# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.0
# Copyright (C) 2006-2011 Trustwave All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under 
# Apache Software License (ASL) version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


#
# Credit Card Track 1 and 2 and PAN Leakage Checks
#
SecRule RESPONSE_BODY "\%[Bb][3456][0-9]{3,3}[\x20\-]{0,3}[0-9]{4,6}[\x20\-]{0,3}[0-9]{2,5}[\x20\-]{0,3}[0-9]{0,4}\^[^\^]+\^[0-9]+\?" \
	"phase:4,t:none,block,msg:'Possible Credit Card Track 1 Data Leakage.',severity:'1',id:'920021',tag:'WASCTC/5.2',tag:'PCI/3.3',setvar:tx.anomaly_score=+{tx.critical_anomaly_score},setvar:tx.%{rule.id}-LEAKAGE/CC-%{matched_var_name}=%{tx.0}"

SecRule RESPONSE_BODY "\;[3456][0-9]{3,3}[\x20\-]{0,3}[0-9]{4,6}[\x20\-]{0,3}[0-9]{2,5}[\x20\-]{0,3}[0-9]{0,4}[=Dd][0-9]+\?" \
        "phase:4,t:none,block,msg:'Possible Credit Card Track 2 Data Leakage.',severity:'1',id:'920022',tag:'WASCTC/5.2',tag:'PCI/3.3',setvar:tx.anomaly_score=+{tx.critical_anomaly_score},setvar:tx.%{rule.id}-LEAKAGE/CC-%{matched_var_name}=%{tx.0}"

SecRule RESPONSE_BODY "[^0-9][3456][0-9]{3,3}[\x20\-]{0,3}[0-9]{4,6}[\x20\-]{0,3}[0-9]{2,5}[\x20\-]{0,3}[0-9]{0,4}[^0-9]" \
        "phase:4,t:none,block,msg:'Possible Credit Card PAN Data Leakage.',severity:'1',id:'920023',tag:'WASCTC/5.2',tag:'PCI/3.3',setvar:tx.anomaly_score=+{tx.critical_anomaly_score},setvar:tx.%{rule.id}-LEAKAGE/CC-%{matched_var_name}=%{tx.0}"