edward
Date: 2009-10-12 12:13:49 +0200 (Mon, 12 Oct 2009)
New Revision: 4322

Modified:
   trunk/varnish-tools/security.vcl/vcl/modules/php.vcl
Log:
added a check for "_PHPLIB[" which is activly exploitet


Modified: trunk/varnish-tools/security.vcl/vcl/modules/php.vcl
===================================================================

--- trunk/varnish-tools/security.vcl/vcl/modules/php.vcl	2009-10-09 09:03:39 UTC (rev 4321)
+++ trunk/varnish-tools/security.vcl/vcl/modules/php.vcl	2009-10-12 10:13:49 UTC (rev 4322)
@@ -89,6 +89,13 @@
                 call sec_php_sev1;
         }
 
+        if (req.url ~ "_PHPLIB\[") {
+                set req.http.X-SEC-RuleName = "Manipulation of Predefined Variable _PHPLIB";
+                set req.http.X-SEC-RuleId   = "13";
+                set req.http.X-SEC-RuleInfo = "Manipulation of Predefined Variable: _PHPLIB";
+                call sec_php_sev1;
+        }
+
 # One could make one long regexp with common php statements. For now:
 
         # Generic check for code execution

