patterns/waf_patterns/apache/generic.conf

# Apache ModSecurity rules for GENERIC
SecRuleEngine On

SecRule REQUEST_URI "@\{\.\*\}" "id:1048,phase:1,deny,status:403,log,msg:'generic attack detected'"
SecRule REQUEST_URI "while\[sv\]\*\(\[sv\(\]\*\(\?:!\+\(\?:false\|null\|undefined\|NaN\|\[\+\-\]\?0\|"\{2\}\|'\{2\}\|`\{2\}\)\|\(\?:!!\)\*\(\?:\(\?:t\(\?:rue\|his\)\|\[\+\-\]\?\(\?:Infinity\|\[1\-9\]\[0\-9\]\*\)\|new\ \[A\-Za\-z\]\[0\-9A\-Z_a\-z\]\*\|window\|String\|\(\?:Boolea\|Functio\)n\|Object\|Array\)b\|\{\.\*\}\|\[\.\*\]\|"\[\^"\]\+"\|'\[\^'\]\+'\|`\[\^`\]\+`\)\)\.\*\)" "id:1046,phase:1,deny,status:403,log,msg:'generic attack detected'"
SecRule REQUEST_URI "\[s\*constructors\*\]" "id:1047,phase:1,deny,status:403,log,msg:'generic attack detected'"
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:35:03 UTC 2024] 2024-12-21 00:35:03 +00:00			`# Apache ModSecurity rules for GENERIC`
			`SecRuleEngine On`

Update: [Thu Jan 16 00:26:08 UTC 2025] 2025-01-16 00:26:08 +00:00			`SecRule REQUEST_URI "@\{\.\*\}" "id:1048,phase:1,deny,status:403,log,msg:'generic attack detected'"`
			SecRule REQUEST_URI "while\[sv\]\\(\[sv\(\]\\(\?:!\+\(\?:false\\|null\\|undefined\\|NaN\\|\[\+\-\]\?0\\|"\{2\}\\|'\{2\}\\|`\{2\}\)\\|\(\?:!!\)\\(\?:\(\?:t\(\?:rue\\|his\)\\|\[\+\-\]\?\(\?:Infinity\\|\[1\-9\]\[0\-9\]\\)\\|new\ \[A\-Za\-z\]\[0\-9A\-Z_a\-z\]\\\|window\\|String\\|\(\?:Boolea\\|Functio\)n\\|Object\\|Array\)b\\|\{\.\\}\\|\[\.\\]\\|"\[\^"\]\+"\\|'\[\^'\]\+'\\|`\[\^`\]\+`\)\)\.\\)" "id:1046,phase:1,deny,status:403,log,msg:'generic attack detected'"
			`SecRule REQUEST_URI "\[s\constructors\\]" "id:1047,phase:1,deny,status:403,log,msg:'generic attack detected'"`