Update: [Thu Jan 9 00:26:35 UTC 2025]

2025-12-29 16:15:12 +00:00 · 2025-01-09 00:26:35 +00:00
parent ed5a5bc855
commit 0c41e95847
40 changed files with 3268 additions and 3268 deletions
--- a/waf_patterns/apache/enforcement.conf
+++ b/waf_patterns/apache/enforcement.conf
@@ -1,82 +1,82 @@
 # Apache ModSecurity rules for ENFORCEMENT
 SecRuleEngine On

-SecRule REQUEST_URI "\^\$" "id:1127,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\.\[\^\.\~\]\+\~\(\?:/\.\*\|\)\$" "id:1155,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@endsWith\ \.pdf" "id:1165,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\(\?:GET\|HEAD\)\$" "id:1109,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@within\ %\{tx\.restricted_extensions\}" "id:1154,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^0\$" "id:1134,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 1" "id:1121,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1114,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "%u\[fF\]\{2\}\[0\-9a\-fA\-F\]\{2\}" "id:1123,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1132,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "charsets\*=s\*\["'\]\?\(\[\^;"'s\]\+\)" "id:1151,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{6\}" "id:1183,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@within\ %\{tx\.restricted_headers_basic\}" "id:1157,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\(\?:GET\|HEAD\)\$" "id:1111,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ 0" "id:1180,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^OPTIONS\$" "id:1131,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@streq\ JSON" "id:1159,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@pm\ AppleWebKit\ Android" "id:1178,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1125,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateUrlEncoding" "id:1120,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^\[w/\.\+\*\-\]\+\(\?:s\?;s\?\(\?:action\|boundary\|charset\|component\|start\(\?:\-info\)\?\|type\|version\)s\?=s\?\['"w\.\(\)\+,/:=\?<>@\#\*\-\]\+\)\*\$" "id:1149,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@endsWith\ \.pdf" "id:1164,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@within\ %\{tx\.restricted_headers_extended\}" "id:1174,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\.\*\$" "id:1156,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange\ 32\-36,38\-126" "id:1175,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\(\?:\^\(\[d\.\]\+\|\[\[da\-f:\]\+\]\|\[da\-f:\]\+\)\(:\[d\]\+\)\?\$\)" "id:1136,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@ge\ 1" "id:1179,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "charset\.\*\?charset" "id:1152,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ %\{tx\.max_num_args\}" "id:1138,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@streq\ POST" "id:1112,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 1" "id:1137,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^\(\?:OPTIONS\|CONNECT\)\$" "id:1177,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "x25" "id:1117,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ 50" "id:1158,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 1" "id:1139,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "x25" "id:1119,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange\ 1\-255" "id:1124,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^OPTIONS\$" "id:1128,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ %\{tx\.total_arg_length\}" "id:1144,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@contains\ \#" "id:1161,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\.\(\[\^\.\]\+\)\$" "id:1153,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1113,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\(d\+\)\-\(d\+\)" "id:1115,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 1" "id:1141,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ %\{tx\.combined_file_sizes\}" "id:1148,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@pm\ AppleWebKit\ Android\ Business\ Enterprise\ Entreprise" "id:1129,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ %\{tx\.arg_name_length\}" "id:1140,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^d\+\$" "id:1108,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 1" "id:1143,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\$" "id:1133,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1172,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange\ 32,34,38,42\-59,61,65\-90,95,97\-122" "id:1185,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\.\*\$" "id:1173,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\$" "id:1126,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 1" "id:1145,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "b\(\?:keep\-alive\|close\),s\?\(\?:keep\-alive\|close\)b" "id:1116,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\(\?i\)x5cu\[0\-9a\-f\]\{4\}" "id:1160,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "%\[0\-9a\-fA\-F\]\{2\}" "id:1167,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@endsWith\ \.pdf" "id:1182,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^\(\?:\(\?:max\-age=\[0\-9\]\+\|min\-fresh=\[0\-9\]\+\|no\-cache\|no\-store\|no\-transform\|only\-if\-cached\|max\-stale\(\?:=\[0\-9\]\+\)\?\)\(\?:s\*,s\*\|\$\)\)\{1,7\}\$" "id:1181,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ %\{tx\.max_file_size\}" "id:1146,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 1" "id:1147,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^0\?\$" "id:1110,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\(\?:\^\|\[\^x5c\]\)x5c\[cdeghijklmpqwxyz123456789\]" "id:1186,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{6\}" "id:1163,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\$" "id:1130,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange\ 9,10,13,32\-126,128\-255" "id:1168,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx\ \^0\$" "id:1171,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateUtf8Encoding" "id:1122,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1169,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ 1" "id:1162,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateUrlEncoding" "id:1118,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{63\}" "id:1166,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1135,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\['";=\]" "id:1170,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt\ %\{tx\.arg_length\}" "id:1142,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "\^\[\^;s\]\+" "id:1150,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1176,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange\ 38,44\-46,48\-58,61,65\-90,95,97\-122" "id:1184,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ %\{tx\.combined_file_sizes\}" "id:1304,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\.\*\$" "id:1329,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\.\[\^\.\~\]\+\~\(\?:/\.\*\|\)\$" "id:1311,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^0\$" "id:1327,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\$" "id:1286,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\['";=\]" "id:1326,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\(d\+\)\-\(d\+\)" "id:1271,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1281,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^0\$" "id:1290,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ %\{tx\.arg_name_length\}" "id:1296,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateUrlEncoding" "id:1274,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@streq\ JSON" "id:1315,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@ge\ 1" "id:1335,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\(\?:\^\(\[d\.\]\+\|\[\[da\-f:\]\+\]\|\[da\-f:\]\+\)\(:\[d\]\+\)\?\$\)" "id:1292,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ 50" "id:1314,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateUtf8Encoding" "id:1278,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateUrlEncoding" "id:1276,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^d\+\$" "id:1264,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{6\}" "id:1319,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@endsWith\ \.pdf" "id:1320,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ 0" "id:1336,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^\(\?:\(\?:max\-age=\[0\-9\]\+\|min\-fresh=\[0\-9\]\+\|no\-cache\|no\-store\|no\-transform\|only\-if\-cached\|max\-stale\(\?:=\[0\-9\]\+\)\?\)\(\?:s\*,s\*\|\$\)\)\{1,7\}\$" "id:1337,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\$" "id:1283,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 1" "id:1277,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1269,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@within\ %\{tx\.restricted_extensions\}" "id:1310,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^\(\?:OPTIONS\|CONNECT\)\$" "id:1333,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange\ 32\-36,38\-126" "id:1331,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@within\ %\{tx\.restricted_headers_basic\}" "id:1313,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\(\?:GET\|HEAD\)\$" "id:1265,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@streq\ POST" "id:1268,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\.\*\$" "id:1312,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "%\[0\-9a\-fA\-F\]\{2\}" "id:1323,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ %\{tx\.total_arg_length\}" "id:1300,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ %\{tx\.arg_length\}" "id:1298,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@within\ %\{tx\.restricted_headers_extended\}" "id:1330,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\(\?:GET\|HEAD\)\$" "id:1267,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\.\(\[\^\.\]\+\)\$" "id:1309,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1328,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "%u\[fF\]\{2\}\[0\-9a\-fA\-F\]\{2\}" "id:1279,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@pm\ AppleWebKit\ Android" "id:1334,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "b\(\?:keep\-alive\|close\),s\?\(\?:keep\-alive\|close\)b" "id:1272,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\[\^;s\]\+" "id:1306,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@endsWith\ \.pdf" "id:1338,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 1" "id:1293,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\$" "id:1289,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{63\}" "id:1322,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^0\?\$" "id:1266,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange\ 9,10,13,32\-126,128\-255" "id:1324,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{6\}" "id:1339,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 1" "id:1295,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\^\$" "id:1282,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "charset\.\*\?charset" "id:1308,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 1" "id:1297,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "charsets\*=s\*\["'\]\?\(\[\^;"'s\]\+\)" "id:1307,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@contains\ \#" "id:1317,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "x25" "id:1273,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^OPTIONS\$" "id:1287,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ 1" "id:1318,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 1" "id:1299,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1291,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "x25" "id:1275,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ %\{tx\.max_num_args\}" "id:1294,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange\ 32,34,38,42\-59,61,65\-90,95,97\-122" "id:1341,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 1" "id:1301,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\(\?:\^\|\[\^x5c\]\)x5c\[cdeghijklmpqwxyz123456789\]" "id:1342,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@pm\ AppleWebKit\ Android\ Business\ Enterprise\ Entreprise" "id:1285,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@endsWith\ \.pdf" "id:1321,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1332,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^\[w/\.\+\*\-\]\+\(\?:s\?;s\?\(\?:action\|boundary\|charset\|component\|start\(\?:\-info\)\?\|type\|version\)s\?=s\?\['"w\.\(\)\+,/:=\?<>@\#\*\-\]\+\)\*\$" "id:1305,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "\(\?i\)x5cu\[0\-9a\-f\]\{4\}" "id:1316,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 1" "id:1303,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt\ %\{tx\.max_file_size\}" "id:1302,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange\ 38,44\-46,48\-58,61,65\-90,95,97\-122" "id:1340,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange\ 1\-255" "id:1280,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx\ \^OPTIONS\$" "id:1284,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1325,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1270,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1288,phase:1,deny,status:403,log,msg:'enforcement attack detected'"