mirror/caddy-waf
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/caddy-waf.git synced 2025-12-23 22:27:46 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
caddy-waf/rules/spiderlabs.json
fab d3343d9b06 Create spiderlabs.json
2025-01-13 12:45:50 +01:00

5908 lines
126 KiB
JSON
Raw Permalink Blame History

[
{
"id": "901001",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901100",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901110",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901120",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901125",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901130",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901140",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901141",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901142",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901143",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901150",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901152",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901160",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901162",
"phase": 2,
"pattern": "@eq 0",
"targets": [
"CONTENT_TYPE"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901168",
"phase": 2,
"pattern": "@eq 0",
"targets": [
"CONTENT_TYPE"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901163",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901164",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901165",
"phase": 2,
"pattern": "@eq 0",
"targets": [
"HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901166",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901167",
"phase": 2,
"pattern": "@eq 0",
"targets": [
"BODY",
"URL"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901318",
"phase": 2,
"pattern": "@rx ^.*$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901340",
"phase": 2,
"pattern": "!@rx (?:URLENCODED|MULTIPART|XML|JSON)",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901350",
"phase": 2,
"pattern": "@eq 1",
"targets": [
"BODY",
"URL"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901400",
"phase": 2,
"pattern": "@eq 100",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901410",
"phase": 2,
"pattern": "@rx ^.",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901420",
"phase": 2,
"pattern": "@rx (..)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901430",
"phase": 2,
"pattern": "@rx ^[a-f]*([0-9])[a-f]*([0-9])",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901440",
"phase": 2,
"pattern": "@rx ^0([0-9])",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901450",
"phase": 2,
"pattern": "!@lt %{tx.sampling_percentage}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "901500",
"phase": 2,
"pattern": "@lt %{tx.paranoia_level}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001000",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001110",
"phase": 2,
"pattern": "@endsWith /core/install.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001112",
"phase": 2,
"pattern": "@endsWith /user/login",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001114",
"phase": 2,
"pattern": "@endsWith /admin/people/create",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001116",
"phase": 2,
"pattern": "@rx /user/[0-9]+/edit$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001122",
"phase": 2,
"pattern": "@contains /admin/config/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001124",
"phase": 2,
"pattern": "@endsWith /admin/config/people/accounts",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001126",
"phase": 2,
"pattern": "@endsWith /admin/config/development/configuration/single/import",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001128",
"phase": 2,
"pattern": "@endsWith /admin/config/development/maintenance",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001140",
"phase": 2,
"pattern": "@endsWith /contextual/render",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001170",
"phase": 2,
"pattern": "@endsWith /admin/config/content/formats/manage/full_html",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001180",
"phase": 2,
"pattern": "@streq POST",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001182",
"phase": 2,
"pattern": "@streq POST",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001184",
"phase": 2,
"pattern": "@streq POST",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001200",
"phase": 2,
"pattern": "@endsWith /node/add/article",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001202",
"phase": 2,
"pattern": "@endsWith /node/add/page",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001204",
"phase": 2,
"pattern": "@rx /node/[0-9]+/edit$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001206",
"phase": 2,
"pattern": "@endsWith /block/add",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001208",
"phase": 2,
"pattern": "@endsWith /admin/structure/block/block-content/manage/basic",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001210",
"phase": 2,
"pattern": "@rx /editor/filter_xss/(?:full|basic)_html$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001212",
"phase": 2,
"pattern": "@rx /user/[0-9]+/contact$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001214",
"phase": 2,
"pattern": "@endsWith /admin/config/development/maintenance",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9001216",
"phase": 2,
"pattern": "@endsWith /admin/config/services/rss-publishing",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002000",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002001",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002100",
"phase": 2,
"pattern": "@endsWith /wp-login.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002120",
"phase": 2,
"pattern": "@endsWith /wp-login.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002130",
"phase": 2,
"pattern": "@endsWith /wp-comments-post.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002140",
"phase": 2,
"pattern": "@rx /wp-json/wp/v[0-9]+/(?:posts|pages)",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002141",
"phase": 2,
"pattern": "@endsWith /index.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002150",
"phase": 2,
"pattern": "@streq on",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002160",
"phase": 2,
"pattern": "@streq on",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002200",
"phase": 2,
"pattern": "@endsWith /wp-cron.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002300",
"phase": 2,
"pattern": "@rx ^[0-9a-f]+\\|\\|\\d+\\|\\|\\d+$",
"targets": [
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002400",
"phase": 2,
"pattern": "!@contains /wp-admin/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002401",
"phase": 2,
"pattern": "!@contains /wp-admin/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002410",
"phase": 2,
"pattern": "@endsWith /wp-admin/setup-config.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002420",
"phase": 2,
"pattern": "@endsWith /wp-admin/install.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002520",
"phase": 2,
"pattern": "@endsWith /wp-admin/profile.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002530",
"phase": 2,
"pattern": "@endsWith /wp-admin/user-edit.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002540",
"phase": 2,
"pattern": "@endsWith /wp-admin/user-new.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002700",
"phase": 2,
"pattern": "@endsWith /wp-admin/post.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002710",
"phase": 2,
"pattern": "@endsWith /wp-admin/admin-ajax.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002720",
"phase": 2,
"pattern": "@endsWith /wp-admin/nav-menus.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002730",
"phase": 2,
"pattern": "@endsWith /wp-admin/admin-ajax.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002740",
"phase": 2,
"pattern": "@endsWith /wp-admin/admin-ajax.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002750",
"phase": 2,
"pattern": "@endsWith /wp-admin/admin-ajax.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002760",
"phase": 2,
"pattern": "@endsWith /wp-admin/admin-ajax.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002770",
"phase": 2,
"pattern": "@endsWith /wp-admin/admin-ajax.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002800",
"phase": 2,
"pattern": "@endsWith /wp-admin/options.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002810",
"phase": 2,
"pattern": "@endsWith /wp-admin/options-permalink.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002820",
"phase": 2,
"pattern": "@endsWith /wp-admin/options.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002830",
"phase": 2,
"pattern": "@endsWith /wp-admin/edit.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9002900",
"phase": 2,
"pattern": "@rx /wp-admin/load-(?:scripts|styles)\\.php$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003330",
"phase": 2,
"pattern": "@rx /(?:remote.php|index.php)/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003610",
"phase": 2,
"pattern": "@endsWith /index.php/apps/files/ajax/upload.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003000",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003001",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003100",
"phase": 2,
"pattern": "@contains /remote.php/webdav",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003105",
"phase": 2,
"pattern": "@streq PUT",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003110",
"phase": 2,
"pattern": "@contains /remote.php/dav/files/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003115",
"phase": 2,
"pattern": "@rx ^(?:PUT|MOVE)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003116",
"phase": 2,
"pattern": "@streq PUT",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003120",
"phase": 2,
"pattern": "@contains /remote.php/dav/files/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003121",
"phase": 2,
"pattern": "@streq REPORT",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003125",
"phase": 2,
"pattern": "@contains /index.php/core/search",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003130",
"phase": 2,
"pattern": "@rx /(?:remote|index|public)\\.php/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003140",
"phase": 2,
"pattern": "@rx /ocs/v[0-9]+\\.php/apps/files_sharing/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003150",
"phase": 2,
"pattern": "@contains /index.php/core/preview.png",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003155",
"phase": 2,
"pattern": "@contains /index.php/apps/files_trashbin/ajax/preview.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003160",
"phase": 2,
"pattern": "@rx /index\\.php/(?:apps/gallery/thumbnails|logout$)",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003300",
"phase": 2,
"pattern": "@contains /index.php/apps/ownnote/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003310",
"phase": 2,
"pattern": "@contains /index.php/apps/files_texteditor/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003320",
"phase": 2,
"pattern": "@contains /remote.php/dav/addressbooks/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003321",
"phase": 2,
"pattern": "@streq PUT",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003330",
"phase": 2,
"pattern": "@contains /remote.php/dav/calendars/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003340",
"phase": 2,
"pattern": "@contains /index.php/apps/notes/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003350",
"phase": 2,
"pattern": "@contains /index.php/apps/bookmarks/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003400",
"phase": 2,
"pattern": "@contains /index.php/login",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003410",
"phase": 2,
"pattern": "@endsWith /index.php/login",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9003500",
"phase": 2,
"pattern": "@endsWith /index.php/settings/users",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004000",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004001",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004100",
"phase": 2,
"pattern": "@rx (?:/doku.php|/lib/exe/ajax.php)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004110",
"phase": 2,
"pattern": "@endsWith /lib/exe/ajax.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004130",
"phase": 2,
"pattern": "@endsWith /doku.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004200",
"phase": 2,
"pattern": "@endsWith /doku.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004300",
"phase": 2,
"pattern": "!@streq admin",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004310",
"phase": 2,
"pattern": "!@streq admin",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004320",
"phase": 2,
"pattern": "@endsWith /doku.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004370",
"phase": 2,
"pattern": "@endsWith /doku.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9004380",
"phase": 2,
"pattern": "@endsWith /doku.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9005000",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9005001",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9005100",
"phase": 2,
"pattern": "@rx ^GET /whm-server-status(?:/|/\\?auto)? HTTP/[12]\\.[01]$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006000",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006001",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006100",
"phase": 2,
"pattern": "@endsWith /proxy.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006110",
"phase": 2,
"pattern": "@rx /(?:conversations|(?:conversations|forums|threads)/.*)/draft$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006120",
"phase": 2,
"pattern": "@rx /(?:conversations/add(?:-preview)?|conversations/messages/\\d+/edit|posts/\\d+/(?:edit|preview)|(?:conversations|threads)/.*\\.\\d+/(?:add-reply|reply-preview)|forums/.*/(?:post-thread|thread-preview))$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006130",
"phase": 2,
"pattern": "@rx /posts/\\d+/quote$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006140",
"phase": 2,
"pattern": "@rx /(?:conversations|threads)/.*\\.\\d+/multi-quote$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006150",
"phase": 2,
"pattern": "@rx /threads/.*\\.\\d+/delete$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006155",
"phase": 2,
"pattern": "@rx /threads/.*\\.\\d+/feature-edit$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006160",
"phase": 2,
"pattern": "@endsWith /inline-mod/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006170",
"phase": 2,
"pattern": "@rx /(?:members/.*\\.\\d+|posts/\\d+)/warn$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006200",
"phase": 2,
"pattern": "@endsWith /index.php?editor/to-html",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006210",
"phase": 2,
"pattern": "@endsWith /index.php?editor/to-bb-code",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006220",
"phase": 2,
"pattern": "@rx /(?:account/avatar|attachments/upload)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006230",
"phase": 2,
"pattern": "@endsWith /index.php?editor/media",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006240",
"phase": 2,
"pattern": "@rx /index\\.php\\?misc/find-emoji&q=",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006300",
"phase": 2,
"pattern": "@endsWith /login/login",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006310",
"phase": 2,
"pattern": "@endsWith /register/register",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006315",
"phase": 2,
"pattern": "@rx /account-confirmation/.*\\.\\d+/email$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006320",
"phase": 2,
"pattern": "@endsWith /account/account-details",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006330",
"phase": 2,
"pattern": "@rx /lost-password/.*\\.\\d+/confirm$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006340",
"phase": 2,
"pattern": "@endsWith /account/signature",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006400",
"phase": 2,
"pattern": "@endsWith /search/search",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006410",
"phase": 2,
"pattern": "@rx /threads/.*\\.\\d+/(?:page\\d+)?$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006420",
"phase": 2,
"pattern": "@rx /search/\\d+/$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006500",
"phase": 2,
"pattern": "@endsWith /misc/contact",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006510",
"phase": 2,
"pattern": "@rx /posts/\\d+/report$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006600",
"phase": 2,
"pattern": "@endsWith /index.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006700",
"phase": 2,
"pattern": "@endsWith /index.php?dbtech-security/fingerprint",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006710",
"phase": 2,
"pattern": "@endsWith /misc/location-info",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006900",
"phase": 2,
"pattern": "!@endsWith /admin.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006901",
"phase": 2,
"pattern": "!@endsWith /admin.php",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006910",
"phase": 2,
"pattern": "@rx /admin\\.php\\?users/.*\\.\\d+/edit$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006920",
"phase": 2,
"pattern": "@rx /admin\\.php\\?users/.*\\.\\d+/save$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006930",
"phase": 2,
"pattern": "@rx /admin\\.php\\?notices/(?:.*\\.)?\\d+/save$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006940",
"phase": 2,
"pattern": "@rx /admin\\.php\\?(?:threads|users)/batch-update/action$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006950",
"phase": 2,
"pattern": "@rx /admin\\.php\\?styles/",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006960",
"phase": 2,
"pattern": "@rx /admin\\.php\\?options/update",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "9006970",
"phase": 2,
"pattern": "@rx /admin\\.php\\?(?:pages|templates)/.*/save",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "905100",
"phase": 2,
"pattern": "@streq GET /",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "905110",
"phase": 2,
"pattern": "@ipMatch 127.0.0.1,::1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910000",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910100",
"phase": 2,
"pattern": "!@rx ^$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910110",
"phase": 2,
"pattern": "@ipMatchFromFile ip_blacklist.data",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910120",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910130",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910140",
"phase": 2,
"pattern": "@rbl dnsbl.httpbl.org",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910150",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910160",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910170",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910180",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "910018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911100",
"phase": 2,
"pattern": "!@within %{tx.allowed_methods}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "911018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912100",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912110",
"phase": 2,
"pattern": "@eq 0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912120",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912130",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912140",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912150",
"phase": 2,
"pattern": "@rx .*?(\\.[a-z0-9]{1,10})?$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912160",
"phase": 2,
"pattern": "@ge %{tx.dos_counter_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912161",
"phase": 2,
"pattern": "@ge %{tx.dos_counter_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912170",
"phase": 2,
"pattern": "@ge 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912019",
"phase": 5,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912171",
"phase": 2,
"pattern": "@ge 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "912018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913100",
"phase": 2,
"pattern": "@pmFromFile scanners-user-agents.data",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913110",
"phase": 2,
"pattern": "@pmFromFile scanners-headers.data",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913120",
"phase": 2,
"pattern": "@pmFromFile scanners-urls.data",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913101",
"phase": 2,
"pattern": "@pmFromFile scripting-user-agents.data",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913102",
"phase": 2,
"pattern": "@pmFromFile crawlers-user-agents.data",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "913018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920100",
"phase": 2,
"pattern": "!@rx ^(?i:(?:[a-z]{3,10}\\s+(?:\\w{3,7}?://[\\w\\-\\./]*(?::\\d+)?)?/[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?|connect (?:\\d{1,3}\\.){3}\\d{1,3}\\.?(?::\\d+)?|options \\*)\\s+[\\w\\./]+|get /[^?#]*(?:\\?[^#\\s]*)?(?:#[\\S]*)?)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920160",
"phase": 2,
"pattern": "!@rx ^\\d+$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920170",
"phase": 2,
"pattern": "@rx ^(?:GET|HEAD)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920171",
"phase": 2,
"pattern": "@rx ^(?:GET|HEAD)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920180",
"phase": 2,
"pattern": "!@within HTTP/2 HTTP/2.0",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920181",
"phase": 2,
"pattern": "!@eq 0",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920190",
"phase": 2,
"pattern": "@rx (\\d+)-(\\d+)",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920210",
"phase": 2,
"pattern": "@rx \\b(?:keep-alive|close),\\s?(?:keep-alive|close)\\b",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920220",
"phase": 2,
"pattern": "@rx \\x25",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920250",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920260",
"phase": 2,
"pattern": "@rx \\%u[fF]{2}[0-9a-fA-F]{2}",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920270",
"phase": 2,
"pattern": "@validateByteRange 1-255",
"targets": [
"ARGS",
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920280",
"phase": 2,
"pattern": "@eq 0",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920290",
"phase": 2,
"pattern": "@rx ^$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920310",
"phase": 2,
"pattern": "@rx ^$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920311",
"phase": 2,
"pattern": "@rx ^$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920330",
"phase": 2,
"pattern": "@rx ^$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920340",
"phase": 2,
"pattern": "!@rx ^0$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920350",
"phase": 2,
"pattern": "@rx ^[\\d.:]+$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920380",
"phase": 2,
"pattern": "@eq 1",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920360",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920370",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920390",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920400",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920410",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920420",
"phase": 2,
"pattern": "@rx ^[^;\\s]+",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920430",
"phase": 2,
"pattern": "!@within %{tx.allowed_http_versions}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920440",
"phase": 2,
"pattern": "@rx \\.([^.]+)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920500",
"phase": 2,
"pattern": "@rx \\.[^.~]+~(?:/.*|)$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920450",
"phase": 2,
"pattern": "@rx ^.*$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920200",
"phase": 2,
"pattern": "@rx ^bytes=(?:(?:\\d+)?-(?:\\d+)?\\s*,?\\s*){6}",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920201",
"phase": 2,
"pattern": "@endsWith .pdf",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920230",
"phase": 2,
"pattern": "@rx %[0-9a-fA-F]{2}",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920300",
"phase": 2,
"pattern": "@eq 0",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920271",
"phase": 2,
"pattern": "@validateByteRange 9,10,13,32-126,128-255",
"targets": [
"ARGS",
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920320",
"phase": 2,
"pattern": "@eq 0",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920341",
"phase": 2,
"pattern": "!@rx ^0$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920272",
"phase": 2,
"pattern": "@validateByteRange 32-36,38-126",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920490",
"phase": 2,
"pattern": "@ge 1",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920202",
"phase": 2,
"pattern": "@endsWith .pdf",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920273",
"phase": 2,
"pattern": "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122",
"targets": [
"ARGS",
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920274",
"phase": 2,
"pattern": "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920275",
"phase": 2,
"pattern": "@validateByteRange 32,34,38,42-59,61,63,65-90,95,97-122",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "920460",
"phase": 2,
"pattern": "@rx (?:^|[^\\\\\\\\])\\\\\\\\[cdeghijklmpqwxyz123456789]",
"targets": [
"ARGS",
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921110",
"phase": 2,
"pattern": "@rx [\\n\\r]+(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\s+[^\\s]+(?:\\s+http|[\\r\\n])",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921120",
"phase": 2,
"pattern": "@rx [\\r\\n]\\W*?(?:content-(?:type|length)|set-cookie|location):",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921130",
"phase": 2,
"pattern": "@rx (?:\\bhttp\\/(?:0\\.9|1\\.[01])|<(?:html|meta)\\b)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921140",
"phase": 2,
"pattern": "@rx [\\n\\r]",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921150",
"phase": 2,
"pattern": "@rx [\\n\\r]",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921160",
"phase": 2,
"pattern": "@rx [\\n\\r]+(?:\\s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\\s*:",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921190",
"phase": 2,
"pattern": "@rx [\\n\\r]",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921200",
"phase": 2,
"pattern": "@rx ^[^:\\(\\)\\&\\|\\!\\<\\>\\~]*\\)\\s*(?:\\((?:[^,\\(\\)\\=\\&\\|\\!\\<\\>\\~]+[><~]?=|\\s*[&!|]\\s*(?:\\)|\\()?\\s*)|\\)\\s*\\(\\s*[\\&\\|\\!]\\s*|[&!|]\\s*\\([^\\(\\)\\=\\&\\|\\!\\<\\>\\~]+[><~]?=[^:\\(\\)\\&\\|\\!\\<\\>\\~]*)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921151",
"phase": 2,
"pattern": "@rx [\\n\\r]",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921170",
"phase": 2,
"pattern": "@rx .",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921180",
"phase": 2,
"pattern": "@gt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "921018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930110",
"phase": 2,
"pattern": "@rx (?:^|[\\\\/])\\.\\.(?:[\\\\/]|$)",
"targets": [
"ARGS",
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930120",
"phase": 2,
"pattern": "@pmFromFile lfi-os-files.data",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930130",
"phase": 2,
"pattern": "@pmFromFile restricted-files.data",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "930018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931100",
"phase": 2,
"pattern": "@rx ^(?i:file|ftps?|https?):\\/\\/(?:\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931120",
"phase": 2,
"pattern": "@rx ^(?i:file|ftps?|https?).*?\\?+$",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931130",
"phase": 2,
"pattern": "@rx ^(?i:file|ftps?|https?)://([^/]*).*$",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "931018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932120",
"phase": 2,
"pattern": "@pmFromFile windows-powershell-commands.data",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932130",
"phase": 2,
"pattern": "@rx (?:\\$(?:\\((?:\\(.*\\)|.*)\\)|\\{.*\\})|[<>]\\(.*\\))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932140",
"phase": 2,
"pattern": "@rx \\b(?:if(?:/i)?(?: not)?(?: exist\\b| defined\\b| errorlevel\\b| cmdextversion\\b|(?: |\\().*(?:\\bgeq\\b|\\bequ\\b|\\bneq\\b|\\bleq\\b|\\bgtr\\b|\\blss\\b|==))|for(?:/[dflr].*)? %+[^ ]+ in\\(.*\\)\\s?do)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932160",
"phase": 2,
"pattern": "@pmFromFile unix-shell.data",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932170",
"phase": 2,
"pattern": "@rx ^\\(\\s*\\)\\s+{",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932171",
"phase": 2,
"pattern": "@rx ^\\(\\s*\\)\\s+{",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932180",
"phase": 2,
"pattern": "@pmFromFile restricted-upload.data",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932190",
"phase": 2,
"pattern": "@rx (?:/|\\\\\\\\)(?:[\\?\\*]+[a-z/\\\\\\\\]+|[a-z/\\\\\\\\]+[\\?\\*]+)",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "932018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933100",
"phase": 2,
"pattern": "@rx (?:<\\?(?:[^x]|x[^m]|xm[^l]|xml[^\\s]|xml$|$)|<\\?php|\\[(?:\\/|\\\\\\\\)?php\\])",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933110",
"phase": 2,
"pattern": "@rx .*\\.(?:php\\d*|phtml)\\.*$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933120",
"phase": 2,
"pattern": "@pmFromFile php-config-directives.data",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933130",
"phase": 2,
"pattern": "@pmFromFile php-variables.data",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933200",
"phase": 2,
"pattern": "@rx (?i:zlib|glob|phar|ssh2|rar|ogg|expect|zip)://",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933150",
"phase": 2,
"pattern": "@pmFromFile php-function-names-933150.data",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933180",
"phase": 2,
"pattern": "@rx \\$+(?:[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*|\\s*{.+})(?:\\s|\\[.+\\]|{.+}|/\\*.*\\*/|//.*|#.*)*\\(.*\\)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933151",
"phase": 2,
"pattern": "@pmFromFile php-function-names-933151.data",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933131",
"phase": 2,
"pattern": "@rx (?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933111",
"phase": 2,
"pattern": "@rx .*\\.(?:php\\d*|phtml)\\..*$",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933190",
"phase": 2,
"pattern": "@pm ?>",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "933018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934100",
"phase": 2,
"pattern": "@rx (?:(?:_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|(?:new\\s+Function|\\beval)\\s*\\(|String\\s*\\.\\s*fromCharCode|function\\s*\\(\\s*\\)\\s*{|this\\.constructor)|module\\.exports\\s*=)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "934018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941100",
"phase": 2,
"pattern": "@detectXSS",
"targets": [
"ARGS",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941190",
"phase": 2,
"pattern": "@rx (?i:<style.*?>.*?(?:@[i\\\\\\\\]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(\\\\\\\\]|&#x?0*(?:40|28|92|5C);?)))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941200",
"phase": 2,
"pattern": "@rx (?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941210",
"phase": 2,
"pattern": "@rx (?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941220",
"phase": 2,
"pattern": "@rx (?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941240",
"phase": 2,
"pattern": "@rx <[?]?import[\\s\\/+\\S]*?implementation[\\s\\/+]*?=",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941260",
"phase": 2,
"pattern": "@rx (?i:<META[\\s/+].*?charset[\\s/+]*=)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941310",
"phase": 2,
"pattern": "@rx \\xbc[^\\xbe>]*[\\xbe>]|<[^\\xbe]*\\xbe",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941350",
"phase": 2,
"pattern": "@rx \\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941360",
"phase": 2,
"pattern": "@rx ![!+ ]\\[\\]",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941370",
"phase": 2,
"pattern": "@rx (?:self|document|this|top|window)\\s*(?:/\\*|[\\[)]).+?(?:\\]|\\*/)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941101",
"phase": 2,
"pattern": "@detectXSS",
"targets": [
"HEADERS",
"REQUEST_HEADERS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941320",
"phase": 2,
"pattern": "@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)\\W",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941380",
"phase": 2,
"pattern": "@rx {{.*?}}",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "941018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942100",
"phase": 2,
"pattern": "@detectSQLi",
"targets": [
"ARGS",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942140",
"phase": 2,
"pattern": "@rx (?i:\\b(?:(?:m(?:s(?:ys(?:ac(?:cess(?:objects|storage|xml)|es)|(?:relationship|object|querie)s|modules2?)|db)|aster\\.\\.sysdatabases|ysql\\.db)|pg_(?:catalog|toast)|information_schema|northwind|tempdb)\\b|s(?:(?:ys(?:\\.database_name|aux)|qlite(?:_temp)?_master)\\b|chema(?:_name\\b|\\W*\\())|d(?:atabas|b_nam)e\\W*\\())",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942160",
"phase": 2,
"pattern": "@rx (?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942170",
"phase": 2,
"pattern": "@rx (?i:(?:select|;)\\s+(?:benchmark|sleep|if)\\s*?\\(\\s*?\\(?\\s*?\\w+)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942220",
"phase": 2,
"pattern": "@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|3.0.00738585072007e-308|1e309)$",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942230",
"phase": 2,
"pattern": "@rx (?i:[\\s()]case\\s*?\\(|\\)\\s*?like\\s*?\\(|having\\s*?[^\\s]+\\s*?[^\\w\\s]|if\\s?\\([\\d\\w]\\s*?[=<>~])",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942290",
"phase": 2,
"pattern": "@rx (?i:(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\\]))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942320",
"phase": 2,
"pattern": "@rx (?i:(?:create\\s+(?:procedure|function)\\s*?\\w+\\s*?\\(\\s*?\\)\\s*?-|;\\s*?(?:declare|open)\\s+[\\w-]+|procedure\\s+analyse\\s*?\\(|declare[^\\w]+[@#]\\s*?\\w+|exec\\s*?\\(\\s*?\\@))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942350",
"phase": 2,
"pattern": "@rx (?i:(?:;\\s*?(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\b\\s*?[\\[(]?\\w{2,}|create\\s+function\\s+.+\\s+returns))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942500",
"phase": 2,
"pattern": "@rx (?i:/\\*[!+](?:[\\w\\s=_\\-()]+)?\\*/)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942361",
"phase": 2,
"pattern": "@rx (?i:^[\\W\\d]+\\s*?(?:alter|union)\\b)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942410",
"phase": 2,
"pattern": "@rx (?i:\\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:t(?:d(?:dev(?:_(?:sam|po)p)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)?|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:insert_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|r(?:a(?:wto(?:nhex(?:toraw)?|hex)|dians|nd)|e(?:p(?:lace|eat)|lease_lock|verse)|o(?:w_count|und)|ight|trim|pad)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o_(?:(?:second|day)s|base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\\W*?\\()",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942470",
"phase": 2,
"pattern": "@rx (?i:(?:xp_(?:reg(?:re(?:movemultistring|ad)|delete(?:value|key)|enum(?:value|key)s|addmultistring|write)|(?:servicecontro|cmdshel)l|e(?:xecresultset|numdsn)|ntsec(?:_enumdomains)?|terminate(?:_process)?|availablemedia|loginconfig|filelist|dirtree|makecab)|s(?:p_(?:(?:addextendedpro|sqlexe)c|p(?:assword|repare)|replwritetovarbin|is_srvrolemember|execute(?:sql)?|makewebtask|oacreate|help)|ql_(?:longvarchar|variant))|open(?:owa_util|rowset|query)|(?:n?varcha|tbcreato)r|autonomous_transaction|db(?:a_users|ms_java)|utl_(?:file|http)))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942480",
"phase": 2,
"pattern": "@rx (?i:(?:\\b(?:(?:s(?:elect\\b.{1,100}?\\b(?:(?:(?:length|count)\\b.{1,100}?|.*?\\bdump\\b.*)\\bfrom|to(?:p\\b.{1,100}?\\bfrom|_(?:numbe|cha)r)|(?:from\\b.{1,100}?\\bwher|data_typ)e|instr)|ys_context)|in(?:to\\b\\W*?\\b(?:dump|out)file|sert\\b\\W*?\\binto|ner\\b\\W*?\\bjoin)|u(?:nion\\b.{1,100}?\\bselect|tl_inaddr)|group\\b.*?\\bby\\b.{1,100}?\\bhaving|d(?:elete\\b\\W*?\\bfrom|bms_\\w+\\.)|load\\b\\W*?\\bdata\\b.*?\\binfile)\\b|print\\b\\W*?\\@\\@)|(?:;\\W*?\\b(?:shutdown|drop)|collation\\W*?\\(a|\\@\\@version)\\b|'(?:s(?:qloledb|a)|msdasql|dbo)'))",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942440",
"phase": 2,
"pattern": "@rx (?:/\\*!?|\\*/|[';]--|--[\\s\\r\\n\\v\\f]|--[^-]*?-|[^&-]#.*?[\\s\\r\\n\\v\\f]|;?\\\\x00)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942450",
"phase": 2,
"pattern": "@rx (?i:\\b0x[a-f\\d]{3,})",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942510",
"phase": 2,
"pattern": "@rx (?:`((?:[\\w\\s=_\\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\\/]{4})+(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=)?)`)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942460",
"phase": 2,
"pattern": "@rx \\W{4}",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942101",
"phase": 2,
"pattern": "@detectSQLi",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942511",
"phase": 2,
"pattern": "@rx (?:'((?:[\\w\\s=_\\-+{}()<@]){2,29}|(?:[A-Za-z0-9+\\/]{4})+(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=)?)')",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "942018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943100",
"phase": 2,
"pattern": "@rx (?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
"targets": [
"ARGS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943110",
"phase": 2,
"pattern": "@rx ^(?:jsessionid|aspsessionid|asp\\.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943120",
"phase": 2,
"pattern": "@rx ^(?:jsessionid|aspsessionid|asp\\.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$",
"targets": [
"ARGS"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "943018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944100",
"phase": 2,
"pattern": "@rx java\\.lang\\.(?:runtime|processbuilder)",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944110",
"phase": 2,
"pattern": "@rx (?:runtime|processbuilder)",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944120",
"phase": 2,
"pattern": "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944130",
"phase": 2,
"pattern": "@pmFromFile java-classes.data",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944200",
"phase": 2,
"pattern": "@rx \\xac\\xed\\x00\\x05",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944210",
"phase": 2,
"pattern": "@rx (?:rO0ABQ|KztAAU|Cs7QAF)",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944240",
"phase": 2,
"pattern": "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944250",
"phase": 2,
"pattern": "@rx java\\b.+(?:runtime|processbuilder)",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944300",
"phase": 2,
"pattern": "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)",
"targets": [
"ARGS",
"BODY",
"HEADERS",
"REQUEST_HEADERS",
"REQUEST_COOKIES"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "944018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949060",
"phase": 2,
"pattern": "@ge 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949061",
"phase": 2,
"pattern": "@ge 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949062",
"phase": 2,
"pattern": "@ge 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949063",
"phase": 2,
"pattern": "@ge 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949100",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949110",
"phase": 2,
"pattern": "@ge %{tx.inbound_anomaly_score_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "949018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950020",
"phase": 3,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950021",
"phase": 4,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950130",
"phase": 2,
"pattern": "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>\\[To Parent Directory\\]<\\/[Aa]><br>)",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950140",
"phase": 2,
"pattern": "@rx ^#\\!\\s?/",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950013",
"phase": 3,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950014",
"phase": 4,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950100",
"phase": 2,
"pattern": "@rx ^5\\d{2}$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950015",
"phase": 3,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950016",
"phase": 4,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950017",
"phase": 3,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "950022",
"phase": 4,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951011",
"phase": 3,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951012",
"phase": 4,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951100",
"phase": 2,
"pattern": "@pmFromFile sql-errors.data",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951110",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951120",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951130",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951140",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951150",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951160",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951170",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951180",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951190",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951200",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951210",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951220",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951230",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951240",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951250",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951260",
"phase": 2,
"pattern": "@eq 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951013",
"phase": 3,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951014",
"phase": 4,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951015",
"phase": 3,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951016",
"phase": 4,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951017",
"phase": 3,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "951018",
"phase": 4,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952011",
"phase": 3,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952012",
"phase": 4,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952100",
"phase": 2,
"pattern": "@pmFromFile java-code-leakages.data",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952110",
"phase": 2,
"pattern": "@pmFromFile java-errors.data",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952013",
"phase": 3,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952014",
"phase": 4,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952015",
"phase": 3,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952016",
"phase": 4,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952017",
"phase": 3,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "952018",
"phase": 4,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953011",
"phase": 3,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953012",
"phase": 4,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953100",
"phase": 2,
"pattern": "@pmFromFile php-errors.data",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953110",
"phase": 2,
"pattern": "@rx (?:\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\\$_(?:(?:pos|ge)t|session))\\b",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953120",
"phase": 2,
"pattern": "@rx <\\?(?!xml)",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953013",
"phase": 3,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953014",
"phase": 4,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953015",
"phase": 3,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953016",
"phase": 4,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953017",
"phase": 3,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "953018",
"phase": 4,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954011",
"phase": 3,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954012",
"phase": 4,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954100",
"phase": 2,
"pattern": "@rx [a-z]:\\\\\\\\inetpub\\b",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954110",
"phase": 2,
"pattern": "@rx (?:Microsoft OLE DB Provider for SQL Server(?:<\\/font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| \\(0x80040e31\\)<br>Timeout expired<br>)|<h1>internal server error<\\/h1>.*?<h2>part of the server has crashed or it has a configuration error\\.<\\/h2>|cannot connect to the server: timed out)",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954120",
"phase": 2,
"pattern": "@rx (?:\\b(?:A(?:DODB\\.Command\\b.{0,100}?\\b(?:Application uses a value of the wrong type for the current operation\\b|error')| trappable error occurred in an external object\\. The script cannot continue running\\b)|Microsoft VBScript (?:compilation (?:\\(0x8|error)|runtime (?:Error|\\(0x8))\\b|Object required: '|error '800)|<b>Version Information:<\\/b>(?:&nbsp;|\\s)(?:Microsoft \\.NET Framework|ASP\\.NET) Version:|>error 'ASP\\b|An Error Has Occurred|>Syntax error in string in query expression|\\/[Ee]rror[Mm]essage\\.aspx?\\?[Ee]rror\\b)",
"targets": [
"BODY"
],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954130",
"phase": 2,
"pattern": "!@rx ^404$",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954013",
"phase": 3,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954014",
"phase": 4,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954015",
"phase": 3,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954016",
"phase": 4,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954017",
"phase": 3,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "954018",
"phase": 4,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959060",
"phase": 2,
"pattern": "@ge 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959061",
"phase": 2,
"pattern": "@ge 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959062",
"phase": 2,
"pattern": "@ge 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959063",
"phase": 2,
"pattern": "@ge 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959100",
"phase": 2,
"pattern": "@ge %{tx.outbound_anomaly_score_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959011",
"phase": 3,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959012",
"phase": 4,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959013",
"phase": 3,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959014",
"phase": 4,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959015",
"phase": 3,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959016",
"phase": 4,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959017",
"phase": 3,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "959018",
"phase": 4,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980100",
"phase": 2,
"pattern": "@ge 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980110",
"phase": 2,
"pattern": "@ge 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980120",
"phase": 2,
"pattern": "@lt %{tx.inbound_anomaly_score_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980130",
"phase": 2,
"pattern": "@ge %{tx.inbound_anomaly_score_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980140",
"phase": 2,
"pattern": "@ge %{tx.outbound_anomaly_score_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980150",
"phase": 2,
"pattern": "@lt %{tx.outbound_anomaly_score_threshold}",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980011",
"phase": 1,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980012",
"phase": 2,
"pattern": "@lt 1",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980013",
"phase": 1,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980014",
"phase": 2,
"pattern": "@lt 2",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980015",
"phase": 1,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980016",
"phase": 2,
"pattern": "@lt 3",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980017",
"phase": 1,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
},
{
"id": "980018",
"phase": 2,
"pattern": "@lt 4",
"targets": [],
"severity": "LOW",
"action": "log",
"score": 1,
"description": "No description provided."
}
]
Reference in New Issue View Git Blame Copy Permalink