Merge pull request #30 from molu8bits/develop

Develop

Author: molu8bits

.github/workflows/ci.yaml

@@ -0,0 +1,48 @@
+name: CI
+on:
+  pull_request:
+    branches: [develop, master]
+  push:
+    branches: [develop, master]
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      - name: Install dependencies
+        run: |
+          pip3 install -r requirements-dev.txt
+          pip3 install -r requirements.txt
+
+      - name: Linting
+        run: |
+          make lint
+
+      - name: Unit Test
+        run: |
+          make test
+
+      - name: E2E Test
+        run: |
+          make test-e2e
+
+      - name: SonarCloud Scan
+        # if: ${{ github.event_name == 'pull_request' }}
+        # if: ${{ github.event_name == 'push' }}
+        # if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+        uses: SonarSource/sonarcloud-github-action@v1.9.1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v3

.github/workflows/docker-publish.yaml

@@ -1,19 +1,58 @@
 name: Publish Docker Images
 on:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+      - "feature/ci-actions"
   release:
-    types: [published]
+    types:
+      - published
 jobs:
   push_to_registry:
     name: Push Docker image to Docker Hub
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
         uses: actions/checkout@v2
-      - name: Push to Docker Hub
-        uses: docker/build-push-action@v1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-          repository: molu8bits/modsecurity-parser
-          tags: latest
-          tag_with_ref: true
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            molu8bits/modsecurity-parser
+
+          tags: |
+            type=semver,pattern={{version}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          #push: ${{ github.event_name != 'pull_request' }}
+          push: ${{ github.event_name == 'release' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.output.labels }}
+
+      # - name: Push to Docker Hub
+      #   uses: docker/build-push-action@v1
+      #   with:
+      #     username: ${{ secrets.DOCKER_USERNAME }}
+      #     password: ${{ secrets.DOCKER_PASSWORD }}
+      #     repository: molu8bits/modsecurity-parser
+      #     tags: latest
+      #     tag_with_ref: true

.gitignore

@@ -70,7 +70,7 @@ coverage.xml
 *.pot
 
 # Django stuff:
-*.log
+#*.log
 local_settings.py
 db.sqlite3
 
@@ -136,4 +136,4 @@ venv.bak/
 ########### molu ############
 ################################
 .molu
-sample_audit_log/modsec_output
+sample_audit_log/modsec_output/**

Dockerfile

@@ -1,8 +1,8 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 LABEL maintainer "molu8bits@gmail.com"
 LABEL description "modsecurity parse and charts via Docker"
-LABEL version "2023.03 v0.4"
+LABEL version "2023.05 v0.5"
 
 ENV DEBIAN_FRONTEND=noninteractive
 

Makefile

@@ -39,7 +39,8 @@ lint:
     # test comments
 	@echo "\n${BLUE}Running Pylint against source and test files...${NC}\n"
 	# @pylint --rcfile=setup.cfg **/*.py *.py
-	@pylint --rcfile=setup.cfg *.py
+	# @pylint --rcfile=setup.cfg *.py
+	@pylint --rcfile=setup.cfg *.py --output-format=parseable --output pylint-output.txt --exit-zero
 	@echo "\n${BLUE}Running PyDocStyle against source files...${NC}\n"
 	@pydocstyle --config=setup.cfg modsecurity_parser.py
 	@echo "\n${BLUE}Running Flake8 against source and test files...${NC}\n"
@@ -50,8 +51,8 @@ lint:
 	@echo "\n${BLUE}Running pycodestyle against source files...${NC}\n"
 	@pycodestyle modsecurity_parser.py
 	@echo "\n${BLUE}Running Code Coverage against source files...${NC}\n"
-	@pytest --cov=modsecurity_parser tests --cov-report=html
-
+	# @pytest --cov=modsecurity_parser tests --cov-report=html
+	# @pytest
 
 clean:
 	rm -rf .pytest_cache .coverage .pytest_cache coverage.xml sample_audit_log/modsec_output

README.md

@@ -1,16 +1,24 @@
 # modsecurity audit log parser, analyser and chart maker
 
-![Docker Build Status](https://img.shields.io/docker/automated/molu8bits/modsecurity-parser.svg)
-![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/molu8bits/modsecurity-parser.svg)
+![CI](https://github.com/molu8bits/modsecurity-parser/workflows/CI/badge.svg?branch=develop&event=push)
+[![codecov](https://codecov.io/gh/molu8bits/modsecurity-parser/branch/master/graph/badge.svg?token=BY0D5SNBR8)](https://codecov.io/gh/molu8bits/modsecurity-parser)
 ![Docker Image Size](https://img.shields.io/docker/image-size/molu8bits/modsecurity-parser.svg?sort=date)
 ![Docker Image Version (latest by date):](https://img.shields.io/docker/v/molu8bits/modsecurity-parser.svg?sort=date)
 ![Docker Pulls](https://img.shields.io/docker/pulls/molu8bits/modsecurity-parser.svg)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=modsecurity-parser&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=modsecurity-parser)
+[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=modsecurity-parser&metric=ncloc)](https://sonarcloud.io/summary/new_code?id=modsecurity-parser)
 
 ## TL;DR
 
 Get the overview of security incidents reported by modsecurity module from modsec_audit.log file.
 
-## 2022.01.01 update
+## 2023.05.03 update
+
+- fix showruleid #24
+- CI github actions
+- address vulnerabilities
+
+## 2023.01.01 update
 
 - renamed to modsecurity_parser
 - fix for timezone with miliseconds

modsecurity_parser.py

@@ -558,7 +558,7 @@ def modsec_view_graphs(modsec_dict):  # noqa: C901
         plt.text(0.5, 0.5, short_time_range_message, horizontalalignment='center', verticalalignment='center')
         plt.title(plot_title)
     else:
-        ex = events_df.groupby(pd.Grouper(key='date', freq=periods)).sum()
+        ex = events_df.groupby(pd.Grouper(key='date', freq=periods)).sum(numeric_only=True)
         ex.plot(ax=ax1, kind='bar', title=plot_title, stacked=True, color={'purple', 'red'}, fontsize=7, rot=45)
 
     # Bar chart "TOP 10 IP addresses"
@@ -615,7 +615,7 @@ def modsec_view_graphs(modsec_dict):  # noqa: C901
     # x_value = np.char.array(list(event_messages_ids_top20.keys()))
     y_value = np.array(list(event_messages_ids_top20.values()))
     labels = [
-        'f{i} --> {j} hits' for i, j in zip(event_messages_ids_top20.keys(),
+        f'{i} --> {j} hits' for i, j in zip(event_messages_ids_top20.keys(),
                                             event_messages_ids_top20.values())]
     if len(event_messages_ids_top20.keys()) >= 1:
         patches, labels, dummy = zip(*sorted(zip(patches, labels, y_value),

requirements-dev.txt

@@ -10,3 +10,4 @@ bandit
 pytest
 pytest-cov
 codecov
+pydocstyle

requirements.txt

@@ -1,6 +1,6 @@
 #numpy==1.19.2
-numpy==1.22.4
+numpy==1.24.2
 matplotlib==3.3.2
-pillow==9.2.0
-pandas==1.1.3
+pillow==9.3.0
+pandas==1.5.3
 openpyxl==2.4.2

sample_audit_log/modsec_audit_v2.log

@@ -0,0 +1,152 @@
+--622ca252-A--
+[01/May/2018:08:05:00 +0200] WugN3pjbflCiqw4yEJ3nggAAAAk 172.16.0.2 22387 192.168.0.1 80
+--622ca252-B--
+GET /phpmyadmin/index.php HTTP/1.1
+User-Agent: Mozilla/5.0
+Host: 192.168.0.1
+Connection: Keep-Alive
+Cache-Control: no-cache
+
+--622ca252-F--
+HTTP/1.1 403 Forbidden
+Content-Length: 222
+Keep-Alive: timeout=5, max=99
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
+--622ca252-E--
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>403 Forbidden</title>
+</head><body>
+<h1>Forbidden</h1>
+<p>You don't have permission to access /phpmyadmin/index.php
+on this server.</p>
+</body></html>
+
+--622ca252-H--
+Message: Access denied with code 403 (phase 1). Pattern match "/phpmyadmin" at REQUEST_FILENAME. [file "/etc/httpd/conf.d/mod_security.conf"] [line "94"] [id "10000"] [msg "Blocking access to /phpmyadmin/index.php."] [tag "Blacklist Rules"]
+Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.16.0.2] ModSecurity: Access denied with code 403 (phase 1). Pattern match "/phpmyadmin" at REQUEST_FILENAME. [file "/etc/httpd/conf.d/mod_security.conf"] [line "94"] [id "10000"] [msg "Blocking access to /phpmyadmin/index.php."] [tag "Blacklist Rules"] [hostname "192.168.0.1"] [uri "/phpmyadmin/index.php"] [unique_id "WugN3pjbflCiqw4yEJ3nggAAAAk"]
+Action: Intercepted (phase 1)
+Stopwatch: 1525157342927546 578 (- - -)
+Stopwatch2: 1525157342927546 578; combined=125, p1=53, p2=0, p3=0, p4=0, p5=72, sr=0, sw=0, l=0, gc=0
+Response-Body-Transformed: Dechunked
+Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.2.
+Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
+Engine-Mode: "ENABLED"
+
+--622ca252-Z--
+
+--68a39c63-A--
+[01/May/2018:08:10:20 +0200] WvGgdU9AURJlp7Ta7HNRzAAAAAE 10.5.6.7 37346 192.168.0.1 443
+--68a39c63-B--
+GET /favicon.ico HTTP/1.1
+Host: 192.168.0.1
+Connection: keep-alive
+Accept-Encoding: gzip, deflate
+Accept: */*
+User-Agent: python-requests/2.13.0
+
+--68a39c63-F--
+HTTP/1.1 404 Not Found
+Content-Length: 209
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
+--68a39c63-E--
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>404 Not Found</title>
+</head><body>
+<h1>Not Found</h1>
+<p>The requested URL /favicon.ico was not found on this server.</p>
+</body></html>
+
+--68a39c63-H--
+Message: Warning. Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "164"] [id "913101"] [rev "1"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.13.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"]
+Message: Warning. Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/conf.d/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.0.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
+Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 10.5.6.7] ModSecurity: Warning. Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "164"] [id "913101"] [rev "1"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.13.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "192.168.0.1"] [uri "/favicon.ico"] [unique_id "WvGgdU9AURJlp7Ta7HNRzAAAAAE"]
+Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 10.5.6.7] ModSecurity: Warning. Pattern match "^[\\\\\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/conf.d/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.0.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "192.168.0.1"] [uri "/favicon.ico"] [unique_id "WvGgdU9AURJlp7Ta7HNRzAAAAAE"]
+Stopwatch: 1525784693307805 2777 (- - -)
+Stopwatch2: 1525784693307805 2777; combined=2021, p1=694, p2=748, p3=58, p4=209, p5=224, sr=328, sw=88, l=0, gc=0
+Response-Body-Transformed: Dechunked
+Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.2.
+Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
+Engine-Mode: "ENABLED"
+
+--68a39c63-Z--
+
+
+--c2578d7b-A--
+[05/May/2018:03:30:12 +0200] WvTyJHKtCFt-nNhJ4VGG9QAAAAg 172.16.0.2 45736 192.168.0.1 443
+--c2578d7b-B--
+HEAD /index.php HTTP/1.1
+Host: 192.168.0.1
+Accept: */*
+Accept-Encoding: gzip, deflate
+User-Agent: python-requests/2.18.4
+Connection: keep-alive
+
+--c2578d7b-F--
+HTTP/1.1 404 Not Found
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
+--c2578d7b-E--
+
+--c2578d7b-H--
+Message: Warning. Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "164"] [id "913101"] [rev "1"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.18.4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"]
+Message: Warning. Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/conf.d/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.0.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
+Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.16.0.2] ModSecurity: Warning. Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "164"] [id "913101"] [rev "1"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.18.4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "192.168.0.1"] [uri "/index.php"] [unique_id "WvTyJHKtCFt-nNhJ4VGG9QAAAAg"]
+Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.16.0.2] ModSecurity: Warning. Pattern match "^[\\\\\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/conf.d/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.0.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "192.168.0.1"] [uri "/index.php"] [unique_id "WvTyJHKtCFt-nNhJ4VGG9QAAAAg"]
+Stopwatch: 1526002212715379 3565 (- - -)
+Stopwatch2: 1526002212715379 3565; combined=2244, p1=885, p2=860, p3=66, p4=119, p5=214, sr=539, sw=100, l=0, gc=0
+Response-Body-Transformed: Dechunked
+Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.2.
+Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
+Engine-Mode: "ENABLED"
+
+--c2578d7b-Z--
+
+--7b0b0a73-A--
+[09/May/2018:09:09:53 +0200] Wu0TYfl141Zko07xKZQLRwAAAAI 10.9.8.7 54171 192.168.0.1 443
+--7b0b0a73-B--
+GET /verifylogin.do HTTP/1.1
+Connection: Keep-Alive
+Content-Type: %{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(#ros.println(55*55+1)).(#ros.flush())}
+Accept: */*
+Accept-Language: zh-cn
+Referer: https://192.168.0.1:443/verifylogin.do
+User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
+Host: 192.168.0.1
+
+--7b0b0a73-F--
+HTTP/1.1 404 Not Found
+Content-Length: 212
+Keep-Alive: timeout=5, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
+--7b0b0a73-E--
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>404 Not Found</title>
+</head><body>
+<h1>Not Found</h1>
+<p>The requested URL /verifylogin.do was not found on this server.</p>
+</body></html>
+
+--7b0b0a73-H--
+Message: Warning. Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/conf.d/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.0.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
+Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 10.9.8.7] ModSecurity: Warning. Pattern match "^[\\\\\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/httpd/conf.d/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.0.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "192.168.0.1"] [uri "/verifylogin.do"] [unique_id "Wu0TYfl141Zko07xKZQLRwAAAAI"]
+Stopwatch: 1525486433569262 3185 (- - -)
+Stopwatch2: 1525486433569262 3185; combined=1985, p1=810, p2=812, p3=56, p4=191, p5=115, sr=399, sw=1, l=0, gc=0
+Response-Body-Transformed: Dechunked
+Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.2.
+Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
+Engine-Mode: "ENABLED"
+
+
+--7b0b0a73-Z--