External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sat Feb 1 00:27:37 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-02-01 00:27:37 +00:00
parent 4f409f223d
commit 16e5ffb42c
24 changed files with 2239 additions and 2239 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
waf_patterns/apache/java.conf
View File

@@ -1,18 +1,18 @@
# Apache ModSecurity rules for JAVA
SecRuleEngine On
SecRule REQUEST_URI "java\.lang\.\(\?:runtime\|processbuilder\)" "id:1169,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:runtime\|processbuilder\)" "id:1173,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "xacxedx00x05" "id:1177,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:clonetransformer\|forclosure\|instantiatefactory\|instantiatetransformer\|invokertransformer\|prototypeclonefactory\|prototypeserializationfactory\|whileclosure\|getproperty\|filewriter\|xmldecoder\)" "id:1172,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "javab\.\+\(\?:runtime\|processbuilder\)" "id:1180,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:unmarshaller\|base64data\|java\.\)" "id:1171,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\.\*\.\(\?:jsp\|jspx\)\.\*\$" "id:1174,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?i\)\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\(\?:\[\^\}\]\*\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\|jndi\|ctx\)" "id:1176,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?i\)\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)" "id:1183,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:class\.module\.classLoader\.resources\.context\.parent\.pipeline\|springframework\.context\.support\.FileSystemXmlApplicationContext\)" "id:1181,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:rO0ABQ\|KztAAU\|Cs7QAF\)" "id:1178,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:cnVudGltZQ\|HJ1bnRpbWU\|BydW50aW1l\|cHJvY2Vzc2J1aWxkZXI\|HByb2Nlc3NidWlsZGVy\|Bwcm9jZXNzYnVpbGRlcg\|Y2xvbmV0cmFuc2Zvcm1lcg\|GNsb25ldHJhbnNmb3JtZXI\|BjbG9uZXRyYW5zZm9ybWVy\|Zm9yY2xvc3VyZQ\|GZvcmNsb3N1cmU\|Bmb3JjbG9zdXJl\|aW5zdGFudGlhdGVmYWN0b3J5\|Gluc3RhbnRpYXRlZmFjdG9yeQ\|BpbnN0YW50aWF0ZWZhY3Rvcnk\|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\|aW52b2tlcnRyYW5zZm9ybWVy\|Gludm9rZXJ0cmFuc2Zvcm1lcg\|BpbnZva2VydHJhbnNmb3JtZXI\|cHJvdG90eXBlY2xvbmVmYWN0b3J5\|HByb3RvdHlwZWNsb25lZmFjdG9yeQ\|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\|d2hpbGVjbG9zdXJl\|HdoaWxlY2xvc3VyZQ\|B3aGlsZWNsb3N1cmU\)" "id:1182,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?i\)\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\(\?:\[\^\}\]\{0,15\}\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\|jndi\|ctx\)" "id:1175,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:runtime\|processbuilder\)" "id:1170,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:clonetransformer\|forclosure\|instantiatefactory\|instantiatetransformer\|invokertransformer\|prototypeclonefactory\|prototypeserializationfactory\|whileclosure\|getproperty\|filewriter\|xmldecoder\)" "id:1179,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:runtime\|processbuilder\)" "id:1101,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "xacxedx00x05" "id:1105,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:unmarshaller\|base64data\|java\.\)" "id:1099,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:runtime\|processbuilder\)" "id:1098,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:class\.module\.classLoader\.resources\.context\.parent\.pipeline\|springframework\.context\.support\.FileSystemXmlApplicationContext\)" "id:1109,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "javab\.\+\(\?:runtime\|processbuilder\)" "id:1108,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?i\)\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\(\?:\[\^\}\]\{0,15\}\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\|jndi\|ctx\)" "id:1103,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?i\)\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)" "id:1111,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:clonetransformer\|forclosure\|instantiatefactory\|instantiatetransformer\|invokertransformer\|prototypeclonefactory\|prototypeserializationfactory\|whileclosure\|getproperty\|filewriter\|xmldecoder\)" "id:1107,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?i\)\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\(\?:\[\^\}\]\*\(\?:\$\|\$\?\)\(\?:\{\|\&l\(\?:brace\|cub\);\?\)\|jndi\|ctx\)" "id:1104,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "java\.lang\.\(\?:runtime\|processbuilder\)" "id:1097,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:cnVudGltZQ\|HJ1bnRpbWU\|BydW50aW1l\|cHJvY2Vzc2J1aWxkZXI\|HByb2Nlc3NidWlsZGVy\|Bwcm9jZXNzYnVpbGRlcg\|Y2xvbmV0cmFuc2Zvcm1lcg\|GNsb25ldHJhbnNmb3JtZXI\|BjbG9uZXRyYW5zZm9ybWVy\|Zm9yY2xvc3VyZQ\|GZvcmNsb3N1cmU\|Bmb3JjbG9zdXJl\|aW5zdGFudGlhdGVmYWN0b3J5\|Gluc3RhbnRpYXRlZmFjdG9yeQ\|BpbnN0YW50aWF0ZWZhY3Rvcnk\|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\|aW52b2tlcnRyYW5zZm9ybWVy\|Gludm9rZXJ0cmFuc2Zvcm1lcg\|BpbnZva2VydHJhbnNmb3JtZXI\|cHJvdG90eXBlY2xvbmVmYWN0b3J5\|HByb3RvdHlwZWNsb25lZmFjdG9yeQ\|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\|d2hpbGVjbG9zdXJl\|HdoaWxlY2xvc3VyZQ\|B3aGlsZWNsb3N1cmU\)" "id:1110,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:clonetransformer\|forclosure\|instantiatefactory\|instantiatetransformer\|invokertransformer\|prototypeclonefactory\|prototypeserializationfactory\|whileclosure\|getproperty\|filewriter\|xmldecoder\)" "id:1100,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\(\?:rO0ABQ\|KztAAU\|Cs7QAF\)" "id:1106,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "\.\*\.\(\?:jsp\|jspx\)\.\*\$" "id:1102,phase:1,deny,status:403,log,msg:'java attack detected'"