Update OWASP CRS rules to v4.24.0

Automated update via update-feed.sh CRS version: v4.24.0 Rules extracted: 180
2026-03-08 15:47:17 +00:00
parent d5f1a7fd28
commit 4a68d2c9be
1 changed files with 0 additions and 74 deletions
--- a/rulesets.json
+++ b/rulesets.json
@@ -568,80 +568,6 @@
      ]
    },
    {
-      "id": "crs-multipart-attack",
-      "name": "CRS Multipart Attack",
-      "version": "4.24.0",
-      "source": "owasp-crs",
-      "description": "OWASP CRS v4.24.0 — CRS Multipart Attack (3 rules)",
-      "author": "OWASP CRS Project",
-      "priority": 10,
-      "enabled": true,
-      "rules": [
-        {
-          "id": "922110",
-          "name": "Illegal MIME Multipart Header content-type: charset parameter",
-          "pattern": "^(?:(?:\\*|[^!\"\\(\\),/:-\\?\\[-\\]\\{\\}]+)/(?:\\*|[^!\"\\(\\),/:-\\?\\[-\\]\\{\\}]+)|\\*)(?:[\\s\\x0b]*;[\\s\\x0b]*(?:charset[\\s\\x0b]*=[\\s\\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\\b\"?|(?:[^\\s\\x0b-\"\\(\\),/:-\\?\\[-\\]c\\{\\}]|c(?:[^!\"\\(\\),/:-\\?\\[-\\]h\\{\\}]|h(?:[^!\"\\(\\),/:-\\?\\[-\\]a\\{\\}]|a(?:[^!\"\\(\\),/:-\\?\\[-\\]r\\{\\}]|r(?:[^!\"\\(\\),/:-\\?\\[-\\]s\\{\\}]|s(?:[^!\"\\(\\),/:-\\?\\[-\\]e\\{\\}]|e[^!\"\\(\\),/:-\\?\\[-\\]t\\{\\}]))))))[^!\"\\(\\),/:-\\?\\[-\\]\\{\\}]*[\\s\\x0b]*=[\\s\\x0b]*[^!\\(\\),/:-\\?\\[-\\]\\{\\}]+);?)*(?:[\\s\\x0b]*,[\\s\\x0b]*(?:(?:\\*|[^!\"\\(\\),/:-\\?\\[-\\]\\{\\}]+)/(?:\\*|[^!\"\\(\\),/:-\\?\\[-\\]\\{\\}]+)|\\*)(?:[\\s\\x0b]*;[\\s\\x0b]*(?:charset[\\s\\x0b]*=[\\s\\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\\b\"?|(?:[^\\s\\x0b-\"\\(\\),/:-\\?\\[-\\]c\\{\\}]|c(?:[^!\"\\(\\),/:-\\?\\[-\\]h\\{\\}]|h(?:[^!\"\\(\\),/:-\\?\\[-\\]a\\{\\}]|a(?:[^!\"\\(\\),/:-\\?\\[-\\]r\\{\\}]|r(?:[^!\"\\(\\),/:-\\?\\[-\\]s\\{\\}]|s(?:[^!\"\\(\\),/:-\\?\\[-\\]e\\{\\}]|e[^!\"\\(\\),/:-\\?\\[-\\]t\\{\\}]))))))[^!\"\\(\\),/:-\\?\\[-\\]\\{\\}]*[\\s\\x0b]*=[\\s\\x0b]*[^!\\(\\),/:-\\?\\[-\\]\\{\\}]+);?)*)*$",
-          "targets": [
-            "all"
-          ],
-          "action": "block",
-          "score": 10,
-          "severity": "critical",
-          "category": "protocol",
-          "enabled": true,
-          "tags": [
-            "attack-multipart-header",
-            "attack-protocol",
-            "paranoia-level/1",
-            "OWASP_CRS",
-            "OWASP_CRS/MULTIPART-ATTACK",
-            "capec/272/220"
-          ]
-        },
-        {
-          "id": "922120",
-          "name": "Content-Transfer-Encoding was deprecated by rfc7578 in 2015 and should not be used",
-          "pattern": "content-transfer-encoding:(.*)",
-          "targets": [
-            "all"
-          ],
-          "action": "block",
-          "score": 10,
-          "severity": "critical",
-          "category": "protocol",
-          "enabled": true,
-          "tags": [
-            "attack-multipart-header",
-            "attack-deprecated-header",
-            "paranoia-level/1",
-            "OWASP_CRS",
-            "OWASP_CRS/MULTIPART-ATTACK",
-            "capec/272/220"
-          ]
-        },
-        {
-          "id": "922130",
-          "name": "Multipart header contains characters outside of valid range",
-          "pattern": "[^\\x21-\\x7E][\\x21-\\x39\\x3B-\\x7E]*:",
-          "targets": [
-            "all"
-          ],
-          "action": "block",
-          "score": 10,
-          "severity": "critical",
-          "category": "protocol",
-          "enabled": true,
-          "tags": [
-            "attack-multipart-header",
-            "paranoia-level/1",
-            "OWASP_CRS",
-            "OWASP_CRS/MULTIPART-ATTACK",
-            "capec/272/220"
-          ]
-        }
-      ]
-    },
-    {
      "id": "crs-lfi",
      "name": "CRS Local File Inclusion (LFI)",
      "version": "4.24.0",