Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 41 subscribers
  • Views 1714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why Sophos XG 430 use OWASP Modesecurity old version

Imran Khalid

Hello, 

Can any body tell me why Sophos XG 430 WAF use old version of OWASP Modesecurity CRS although there is latest release 3.2.0 is available.

firmware version is SFOS 17.5.9 MR-9

[Mon Jan 27 12:25:43.650238 2020] [security2:error] [pid 25334:tid 140702658754304] [client 39.43.72.228:52802] [client 39.43.72.228] ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ctl00$MainContent$ScriptManager1. [file "/content/waf/2.7.3/modsecurity_crs_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:ctl00$MainContent$ScriptManager1: ctl00$MainContent$UpdatePanel1|ctl00$MainContent$gvLst$ctl03$JobID"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag] [hostname "hcm.asd.com.pk"] [uri "/Trns/ExternalJobCardList.aspx"] [unique_id "Xi6Qd38AAAEAAGL2AEoAAAHa"], referer: comi.asd.com.pk/.../ExternalJobCardList.aspx



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi Imran Khalid,

    According to the internal documents SFOS v18 has been updated with the OWASP Modesecurity CRS version 3.2.0. 

    Thanks,

  • 0 in reply to FormerMember

    When will the fixed version be released and as what V18 EAP?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to rfcat_vk

    It's already out on EAP3R1.

    ModSecurity: Warning. Matched phrase "masscan" at REQUEST_HEADERS:User-Agent. [file "/usr/apache/conf/waf/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "###"] [uri "/"]

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Reply
  • +1 in reply to rfcat_vk

    It's already out on EAP3R1.

    ModSecurity: Warning. Matched phrase "masscan" at REQUEST_HEADERS:User-Agent. [file "/usr/apache/conf/waf/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: masscan found within REQUEST_HEADERS:User-Agent: masscan/1.0 (https://github.com/robertdavidgraham/masscan)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "###"] [uri "/"]

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Children
No Data
Unfiltered HTML