patterns/waf_patterns/apache/evaluation.conf

# Apache ModSecurity rules for EVALUATION
SecRuleEngine On

SecRule REQUEST_URI "@ge 1" "id:1468,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1469,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1470,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1471,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1472,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1473,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1474,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1475,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1476,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1477,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1478,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1479,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1480,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1481,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1482,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1483,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1484,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1485,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1486,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1487,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1488,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1489,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1490,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1491,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1492,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1493,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1494,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1600,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1601,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1602,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1603,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1604,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1605,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1606,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1607,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1608,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1609,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1610,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 2" "id:1611,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1612,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 3" "id:1613,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1614,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge 4" "id:1615,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1616,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1617,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1618,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1619,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1620,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1621,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1622,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1623,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1624,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1625,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1626,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
Automated update: OWASP CRS to Caddy and Nginx WAF rules [Sat Dec 21 00:35:03 UTC 2024] 2024-12-21 00:35:03 +00:00			`# Apache ModSecurity rules for EVALUATION`
			`SecRuleEngine On`

Update: [Fri Jan 3 12:26:53 UTC 2025] 2025-01-03 12:26:53 +00:00			`SecRule REQUEST_URI "@ge 1" "id:1468,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1469,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1470,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1471,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1472,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1473,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1474,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1475,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1476,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1477,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1478,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1479,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1480,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1481,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1482,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1483,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1484,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1485,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1486,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 1" "id:1487,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 1" "id:1488,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1489,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1490,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1491,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1492,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1493,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1494,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1600,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1601,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1602,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1603,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1604,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1605,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1606,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1607,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1608,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 1" "id:1609,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1610,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 2" "id:1611,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1612,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 3" "id:1613,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1614,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge 4" "id:1615,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1616,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@eq 1" "id:1617,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1618,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 1" "id:1619,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 1" "id:1620,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1621,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 2" "id:1622,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1623,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 3" "id:1624,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1625,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`
			`SecRule REQUEST_URI "@lt 4" "id:1626,phase:1,deny,status:403,log,msg:'evaluation attack detected'"`