From 1e4bb70b5d65a5300282f74fc130bcf4481fc278 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sun, 22 Dec 2024 00:28:28 +0000
Subject: [PATCH] Update: [Sun Dec 22 00:28:28 UTC 2024]

---
 owasp_rules.json                        | 208 +++++++++---------------
 waf_patterns/apache/attack.conf         |   8 +-
 waf_patterns/apache/bots.conf           |   1 +
 waf_patterns/apache/enforcement.conf    |  12 +-
 waf_patterns/apache/generic.conf        |  14 +-
 waf_patterns/apache/iis.conf            |   1 -
 waf_patterns/apache/initialization.conf |   3 +-
 waf_patterns/apache/java.conf           |   3 +-
 waf_patterns/apache/leakages.conf       |   2 -
 waf_patterns/apache/lfi.conf            |   2 +-
 waf_patterns/apache/php.conf            |  11 +-
 waf_patterns/apache/rce.conf            |  36 ++--
 waf_patterns/apache/shells.conf         |   7 +-
 waf_patterns/apache/sql.conf            |   7 +-
 waf_patterns/apache/sqli.conf           |  50 +++---
 waf_patterns/apache/xss.conf            |  10 +-
 waf_patterns/caddy/attack.conf          |   2 +-
 waf_patterns/caddy/bots.conf            |   4 +
 waf_patterns/caddy/enforcement.conf     |   2 +-
 waf_patterns/caddy/generic.conf         |   2 +-
 waf_patterns/caddy/iis.conf             |   2 +-
 waf_patterns/caddy/initialization.conf  |   2 +-
 waf_patterns/caddy/java.conf            |   2 +-
 waf_patterns/caddy/leakages.conf        |   2 +-
 waf_patterns/caddy/lfi.conf             |   2 +-
 waf_patterns/caddy/php.conf             |   2 +-
 waf_patterns/caddy/rce.conf             |   2 +-
 waf_patterns/caddy/shells.conf          |   2 +-
 waf_patterns/caddy/sql.conf             |   2 +-
 waf_patterns/caddy/sqli.conf            |   2 +-
 waf_patterns/caddy/xss.conf             |   2 +-
 waf_patterns/haproxy/bots.acl           |   2 +
 waf_patterns/haproxy/waf.acl            | 180 +++++++++-----------
 waf_patterns/nginx/attack.conf          |  14 +-
 waf_patterns/nginx/bots.conf            |   6 +-
 waf_patterns/nginx/enforcement.conf     |  12 +-
 waf_patterns/nginx/generic.conf         |  14 +-
 waf_patterns/nginx/iis.conf             |   4 -
 waf_patterns/nginx/initialization.conf  |   6 +-
 waf_patterns/nginx/java.conf            |   6 +-
 waf_patterns/nginx/leakages.conf        |   8 -
 waf_patterns/nginx/lfi.conf             |   2 +-
 waf_patterns/nginx/php.conf             |  20 +--
 waf_patterns/nginx/rce.conf             |  42 ++---
 waf_patterns/nginx/shells.conf          |  10 +-
 waf_patterns/nginx/sql.conf             |  10 +-
 waf_patterns/nginx/sqli.conf            |  50 +++---
 waf_patterns/nginx/xss.conf             |  10 +-
 waf_patterns/traefik/bots.toml          |   8 +
 waf_patterns/traefik/middleware.toml    | 194 +++++++++-------------
 50 files changed, 428 insertions(+), 577 deletions(-)

diff --git a/owasp_rules.json b/owasp_rules.json
index 3a6e288..08ec20e 100644
--- a/owasp_rules.json
+++ b/owasp_rules.json
@@ -83,17 +83,13 @@
         "category": "INITIALIZATION",
         "pattern": "@eq 0"
     },
-    {
-        "category": "INITIALIZATION",
-        "pattern": "@eq 0"
-    },
     {
         "category": "INITIALIZATION",
         "pattern": "@eq 1"
     },
     {
         "category": "INITIALIZATION",
-        "pattern": "@unconditionalMatch"
+        "pattern": "@rx ^.*$"
     },
     {
         "category": "INITIALIZATION",
@@ -229,11 +225,11 @@
     },
     {
         "category": "ENFORCEMENT",
-        "pattern": "!@rx (?i)^(?:get /[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sx0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?)[sx0b]+[.-9A-Z_a-z]+)$"
+        "pattern": "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$"
     },
     {
         "category": "ENFORCEMENT",
-        "pattern": "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"
+        "pattern": "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"
     },
     {
         "category": "ENFORCEMENT",
@@ -305,7 +301,7 @@
     },
     {
         "category": "ENFORCEMENT",
-        "pattern": "!@rx ^.*%.*.[^sx0b.]+$"
+        "pattern": "!@rx ^.*%.*.[^sv.]+$"
     },
     {
         "category": "ENFORCEMENT",
@@ -429,7 +425,7 @@
     },
     {
         "category": "ENFORCEMENT",
-        "pattern": "!@rx ^[w/.+*-]+(?:s?;s*(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"
+        "pattern": "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"
     },
     {
         "category": "ENFORCEMENT",
@@ -477,11 +473,11 @@
     },
     {
         "category": "ENFORCEMENT",
-        "pattern": "@gt 100"
+        "pattern": "@gt 50"
     },
     {
         "category": "ENFORCEMENT",
-        "pattern": "!@rx ^(?:(?:*|[^!"
+        "pattern": "!@rx ^(?:(?:*|[^!-"
     },
     {
         "category": "ENFORCEMENT",
@@ -685,7 +681,7 @@
     },
     {
         "category": "ATTACK",
-        "pattern": "@rx ^[^sx0b,;]+[sx0b,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)"
+        "pattern": "@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)"
     },
     {
         "category": "ATTACK",
@@ -705,7 +701,7 @@
     },
     {
         "category": "ATTACK",
-        "pattern": "@rx ^[^sx0b,;]+[sx0b,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b"
+        "pattern": "@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b"
     },
     {
         "category": "ATTACK",
@@ -727,6 +723,10 @@
         "category": "ATTACK",
         "pattern": "@gt 1"
     },
+    {
+        "category": "ATTACK",
+        "pattern": "@rx TX:paramcounter_(.*)"
+    },
     {
         "category": "ATTACK",
         "pattern": "@rx (][^]]+$|][^]]+[)"
@@ -757,16 +757,12 @@
     },
     {
         "category": "ATTACK",
-        "pattern": "!@rx ^(?:(?:*|[^!"
+        "pattern": "!@rx ^(?:(?:*|[^!-"
     },
     {
         "category": "ATTACK",
         "pattern": "@rx content-transfer-encoding:(.*)"
     },
-    {
-        "category": "ATTACK",
-        "pattern": "@rx [^x21-x7E][x21-x39x3B-x7E]*:"
-    },
     {
         "category": "LFI",
         "pattern": "@lt 1"
@@ -777,7 +773,7 @@
     },
     {
         "category": "LFI",
-        "pattern": "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[01]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))"
+        "pattern": "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))"
     },
     {
         "category": "LFI",
@@ -901,19 +897,15 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b"
+        "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"
     },
     {
         "category": "RCE",
-        "pattern": "@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"
+        "pattern": "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"
     },
     {
         "category": "RCE",
-        "pattern": "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sx0b]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))"
-    },
-    {
-        "category": "RCE",
-        "pattern": "@rx ~(?:[+-](?:$|[sx0b0-9]+)|[0-9]+)"
+        "pattern": "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))"
     },
     {
         "category": "RCE",
@@ -949,11 +941,11 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b"
+        "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"
     },
     {
         "category": "RCE",
-        "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b"
+        "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"
     },
     {
         "category": "RCE",
@@ -969,11 +961,11 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"
+        "pattern": "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"
     },
     {
         "category": "RCE",
-        "pattern": "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]"
+        "pattern": "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]"
     },
     {
         "category": "RCE",
@@ -985,11 +977,7 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx ^[^#]+"
-    },
-    {
-        "category": "RCE",
-        "pattern": "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]))"
+        "pattern": "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))"
     },
     {
         "category": "RCE",
@@ -1001,7 +989,7 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{])"
+        "pattern": "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])"
     },
     {
         "category": "RCE",
@@ -1013,11 +1001,11 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx (?i).|(?:[sx0b]*|b["
+        "pattern": "@rx (?i).|(?:[sv]*|b["
     },
     {
         "category": "RCE",
-        "pattern": "@rx (?i)[-0-9_a-z]+(?:[sx0b]*["
+        "pattern": "@rx (?i)[-0-9_a-z]+(?:[sv]*["
     },
     {
         "category": "RCE",
@@ -1025,11 +1013,11 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx ;[sx0b]*.[sx0b]*["
+        "pattern": "@rx ;[sv]*.[sv]*["
     },
     {
         "category": "RCE",
-        "pattern": "@rx rn.*?b(?:E(?:HLO [-.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [-.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}@.{1,255}>|R(?:CPT TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SETb)|VRFY .{1,64}(?: <.{1,64}@.{1,255}>|@.{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20} (?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}=|[+/-9A-Z_a-zx17fx212a]{3}))?=|STARTTLSb|NOOPb(?: .{1,255})?)"
+        "pattern": "@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)"
     },
     {
         "category": "RCE",
@@ -1037,7 +1025,7 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9_a-z]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))"
+        "pattern": "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))"
     },
     {
         "category": "RCE",
@@ -1065,7 +1053,7 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sx0b&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sx0b&)<>|]|pt(?:(?:itude)?[sx0b&)<>|]|-get)|r(?:[sx0b&)<>j|]|(?:p|ch)[sx0b&)<>|]|ia2c)|s(?:h?[sx0b&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sx0b&)<>|]|obm)|dd(?:group|user)|getty|nsible)|b(?:z(?:z[sx0b&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sx0b&)<>|]|c))|h[sx0b&)<>|])|tch[sx0b&)<>|])|lkid|pftrace|r(?:eaksw|idge[sx0b&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sx0b&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[sx0b&)<>|]|mp|p(?:[sx0b&)<>|]|io|ulimit)|s(?:h|cli[sx0b&)<>|]|plit|vtool)|u(?:t[sx0b&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sx0b&)<>|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[sx0b&)-<>|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sx0b&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sx0b&)<>|]|w(?:say|think))|r(?:ash[sx0b&)<>|]|on(?:[sx0b&)<>|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sx0b&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sx0b&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sx0b&)<>|]|n(?:v(?:[sx0b&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sx0b&)<>h|]|ac)|x(?:(?:ec)?[sx0b&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sx0b&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sx0b&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sx0b&)<>|]|le(?:[sx0b&)<>|]|test))|mt|tp(?:[sx0b&)<>|]|stats|who)|acter|o(?:ld[sx0b&)<>|]|reach)|ping)|g(?:c(?:c[^sx0b]|ore)|db|e(?:(?:m|tfacl)[sx0b&)<>|]|ni(?:e[sx0b&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sx0b&)<>|]|nsh)|(?:o|awk)[sx0b&)<>|]|pg|r(?:c|ep[sx0b&)<>|]|oup(?:[sx0b&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sx0b&)<>|]|e(?:ad[sx0b&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sx0b&)<>|]|onice|spell)|j(?:js|q|ava[sx0b&)<>|]|exec|o(?:(?:bs|in)[sx0b&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sx0b&)<>|]|all)|nife[sx0b&)<>|])|l(?:d(?:d?[sx0b&)<>|]|config)|(?:[np]|ynx)[sx0b&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sx0b&)<>|]|(?:la)?tex)|z(?:[sx0b&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sx0b&)<>|]|comm|log(?:in)?)|tex[sx0b&)<>|])|ess(?:[sx0b&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sx0b&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sx0b&)<>|]|il(?:[sx0b&)<>q|]|x[sx0b&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sx0b&)<>|]|k(?:dir[sx0b&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sx0b&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sx0b&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sx0b&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sx0b&)<>|]|m(?:[sx0b&)<>|]|ap)|p(?:m[sx0b&)<>|]|ing)|a(?:no[sx0b&)<>|]|sm|wk)|o(?:de[sx0b&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sx0b&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sx0b&)<>|]|s(?:swd|te[sx0b&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sx0b&)<>|]|tp)|g(?:[sx0b&)<>|]|rep)|hp(?:[sx0b&)57<>|]|-cgi)|i(?:(?:co?|ng)[sx0b&)<>|]|p[^sx0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sx0b&)<>|]|int(?:env|f[sx0b&)<>|]))|s(?:[sx0b&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sx0b&)<>|]|l(?:[sx0b&)5<>|]|sh))|opd|u(?:ppet[sx0b&)<>|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[sx0b&)<>|]|k(?:e[sx0b&)<>|]|u))|c(?:p[sx0b&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sx0b&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sx0b&)<>|]|user)|pm(?:[sx0b&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sx0b&)<>|]|sync|u(?:by[^sx0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[sx0b&)<>|])|e(?:(?:d|lf|rvice)[sx0b&)<>|]|t(?:(?:facl)?[sx0b&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sx0b&)<>|]|h(?:(?:adow|ells)?[sx0b&)<>|]|.distrib|u(?:f|tdown[sx0b&)<>|]))|s(?:[sx0b&)<>|]|h(?:[sx0b&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sx0b&)<>|]|do)|vn|diff|ftp|l(?:eep[sx0b&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sx0b&)<>|])|p(?:lit[sx0b&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sx0b&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sx0b&)<>|]|il[sx0b&)<>f|]|sk(?:[sx0b&)<>|]|set))|bl|c(?:p(?:[sx0b&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sx0b&)<>|]|lnet)|i(?:c[sx0b&)<>|]|me(?:(?:out)?[sx0b&)<>|]|datectl))|o(?:p|uch[sx0b&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sx0b&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sx0b&)<>|]|expand|iq|l(?:ink[sx0b&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sx0b&)<>|]|std))|p(?:2date[sx0b&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sx0b&)<>|]|m(?:[sx0b&)<>|]|diff)|gr|pw|rsh|sudo)|algrind|olatility[sx0b&)<>|])|w(?:[sx0b&)<>c|]|h(?:o(?:[sx0b&)<>|]|ami|is)?|iptail[sx0b&)<>|])|a(?:ll|tch)[sx0b&)<>|]|i(?:reshark|sh[sx0b&)<>|]))|x(?:(?:x|pa)d|z(?:[sx0b&)<>|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sx0b&)<>|]|um)|z(?:ip(?:[sx0b&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sx0b&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])"
+        "pattern": "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sv&)<>|]|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:[sv&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sv&)<>|]|l(?:[sv&)5<>|]|sh))|opd|u(?:ppet[sv&)<>|]|shd)|y(?:thon[2-3]|3?versions))|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:(?:facl)?[sv&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])"
     },
     {
         "category": "RCE",
@@ -1077,7 +1065,7 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx rn.*?b(?:DATA|QUIT|HELP(?: .{1,255})?)"
+        "pattern": "@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)"
     },
     {
         "category": "RCE",
@@ -1085,7 +1073,7 @@
     },
     {
         "category": "RCE",
-        "pattern": "@rx rn.*?b(?:(?:QUI|STA|RSE)T|NOOP|CAPA)"
+        "pattern": "@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)"
     },
     {
         "category": "RCE",
@@ -1109,7 +1097,7 @@
     },
     {
         "category": "PHP",
-        "pattern": "@rx (?i)<?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^sx0b]|[sx0b]+[^a-z]|$)))|$|php)|[[/x5c]?php]"
+        "pattern": "@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])"
     },
     {
         "category": "PHP",
@@ -1121,11 +1109,7 @@
     },
     {
         "category": "PHP",
-        "pattern": "@rx b([^s]+)s*=[^=]"
-    },
-    {
-        "category": "PHP",
-        "pattern": "@pmFromFile php-config-directives.data"
+        "pattern": "@pm ="
     },
     {
         "category": "PHP",
@@ -1173,11 +1157,7 @@
     },
     {
         "category": "PHP",
-        "pattern": "@rx b([^s]+)s*[(]"
-    },
-    {
-        "category": "PHP",
-        "pattern": "@pmFromFile php-function-names-933151.data"
+        "pattern": "@pm ("
     },
     {
         "category": "PHP",
@@ -1193,7 +1173,7 @@
     },
     {
         "category": "PHP",
-        "pattern": "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sx0b]|/*.**/|(?:#|//).*)*(.*)"
+        "pattern": "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)"
     },
     {
         "category": "PHP",
@@ -1225,7 +1205,7 @@
     },
     {
         "category": "GENERIC",
-        "pattern": "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sx0b]+Function[sx0b]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sx0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sx0b]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["
+        "pattern": "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["
     },
     {
         "category": "GENERIC",
@@ -1237,15 +1217,15 @@
     },
     {
         "category": "GENERIC",
-        "pattern": "@rx Process[sx0b]*.[sx0b]*spawn[sx0b]*("
+        "pattern": "@rx Process[sv]*.[sv]*spawn[sv]*("
     },
     {
         "category": "GENERIC",
-        "pattern": "@rx while[sx0b]*([sx0b(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"
+        "pattern": "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"
     },
     {
         "category": "GENERIC",
-        "pattern": "@rx ^data:(?:(?:*|[^!"
+        "pattern": "@rx ^data:(?:(?:*|[^!-"
     },
     {
         "category": "GENERIC",
@@ -1257,15 +1237,15 @@
     },
     {
         "category": "GENERIC",
-        "pattern": "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sx0b]*("
+        "pattern": "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*("
     },
     {
         "category": "GENERIC",
-        "pattern": "@rx (?i)(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][-.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sx0b]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][-.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+)"
+        "pattern": "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))"
     },
     {
         "category": "GENERIC",
-        "pattern": "@rx ^(?:[^@]|@[^{])*@+{.*}"
+        "pattern": "@rx @{.*}"
     },
     {
         "category": "GENERIC",
@@ -1305,7 +1285,7 @@
     },
     {
         "category": "XSS",
-        "pattern": "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sx0b]+(?:%[sx0b]+)?[^sx0b]+[sx0b]+(?:SYSTEM|PUBLIC)|@import|;base64)b"
+        "pattern": "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b"
     },
     {
         "category": "XSS",
@@ -1313,7 +1293,7 @@
     },
     {
         "category": "XSS",
-        "pattern": "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sx0b"
+        "pattern": "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv"
     },
     {
         "category": "XSS",
@@ -1333,11 +1313,11 @@
     },
     {
         "category": "XSS",
-        "pattern": "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."
+        "pattern": "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."
     },
     {
         "category": "XSS",
-        "pattern": "@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."
+        "pattern": "@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."
     },
     {
         "category": "XSS",
@@ -1393,7 +1373,7 @@
     },
     {
         "category": "XSS",
-        "pattern": "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sx0b]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sx0b]*("
+        "pattern": "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sv]*("
     },
     {
         "category": "XSS",
@@ -1473,7 +1453,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("
+        "pattern": "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("
     },
     {
         "category": "SQLI",
@@ -1481,7 +1461,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)(?:select|;)[sx0b]+(?:benchmark|if|sleep)[sx0b]*?([sx0b]*?(?[sx0b]*?[0-9A-Z_a-z]+"
+        "pattern": "@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+"
     },
     {
         "category": "SQLI",
@@ -1493,11 +1473,11 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)[sx0b()]case[sx0b]+when.*?then|)[sx0b]*?like[sx0b]*?(|select.*?having[sx0b]*?[^sx0b]+[sx0b]*?[^sx0b0-9A-Z_a-z]|if[sx0b]?([0-9A-Z_a-z]+[sx0b]*?[<->~]"
+        "pattern": "@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]"
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)alter[sx0b]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sx0b]+set[sx0b]+[0-9A-Z_a-z]+|["
+        "pattern": "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|["
     },
     {
         "category": "SQLI",
@@ -1509,7 +1489,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)select[sx0b]*?pg_sleep|waitfor[sx0b]*?delay[sx0b]?["
+        "pattern": "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?["
     },
     {
         "category": "SQLI",
@@ -1517,19 +1497,19 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"
+        "pattern": "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)create[sx0b]+function[sx0b].+[sx0b]returns|;[sx0b]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sx0b]*?[([]?[0-9A-Z_a-z]{2,}"
+        "pattern": "@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}"
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)b[sx0b]*(?|end[sx0b]*?);)|[sx0b(]load_file[sx0b]*?(|["
+        "pattern": "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|["
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)/*[sx0b]*?[!+](?:[sx0b()-0-9=A-Z_a-z]+)?*/"
+        "pattern": "@rx (?i)/*[sv]*?[!+](?:[sv(-)-0-9=A-Z_a-z]+)?*/"
     },
     {
         "category": "SQLI",
@@ -1537,7 +1517,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)1.e[(),]"
+        "pattern": "@rx (?i)1.e[(-),]"
     },
     {
         "category": "SQLI",
@@ -1553,11 +1533,11 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)[!=]=|&&||||->|>[=>]|<(?:[<=]|>(?:[sx0b]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["
+        "pattern": "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)[sx0b"
+        "pattern": "@rx (?i)[sv"
     },
     {
         "category": "SQLI",
@@ -1565,7 +1545,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)[sx0b"
+        "pattern": "@rx (?i)[sv"
     },
     {
         "category": "SQLI",
@@ -1585,7 +1565,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sx0b(]+[0-9A-Z_a-z]+[sx0b)]*?[!+=]+[sx0b0-9]*?["
+        "pattern": "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?["
     },
     {
         "category": "SQLI",
@@ -1593,11 +1573,11 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i))[sx0b]*?when[sx0b]*?[0-9]+[sx0b]*?then|["
+        "pattern": "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|["
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)(?:([sx0b]*?select[sx0b]*?[0-9A-Z_a-z]+|coalesce|order[sx0b]+by[sx0b]+if[0-9A-Z_a-z]*?)[sx0b]*?(|*/from|+[sx0b]*?[0-9]+[sx0b]*?+[sx0b]*?@|[0-9A-Z_a-z]["
+        "pattern": "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z]["
     },
     {
         "category": "SQLI",
@@ -1605,7 +1585,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)in[sx0b]*?(+[sx0b]*?select|(?:(?:N?AND|X?X?OR|DIV|LIKE|BETWEEN|NOT)[sx0b]+|(?:|||&&)[sx0b]*)[sx0b+0-9A-Z_a-z]+(?:regexp[sx0b]*?(|sounds[sx0b]+like[sx0b]*?["
+        "pattern": "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?["
     },
     {
         "category": "SQLI",
@@ -1613,7 +1593,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)[sx0b]?(?|end[sx0b]*?);|[sx0b(]load_file[sx0b]*?(|["
+        "pattern": "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|["
     },
     {
         "category": "SQLI",
@@ -1621,19 +1601,19 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)b(?:havingb(?:[sx0b]+(?:[0-9]{1,10}|'[^=]{1,10}')[sx0b]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["
+        "pattern": "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)b(?:orb(?:[sx0b]?(?:[0-9]{1,10}|["
+        "pattern": "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|["
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)bandb(?:[sx0b]+(?:[0-9]{1,10}[sx0b]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["
+        "pattern": "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[12]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?("
+        "pattern": "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?("
     },
     {
         "category": "SQLI",
@@ -1661,7 +1641,7 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx /*!?|*/|[';]--|--(?:[sx0b]|[^-]*?-)|[^&-]#.*?[sx0b]|;?x00"
+        "pattern": "@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00"
     },
     {
         "category": "SQLI",
@@ -1697,11 +1677,11 @@
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("
+        "pattern": "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("
     },
     {
         "category": "SQLI",
-        "pattern": "@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"
+        "pattern": "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"
     },
     {
         "category": "SQLI",
@@ -1833,7 +1813,7 @@
     },
     {
         "category": "JAVA",
-        "pattern": "@rx (?i)(?:unmarshaller|base64data|java.)"
+        "pattern": "@rx (?:unmarshaller|base64data|java.)"
     },
     {
         "category": "JAVA",
@@ -2019,14 +1999,6 @@
         "category": "EVALUATION",
         "pattern": "@lt 4"
     },
-    {
-        "category": "LEAKAGES",
-        "pattern": "@eq 1"
-    },
-    {
-        "category": "LEAKAGES",
-        "pattern": "@pm gzip compress deflate br zstd"
-    },
     {
         "category": "LEAKAGES",
         "pattern": "@lt 1"
@@ -2071,10 +2043,6 @@
         "category": "LEAKAGES",
         "pattern": "@lt 4"
     },
-    {
-        "category": "SQL",
-        "pattern": "@pm gzip compress deflate br zstd"
-    },
     {
         "category": "SQL",
         "pattern": "@lt 1"
@@ -2093,7 +2061,7 @@
     },
     {
         "category": "SQL",
-        "pattern": "@rx (?i)bORA-[0-9][0-9][0-9][0-9][0-9]:|java.sql.SQLException|Oracle(?: erro|[^()]{0,20}Drive)r|Warning.{1,10}o(?:ci_.{1,30}|ra_.{1,20})"
+        "pattern": "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)"
     },
     {
         "category": "SQL",
@@ -2137,11 +2105,11 @@
     },
     {
         "category": "SQL",
-        "pattern": "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[()_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):"
+        "pattern": "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):"
     },
     {
         "category": "SQL",
-        "pattern": "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|(?:pg_(?:query|exec)() [|org.postgresql.util.PSQLException):|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er"
+        "pattern": "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er"
     },
     {
         "category": "SQL",
@@ -2175,10 +2143,6 @@
         "category": "SQL",
         "pattern": "@lt 4"
     },
-    {
-        "category": "JAVA",
-        "pattern": "@pm gzip compress deflate br zstd"
-    },
     {
         "category": "JAVA",
         "pattern": "@lt 1"
@@ -2219,10 +2183,6 @@
         "category": "JAVA",
         "pattern": "@lt 4"
     },
-    {
-        "category": "PHP",
-        "pattern": "@pm gzip compress deflate br zstd"
-    },
     {
         "category": "PHP",
         "pattern": "@lt 1"
@@ -2271,10 +2231,6 @@
         "category": "PHP",
         "pattern": "@lt 4"
     },
-    {
-        "category": "IIS",
-        "pattern": "@pm gzip compress deflate br zstd"
-    },
     {
         "category": "IIS",
         "pattern": "@lt 1"
@@ -2327,10 +2283,6 @@
         "category": "IIS",
         "pattern": "@lt 4"
     },
-    {
-        "category": "SHELLS",
-        "pattern": "@pm gzip compress deflate br zstd"
-    },
     {
         "category": "SHELLS",
         "pattern": "@lt 1"
@@ -2345,11 +2297,11 @@
     },
     {
         "category": "SHELLS",
-        "pattern": "@rx <title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>"
+        "pattern": "@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)"
     },
     {
         "category": "SHELLS",
-        "pattern": "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=(?:Windows-1251|UTF-8)?'><title>.*?(?: -)? W[Ss][Oo] [0-9.]+</title>"
+        "pattern": "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>"
     },
     {
         "category": "SHELLS",
@@ -2405,7 +2357,7 @@
     },
     {
         "category": "SHELLS",
-        "pattern": "@rx ^<html>n<head>n<title>Ru24PostWebShell"
+        "pattern": "@rx ^<html>n<head>n<title>Ru24PostWebShell -"
     },
     {
         "category": "SHELLS",
diff --git a/waf_patterns/apache/attack.conf b/waf_patterns/apache/attack.conf
index 4917874..4d82107 100644
--- a/waf_patterns/apache/attack.conf
+++ b/waf_patterns/apache/attack.conf
@@ -11,17 +11,18 @@ SecRule REQUEST_URI "@rx [nr]" "id:1000,phase:1,deny,status:403,log,msg:'attack
 SecRule REQUEST_URI "@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx [nr]" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx ^[^sx0b,;]+[sx0b,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx unix:[^|]*|" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx [nr]" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx ^[^sx0b,;]+[sx0b,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@gt 0" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx ." "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@gt 1" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx TX:paramcounter_(.*)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx (][^]]+$|][^]]+[)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
@@ -29,6 +30,5 @@ SecRule REQUEST_URI "@rx [" "id:1000,phase:1,deny,status:403,log,msg:'attack att
 SecRule REQUEST_URI "!@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx ^content-types*:s*(.*)$" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
 SecRule REQUEST_URI "@rx content-transfer-encoding:(.*)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [^x21-x7E][x21-x39x3B-x7E]*:" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
diff --git a/waf_patterns/apache/bots.conf b/waf_patterns/apache/bots.conf
index 39a2784..01e5f63 100644
--- a/waf_patterns/apache/bots.conf
+++ b/waf_patterns/apache/bots.conf
@@ -668,3 +668,4 @@ SecRule REQUEST_HEADERS:User-Agent "@contains x22Mozilla" "id:3000,phase:1,deny,
 SecRule REQUEST_HEADERS:User-Agent "@contains xpymep1.exe" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'"
 SecRule REQUEST_HEADERS:User-Agent "@contains zauba.io" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'"
 SecRule REQUEST_HEADERS:User-Agent "@contains zgrab" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'"
+SecRule REQUEST_HEADERS:X-Evil-Bit "@streq 1" "id:3001,phase:1,deny,status:403,log,msg:'Evil Bit Blocked'"
diff --git a/waf_patterns/apache/enforcement.conf b/waf_patterns/apache/enforcement.conf
index 4e2d337..b8947a5 100644
--- a/waf_patterns/apache/enforcement.conf
+++ b/waf_patterns/apache/enforcement.conf
@@ -12,8 +12,8 @@ SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'enforcemen
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sx0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?)[sx0b]+[.-9A-Z_a-z]+)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "!@rx ^d+$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "!@rx ^0?$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
@@ -31,7 +31,7 @@ SecRule REQUEST_URI "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b" "id:1000
 SecRule REQUEST_URI "@rx x25" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@rx ^(.*)/(?:[^?]+)?(?.*)?$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@validateUrlEncoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^.*%.*.[^sx0b.]+$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^.*%.*.[^sv.]+$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@validateUrlEncoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@validateUtf8Encoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
@@ -62,7 +62,7 @@ SecRule REQUEST_URI "@rx ^(?i)multipart/form-data" "id:1000,phase:1,deny,status:
 SecRule REQUEST_URI "@gt %{tx.max_file_size}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@gt %{tx.combined_file_sizes}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s*(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@rx ^[^;s]+" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@rx charsets*=s*[" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
@@ -74,8 +74,8 @@ SecRule REQUEST_URI "@within %{tx.restricted_extensions}" "id:1000,phase:1,deny,
 SecRule REQUEST_URI "@rx .[^.~]+~(?:/.*|)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@rx ^.*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@within %{tx.restricted_headers_basic}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt 100" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt 50" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "!@streq JSON" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@rx (?i)x5cu[0-9a-f]{4}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
 SecRule REQUEST_URI "@contains #" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
diff --git a/waf_patterns/apache/generic.conf b/waf_patterns/apache/generic.conf
index e220133..a458a33 100644
--- a/waf_patterns/apache/generic.conf
+++ b/waf_patterns/apache/generic.conf
@@ -3,17 +3,17 @@ SecRuleEngine On
 
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sx0b]+Function[sx0b]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sx0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sx0b]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@pmFromFile ssrf.data" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@rx (?:__proto__|constructors*(?:.|[)s*prototype)" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx Process[sx0b]*.[sx0b]*spawn[sx0b]*(" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx while[sx0b]*([sx0b(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx ^data:(?:(?:*|[^!" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx Process[sv]*.[sv]*spawn[sv]*(" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx ^data:(?:(?:*|[^!-" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sx0b]*(" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][-.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sx0b]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][-.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+)" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx ^(?:[^@]|@[^{])*@+{.*}" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx @{.*}" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
diff --git a/waf_patterns/apache/iis.conf b/waf_patterns/apache/iis.conf
index 2acf754..453e673 100644
--- a/waf_patterns/apache/iis.conf
+++ b/waf_patterns/apache/iis.conf
@@ -1,7 +1,6 @@
 # Apache ModSecurity rules for IIS
 SecRuleEngine On
 
-SecRule REQUEST_URI "@pm gzip compress deflate br zstd" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
 SecRule REQUEST_URI "@rx [a-z]:x5cinetpubb" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
diff --git a/waf_patterns/apache/initialization.conf b/waf_patterns/apache/initialization.conf
index b1a0593..908598f 100644
--- a/waf_patterns/apache/initialization.conf
+++ b/waf_patterns/apache/initialization.conf
@@ -22,9 +22,8 @@ SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initializa
 SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
 SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
 SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
 SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@unconditionalMatch" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@rx ^.*$" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
 SecRule REQUEST_URI "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
 SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
 SecRule REQUEST_URI "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
diff --git a/waf_patterns/apache/java.conf b/waf_patterns/apache/java.conf
index 7bd9513..ad70cdb 100644
--- a/waf_patterns/apache/java.conf
+++ b/waf_patterns/apache/java.conf
@@ -5,7 +5,7 @@ SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attac
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@rx java.lang.(?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:unmarshaller|base64data|java.)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:unmarshaller|base64data|java.)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@pmFromFile java-classes.data" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
@@ -25,7 +25,6 @@ SecRule REQUEST_URI "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@pm gzip compress deflate br zstd" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
 SecRule REQUEST_URI "@pmFromFile java-code-leakages.data" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
diff --git a/waf_patterns/apache/leakages.conf b/waf_patterns/apache/leakages.conf
index 23b6c51..76458b8 100644
--- a/waf_patterns/apache/leakages.conf
+++ b/waf_patterns/apache/leakages.conf
@@ -1,8 +1,6 @@
 # Apache ModSecurity rules for LEAKAGES
 SecRuleEngine On
 
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@pm gzip compress deflate br zstd" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
 SecRule REQUEST_URI "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
diff --git a/waf_patterns/apache/lfi.conf b/waf_patterns/apache/lfi.conf
index 7756511..5715617 100644
--- a/waf_patterns/apache/lfi.conf
+++ b/waf_patterns/apache/lfi.conf
@@ -3,7 +3,7 @@ SecRuleEngine On
 
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[01]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
 SecRule REQUEST_URI "@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
 SecRule REQUEST_URI "@pmFromFile lfi-os-files.data" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
 SecRule REQUEST_URI "@pmFromFile restricted-files.data" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
diff --git a/waf_patterns/apache/php.conf b/waf_patterns/apache/php.conf
index 31d0e27..4f7c83c 100644
--- a/waf_patterns/apache/php.conf
+++ b/waf_patterns/apache/php.conf
@@ -3,11 +3,10 @@ SecRuleEngine On
 
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?i)<?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^sx0b]|[sx0b]+[^a-z]|$)))|$|php)|[[/x5c]?php]" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@pmFromFile php-config-directives.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx b([^s]+)s*=[^=]" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-config-directives.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pm =" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@pmFromFile php-variables.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
@@ -19,18 +18,16 @@ SecRule REQUEST_URI "@rx (?:((?:.+)(?:[" "id:1000,phase:1,deny,status:403,log,ms
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@pmFromFile php-function-names-933151.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx b([^s]+)s*[(]" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-function-names-933151.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pm (" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sx0b]|/*.**/|(?:#|//).*)*(.*)" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@rx .*.(?:phpd*|phtml)..*$" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@pm ?>" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@rx (?:((?:.+)(?:[" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pm gzip compress deflate br zstd" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
 SecRule REQUEST_URI "@pmFromFile php-errors.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
diff --git a/waf_patterns/apache/rce.conf b/waf_patterns/apache/rce.conf
index 4468523..dfc8d39 100644
--- a/waf_patterns/apache/rce.conf
+++ b/waf_patterns/apache/rce.conf
@@ -6,10 +6,9 @@ SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'rce attack
 SecRule REQUEST_URI "@rx (?i)(?:b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@pmFromFile windows-powershell-commands.data" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sx0b]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ~(?:[+-](?:$|[sx0b0-9]+)|[0-9]+)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:^|b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:^|b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx !-d" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
@@ -18,41 +17,40 @@ SecRule REQUEST_URI "@rx ^(s*)s+{" "id:1000,phase:1,deny,status:403,log,msg:'rce
 SecRule REQUEST_URI "@rx ^(s*)s+{" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx ba[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@pmFromFile restricted-upload.data" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?:b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx /" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx s" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ^[^#]+" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx /" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx s" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{])" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx /" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx s" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i).|(?:[sx0b]*|b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)[-0-9_a-z]+(?:[sx0b]*[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i).|(?:[sv]*|b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)[-0-9_a-z]+(?:[sv]*[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "!@rx [0-9]s*'s*[0-9]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ;[sx0b]*.[sx0b]*[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx rn.*?b(?:E(?:HLO [-.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [-.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}@.{1,255}>|R(?:CPT TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SETb)|VRFY .{1,64}(?: <.{1,64}@.{1,255}>|@.{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20} (?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}=|[+/-9A-Z_a-zx17fx212a]{3}))?=|STARTTLSb|NOOPb(?: .{1,255})?)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ;[sv]*.[sv]*[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9_a-z]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:^|b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:^|b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@pmFromFile unix-shell.data" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?:b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sx0b&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sx0b&)<>|]|pt(?:(?:itude)?[sx0b&)<>|]|-get)|r(?:[sx0b&)<>j|]|(?:p|ch)[sx0b&)<>|]|ia2c)|s(?:h?[sx0b&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sx0b&)<>|]|obm)|dd(?:group|user)|getty|nsible)|b(?:z(?:z[sx0b&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sx0b&)<>|]|c))|h[sx0b&)<>|])|tch[sx0b&)<>|])|lkid|pftrace|r(?:eaksw|idge[sx0b&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sx0b&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[sx0b&)<>|]|mp|p(?:[sx0b&)<>|]|io|ulimit)|s(?:h|cli[sx0b&)<>|]|plit|vtool)|u(?:t[sx0b&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sx0b&)<>|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[sx0b&)-<>|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sx0b&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sx0b&)<>|]|w(?:say|think))|r(?:ash[sx0b&)<>|]|on(?:[sx0b&)<>|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sx0b&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sx0b&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sx0b&)<>|]|n(?:v(?:[sx0b&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sx0b&)<>h|]|ac)|x(?:(?:ec)?[sx0b&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sx0b&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sx0b&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sx0b&)<>|]|le(?:[sx0b&)<>|]|test))|mt|tp(?:[sx0b&)<>|]|stats|who)|acter|o(?:ld[sx0b&)<>|]|reach)|ping)|g(?:c(?:c[^sx0b]|ore)|db|e(?:(?:m|tfacl)[sx0b&)<>|]|ni(?:e[sx0b&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sx0b&)<>|]|nsh)|(?:o|awk)[sx0b&)<>|]|pg|r(?:c|ep[sx0b&)<>|]|oup(?:[sx0b&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sx0b&)<>|]|e(?:ad[sx0b&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sx0b&)<>|]|onice|spell)|j(?:js|q|ava[sx0b&)<>|]|exec|o(?:(?:bs|in)[sx0b&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sx0b&)<>|]|all)|nife[sx0b&)<>|])|l(?:d(?:d?[sx0b&)<>|]|config)|(?:[np]|ynx)[sx0b&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sx0b&)<>|]|(?:la)?tex)|z(?:[sx0b&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sx0b&)<>|]|comm|log(?:in)?)|tex[sx0b&)<>|])|ess(?:[sx0b&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sx0b&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sx0b&)<>|]|il(?:[sx0b&)<>q|]|x[sx0b&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sx0b&)<>|]|k(?:dir[sx0b&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sx0b&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sx0b&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sx0b&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sx0b&)<>|]|m(?:[sx0b&)<>|]|ap)|p(?:m[sx0b&)<>|]|ing)|a(?:no[sx0b&)<>|]|sm|wk)|o(?:de[sx0b&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sx0b&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sx0b&)<>|]|s(?:swd|te[sx0b&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sx0b&)<>|]|tp)|g(?:[sx0b&)<>|]|rep)|hp(?:[sx0b&)57<>|]|-cgi)|i(?:(?:co?|ng)[sx0b&)<>|]|p[^sx0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sx0b&)<>|]|int(?:env|f[sx0b&)<>|]))|s(?:[sx0b&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sx0b&)<>|]|l(?:[sx0b&)5<>|]|sh))|opd|u(?:ppet[sx0b&)<>|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[sx0b&)<>|]|k(?:e[sx0b&)<>|]|u))|c(?:p[sx0b&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sx0b&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sx0b&)<>|]|user)|pm(?:[sx0b&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sx0b&)<>|]|sync|u(?:by[^sx0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[sx0b&)<>|])|e(?:(?:d|lf|rvice)[sx0b&)<>|]|t(?:(?:facl)?[sx0b&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sx0b&)<>|]|h(?:(?:adow|ells)?[sx0b&)<>|]|.distrib|u(?:f|tdown[sx0b&)<>|]))|s(?:[sx0b&)<>|]|h(?:[sx0b&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sx0b&)<>|]|do)|vn|diff|ftp|l(?:eep[sx0b&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sx0b&)<>|])|p(?:lit[sx0b&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sx0b&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sx0b&)<>|]|il[sx0b&)<>f|]|sk(?:[sx0b&)<>|]|set))|bl|c(?:p(?:[sx0b&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sx0b&)<>|]|lnet)|i(?:c[sx0b&)<>|]|me(?:(?:out)?[sx0b&)<>|]|datectl))|o(?:p|uch[sx0b&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sx0b&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sx0b&)<>|]|expand|iq|l(?:ink[sx0b&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sx0b&)<>|]|std))|p(?:2date[sx0b&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sx0b&)<>|]|m(?:[sx0b&)<>|]|diff)|gr|pw|rsh|sudo)|algrind|olatility[sx0b&)<>|])|w(?:[sx0b&)<>c|]|h(?:o(?:[sx0b&)<>|]|ami|is)?|iptail[sx0b&)<>|])|a(?:ll|tch)[sx0b&)<>|]|i(?:reshark|sh[sx0b&)<>|]))|x(?:(?:x|pa)d|z(?:[sx0b&)<>|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sx0b&)<>|]|um)|z(?:ip(?:[sx0b&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sx0b&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sv&)<>|]|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:[sv&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sv&)<>|]|l(?:[sv&)5<>|]|sh))|opd|u(?:ppet[sv&)<>|]|shd)|y(?:thon[2-3]|3?versions))|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:(?:facl)?[sv&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:^|b[" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx rn.*?b(?:DATA|QUIT|HELP(?: .{1,255})?)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) [" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx rn.*?b(?:(?:QUI|STA|RSE)T|NOOP|CAPA)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@rx !(?:d|!)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
 SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
diff --git a/waf_patterns/apache/shells.conf b/waf_patterns/apache/shells.conf
index 51ff383..cdc5d5e 100644
--- a/waf_patterns/apache/shells.conf
+++ b/waf_patterns/apache/shells.conf
@@ -1,12 +1,11 @@
 # Apache ModSecurity rules for SHELLS
 SecRuleEngine On
 
-SecRule REQUEST_URI "@pm gzip compress deflate br zstd" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@pmFromFile web-shells-php.data" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=(?:Windows-1251|UTF-8)?'><title>.*?(?: -)? W[Ss][Oo] [0-9.]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx <title>Mini Shell</title>.*Developed By LameHacker" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
@@ -20,7 +19,7 @@ SecRule REQUEST_URI "@rx <title>lama's'hell v. [0-9.]+</title>" "id:1000,phase:1
 SecRule REQUEST_URI "@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx ^<html>n<head>n<div align=" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html>n<head>n<title>Ru24PostWebShell" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html>n<head>n<title>Ru24PostWebShell -" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx ^<html>rn<head>rn<meta http-equiv=" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
 SecRule REQUEST_URI "@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
diff --git a/waf_patterns/apache/sql.conf b/waf_patterns/apache/sql.conf
index 0eb3bd7..83a7e8f 100644
--- a/waf_patterns/apache/sql.conf
+++ b/waf_patterns/apache/sql.conf
@@ -1,12 +1,11 @@
 # Apache ModSecurity rules for SQL
 SecRuleEngine On
 
-SecRule REQUEST_URI "@pm gzip compress deflate br zstd" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "!@pmFromFile sql-errors.data" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)bORA-[0-9][0-9][0-9][0-9][0-9]:|java.sql.SQLException|Oracle(?: erro|[^()]{0,20}Drive)r|Warning.{1,10}o(?:ci_.{1,30}|ra_.{1,20})" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i)Dynamic SQL Error" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
@@ -17,8 +16,8 @@ SecRule REQUEST_URI "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)"
 SecRule REQUEST_URI "@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[()_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|(?:pg_(?:query|exec)() [|org.postgresql.util.PSQLException):|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
diff --git a/waf_patterns/apache/sqli.conf b/waf_patterns/apache/sqli.conf
index f488758..bc13a66 100644
--- a/waf_patterns/apache/sqli.conf
+++ b/waf_patterns/apache/sqli.conf
@@ -5,54 +5,54 @@ SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sqli attac
 SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@detectSQLi" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:select|;)[sx0b]+(?:benchmark|if|sleep)[sx0b]*?([sx0b]*?(?[sx0b]*?[0-9A-Z_a-z]+" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[sx0b()]case[sx0b]+when.*?then|)[sx0b]*?like[sx0b]*?(|select.*?having[sx0b]*?[^sx0b]+[sx0b]*?[^sx0b0-9A-Z_a-z]|if[sx0b]?([0-9A-Z_a-z]+[sx0b]*?[<->~]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)alter[sx0b]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sx0b]+set[sx0b]+[0-9A-Z_a-z]+|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i:merge.*?usings*?(|executes*?immediates*?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)union.*?select.*?from" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)select[sx0b]*?pg_sleep|waitfor[sx0b]*?delay[sx0b]?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)create[sx0b]+function[sx0b].+[sx0b]returns|;[sx0b]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sx0b]*?[([]?[0-9A-Z_a-z]{2,}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)b[sx0b]*(?|end[sx0b]*?);)|[sx0b(]load_file[sx0b]*?(|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)/*[sx0b]*?[!+](?:[sx0b()-0-9=A-Z_a-z]+)?*/" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)/*[sv]*?[!+](?:[sv(-)-0-9=A-Z_a-z]+)?*/" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx ^(?:[^']*'|[^" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)1.e[(),]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)1.e[(-),]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx [" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[!=]=|&&||||->|>[=>]|<(?:[<=]|>(?:[sx0b]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[sx0b" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)[sv" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@streq %{TX.2}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[sx0b" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)[sv" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "!@streq %{TX.2}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:/*)+[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i),.*?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sx0b(]+[0-9A-Z_a-z]+[sx0b)]*?[!+=]+[sx0b0-9]*?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i))[sx0b]*?when[sx0b]*?[0-9]+[sx0b]*?then|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:([sx0b]*?select[sx0b]*?[0-9A-Z_a-z]+|coalesce|order[sx0b]+by[sx0b]+if[0-9A-Z_a-z]*?)[sx0b]*?(|*/from|+[sx0b]*?[0-9]+[sx0b]*?+[sx0b]*?@|[0-9A-Z_a-z][" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)in[sx0b]*?(+[sx0b]*?select|(?:(?:N?AND|X?X?OR|DIV|LIKE|BETWEEN|NOT)[sx0b]+|(?:|||&&)[sx0b]*)[sx0b+0-9A-Z_a-z]+(?:regexp[sx0b]*?(|sounds[sx0b]+like[sx0b]*?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i:^[Wd]+s*?(?:alter|union)b)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)[sx0b]?(?|end[sx0b]*?);|[sx0b(]load_file[sx0b]*?(|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:havingb(?:[sx0b]+(?:[0-9]{1,10}|'[^=]{1,10}')[sx0b]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:orb(?:[sx0b]?(?:[0-9]{1,10}|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)bandb(?:[sx0b]+(?:[0-9]{1,10}[sx0b]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[12]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "!ARGS:foo" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx [a-zA-Z0-9_-]{61,61}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx [a-zA-Z0-9_-]{91,91}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx /*!?|*/|[';]--|--(?:[sx0b]|[^-]*?-)|[^&-]#.*?[sx0b]|;?x00" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i:b0x[a-fd]{3,})" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
@@ -61,8 +61,8 @@ SecRule REQUEST_URI "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^" "id:1000,phase:
 SecRule REQUEST_URI "@rx ^(?:and|or)$" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx ^.*?x5c['" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@detectSQLi" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
 SecRule REQUEST_URI "@rx (?i)W+d*?s*?bhavingbs*?[^s-]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
diff --git a/waf_patterns/apache/xss.conf b/waf_patterns/apache/xss.conf
index a8e17ca..73cfc2f 100644
--- a/waf_patterns/apache/xss.conf
+++ b/waf_patterns/apache/xss.conf
@@ -6,15 +6,15 @@ SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'xss attack
 SecRule REQUEST_URI "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@detectXSS" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?i)<script[^>]*>[sS]*?" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sx0b]+(?:%[sx0b]+)?[^sx0b]+[sx0b]+(?:SYSTEM|PUBLIC)|@import|;base64)b" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sx0b" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?i)<EMBED[s/+].*?(?:src|type).*?=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx <[?]?import[s/+S]*?implementation[s/+]*?=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*[" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
@@ -28,7 +28,7 @@ SecRule REQUEST_URI "@rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)" "id:10
 SecRule REQUEST_URI "@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx ![!+ ][]" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sx0b]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sx0b]*(" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sv]*(" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
 SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
diff --git a/waf_patterns/caddy/attack.conf b/waf_patterns/caddy/attack.conf
index ffd9481..192500c 100644
--- a/waf_patterns/caddy/attack.conf
+++ b/waf_patterns/caddy/attack.conf
@@ -1,4 +1,4 @@
 @block_attack {
-    path_regexp attack "(?i)(@lt 1|@lt 1|@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d|@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w|@rx (?:bhttp/d|<(?:html|meta)b)|@rx [nr]|@rx [nr]|@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:|@rx [nr]|@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)|@rx ^[^sx0b,;]+[sx0b,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)|@rx unix:[^|]*||@lt 2|@lt 2|@rx [nr]|@rx ^[^sx0b,;]+[sx0b,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b|@lt 3|@lt 3|@gt 0|@rx .|@gt 1|@rx (][^]]+$|][^]]+[)|@lt 4|@lt 4|@rx [|!@eq 0|!@within %{tx.allowed_request_content_type_charset}|@rx ^content-types*:s*(.*)$|!@rx ^(?:(?:*|[^!|@rx content-transfer-encoding:(.*)|@rx [^x21-x7E][x21-x39x3B-x7E]*:)"
+    path_regexp attack "(?i)(@lt 1|@lt 1|@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d|@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w|@rx (?:bhttp/d|<(?:html|meta)b)|@rx [nr]|@rx [nr]|@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:|@rx [nr]|@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)|@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)|@rx unix:[^|]*||@lt 2|@lt 2|@rx [nr]|@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b|@lt 3|@lt 3|@gt 0|@rx .|@gt 1|@rx TX:paramcounter_(.*)|@rx (][^]]+$|][^]]+[)|@lt 4|@lt 4|@rx [|!@eq 0|!@within %{tx.allowed_request_content_type_charset}|@rx ^content-types*:s*(.*)$|!@rx ^(?:(?:*|[^!-|@rx content-transfer-encoding:(.*))"
 }
 respond @block_attack 403
diff --git a/waf_patterns/caddy/bots.conf b/waf_patterns/caddy/bots.conf
index 741d467..f045874 100644
--- a/waf_patterns/caddy/bots.conf
+++ b/waf_patterns/caddy/bots.conf
@@ -669,4 +669,8 @@
     header User-Agent *zauba.io*
     header User-Agent *zgrab*
 }
+@evil_bit {
+    header X-Evil-Bit 1
+}
 respond @bad_bot 403
+respond @evil_bit 403
diff --git a/waf_patterns/caddy/enforcement.conf b/waf_patterns/caddy/enforcement.conf
index 22f82a7..2c00039 100644
--- a/waf_patterns/caddy/enforcement.conf
+++ b/waf_patterns/caddy/enforcement.conf
@@ -1,4 +1,4 @@
 @block_enforcement {
-    path_regexp enforcement "(?i)(@lt 1|@lt 1|!@within %{tx.allowed_methods}|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4|@lt 1|@lt 1|!@rx (?i)^(?:get /[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sx0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?)[sx0b]+[.-9A-Z_a-z]+)$|!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^|!@rx ^d+$|@rx ^(?:GET|HEAD)$|!@rx ^0?$|@rx ^(?:GET|HEAD)$|!@eq 0|!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0|@streq POST|@eq 0|@eq 0|!@eq 0|!@eq 0|@rx (d+)-(d+)|@lt %{tx.1}|@rx b(?:keep-alive|close),s?(?:keep-alive|close)b|@rx x25|@rx ^(.*)/(?:[^?]+)?(?.*)?$|@validateUrlEncoding|!@rx ^.*%.*.[^sx0b.]+$|@validateUrlEncoding|@eq 1|@validateUtf8Encoding|@rx (?i)%uff[0-9a-f]{2}|@validateByteRange 1-255|@eq 0|@rx ^$|@rx ^$|!@rx ^OPTIONS$|!@pm AppleWebKit Android Business Enterprise Entreprise|@rx ^$|!@rx ^OPTIONS$|@eq 0|@rx ^$|!@rx ^0$|@eq 0|@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)|@eq 1|@gt %{tx.max_num_args}|@eq 1|@gt %{tx.arg_name_length}|@eq 1|@gt %{tx.arg_length}|@eq 1|@gt %{tx.total_arg_length}|@eq 1|@rx ^(?i)multipart/form-data|@gt %{tx.max_file_size}|@eq 1|@gt %{tx.combined_file_sizes}|!@rx ^[w/.+*-]+(?:s?;s*(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['|@rx ^[^;s]+|!@within %{tx.allowed_request_content_type}|@rx charsets*=s*[|!@within %{tx.allowed_request_content_type_charset}|@rx charset.*?charset|!@within %{tx.allowed_http_versions}|@rx .([^.]+)$|@within %{tx.restricted_extensions}|@rx .[^.~]+~(?:/.*|)$|@rx ^.*$|@within %{tx.restricted_headers_basic}|@gt 100|!@rx ^(?:(?:*|[^!|!@streq JSON|@rx (?i)x5cu[0-9a-f]{4}|@contains #|@gt 1|@lt 2|@lt 2|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}|!@endsWith .pdf|@endsWith .pdf|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}|@rx %[0-9a-fA-F]{2}|@validateByteRange 9,10,13,32-126,128-255|@eq 0|@rx ['|!@rx ^0$|@eq 0|@rx ^.*$|@within %{tx.restricted_headers_extended}|@rx ^(?i)application/x-www-form-urlencoded|@rx x25|@validateUrlEncoding|@lt 3|@lt 3|@validateByteRange 32-36,38-126|@eq 0|!@rx ^(?:OPTIONS|CONNECT)$|!@pm AppleWebKit Android|@ge 1|@rx ^(?i)up|@gt 0|!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$|!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)|@lt 4|@lt 4|@endsWith .pdf|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}|@validateByteRange 38,44-46,48-58,61,65-90,95,97-122|@validateByteRange 32,34,38,42-59,61,65-90,95,97-122|!@rx ^(?:?[01])?$|@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789])"
+    path_regexp enforcement "(?i)(@lt 1|@lt 1|!@within %{tx.allowed_methods}|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4|@lt 1|@lt 1|!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$|!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^|!@rx ^d+$|@rx ^(?:GET|HEAD)$|!@rx ^0?$|@rx ^(?:GET|HEAD)$|!@eq 0|!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0|@streq POST|@eq 0|@eq 0|!@eq 0|!@eq 0|@rx (d+)-(d+)|@lt %{tx.1}|@rx b(?:keep-alive|close),s?(?:keep-alive|close)b|@rx x25|@rx ^(.*)/(?:[^?]+)?(?.*)?$|@validateUrlEncoding|!@rx ^.*%.*.[^sv.]+$|@validateUrlEncoding|@eq 1|@validateUtf8Encoding|@rx (?i)%uff[0-9a-f]{2}|@validateByteRange 1-255|@eq 0|@rx ^$|@rx ^$|!@rx ^OPTIONS$|!@pm AppleWebKit Android Business Enterprise Entreprise|@rx ^$|!@rx ^OPTIONS$|@eq 0|@rx ^$|!@rx ^0$|@eq 0|@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)|@eq 1|@gt %{tx.max_num_args}|@eq 1|@gt %{tx.arg_name_length}|@eq 1|@gt %{tx.arg_length}|@eq 1|@gt %{tx.total_arg_length}|@eq 1|@rx ^(?i)multipart/form-data|@gt %{tx.max_file_size}|@eq 1|@gt %{tx.combined_file_sizes}|!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['|@rx ^[^;s]+|!@within %{tx.allowed_request_content_type}|@rx charsets*=s*[|!@within %{tx.allowed_request_content_type_charset}|@rx charset.*?charset|!@within %{tx.allowed_http_versions}|@rx .([^.]+)$|@within %{tx.restricted_extensions}|@rx .[^.~]+~(?:/.*|)$|@rx ^.*$|@within %{tx.restricted_headers_basic}|@gt 50|!@rx ^(?:(?:*|[^!-|!@streq JSON|@rx (?i)x5cu[0-9a-f]{4}|@contains #|@gt 1|@lt 2|@lt 2|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}|!@endsWith .pdf|@endsWith .pdf|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}|@rx %[0-9a-fA-F]{2}|@validateByteRange 9,10,13,32-126,128-255|@eq 0|@rx ['|!@rx ^0$|@eq 0|@rx ^.*$|@within %{tx.restricted_headers_extended}|@rx ^(?i)application/x-www-form-urlencoded|@rx x25|@validateUrlEncoding|@lt 3|@lt 3|@validateByteRange 32-36,38-126|@eq 0|!@rx ^(?:OPTIONS|CONNECT)$|!@pm AppleWebKit Android|@ge 1|@rx ^(?i)up|@gt 0|!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$|!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)|@lt 4|@lt 4|@endsWith .pdf|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}|@validateByteRange 38,44-46,48-58,61,65-90,95,97-122|@validateByteRange 32,34,38,42-59,61,65-90,95,97-122|!@rx ^(?:?[01])?$|@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789])"
 }
 respond @block_enforcement 403
diff --git a/waf_patterns/caddy/generic.conf b/waf_patterns/caddy/generic.conf
index 11755fd..6467d93 100644
--- a/waf_patterns/caddy/generic.conf
+++ b/waf_patterns/caddy/generic.conf
@@ -1,4 +1,4 @@
 @block_generic {
-    path_regexp generic "(?i)(@lt 1|@lt 1|@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sx0b]+Function[sx0b]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sx0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sx0b]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[|@pmFromFile ssrf.data|@rx (?:__proto__|constructors*(?:.|[)s*prototype)|@rx Process[sx0b]*.[sx0b]*spawn[sx0b]*(|@rx while[sx0b]*([sx0b(]*(?:!+(?:false|null|undefined|NaN|[+-]?0||@rx ^data:(?:(?:*|[^!|@lt 2|@lt 2|@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sx0b]*(|@rx (?i)(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][-.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sx0b]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][-.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+)|@rx ^(?:[^@]|@[^{])*@+{.*}|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp generic "(?i)(@lt 1|@lt 1|@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[|@pmFromFile ssrf.data|@rx (?:__proto__|constructors*(?:.|[)s*prototype)|@rx Process[sv]*.[sv]*spawn[sv]*(|@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0||@rx ^data:(?:(?:*|[^!-|@lt 2|@lt 2|@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(|@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))|@rx @{.*}|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_generic 403
diff --git a/waf_patterns/caddy/iis.conf b/waf_patterns/caddy/iis.conf
index cfb18d5..58285b2 100644
--- a/waf_patterns/caddy/iis.conf
+++ b/waf_patterns/caddy/iis.conf
@@ -1,4 +1,4 @@
 @block_iis {
-    path_regexp iis "(?i)(@pm gzip compress deflate br zstd|@lt 1|@lt 1|@rx [a-z]:x5cinetpubb|@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)|@pmFromFile iis-errors.data|!@rx ^404$|@rx bServer Error in.{0,50}?bApplicationb|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp iis "(?i)(@lt 1|@lt 1|@rx [a-z]:x5cinetpubb|@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)|@pmFromFile iis-errors.data|!@rx ^404$|@rx bServer Error in.{0,50}?bApplicationb|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_iis 403
diff --git a/waf_patterns/caddy/initialization.conf b/waf_patterns/caddy/initialization.conf
index 4273b69..f6b579b 100644
--- a/waf_patterns/caddy/initialization.conf
+++ b/waf_patterns/caddy/initialization.conf
@@ -1,4 +1,4 @@
 @block_initialization {
-    path_regexp initialization "(?i)(@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 1|@unconditionalMatch|!@rx (?:URLENCODED|MULTIPART|XML|JSON)|@eq 1|!@rx (?:URLENCODED|MULTIPART|XML|JSON)|@eq 100|@rx ^[a-f]*([0-9])[a-f]*([0-9])|nolog|!@lt %{tx.sampling_percentage}|@lt %{tx.blocking_paranoia_level})"
+    path_regexp initialization "(?i)(@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 1|@rx ^.*$|!@rx (?:URLENCODED|MULTIPART|XML|JSON)|@eq 1|!@rx (?:URLENCODED|MULTIPART|XML|JSON)|@eq 100|@rx ^[a-f]*([0-9])[a-f]*([0-9])|nolog|!@lt %{tx.sampling_percentage}|@lt %{tx.blocking_paranoia_level})"
 }
 respond @block_initialization 403
diff --git a/waf_patterns/caddy/java.conf b/waf_patterns/caddy/java.conf
index 5eb8d20..2de8a33 100644
--- a/waf_patterns/caddy/java.conf
+++ b/waf_patterns/caddy/java.conf
@@ -1,4 +1,4 @@
 @block_java {
-    path_regexp java "(?i)(@lt 1|@lt 1|@rx java.lang.(?:runtime|processbuilder)|@rx (?:runtime|processbuilder)|@rx (?i)(?:unmarshaller|base64data|java.)|@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)|@rx (?:runtime|processbuilder)|@pmFromFile java-classes.data|@rx .*.(?:jsp|jspx).*$|@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)|@lt 2|@lt 2|@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)|@rx xacxedx00x05|@rx (?:rO0ABQ|KztAAU|Cs7QAF)|@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)|@rx javab.+(?:runtime|processbuilder)|@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)|@lt 3|@lt 3|@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)|@lt 4|@lt 4|@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|@pm gzip compress deflate br zstd|@lt 1|@lt 1|@pmFromFile java-code-leakages.data|@pmFromFile java-errors.data|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp java "(?i)(@lt 1|@lt 1|@rx java.lang.(?:runtime|processbuilder)|@rx (?:runtime|processbuilder)|@rx (?:unmarshaller|base64data|java.)|@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)|@rx (?:runtime|processbuilder)|@pmFromFile java-classes.data|@rx .*.(?:jsp|jspx).*$|@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)|@lt 2|@lt 2|@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)|@rx xacxedx00x05|@rx (?:rO0ABQ|KztAAU|Cs7QAF)|@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)|@rx javab.+(?:runtime|processbuilder)|@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)|@lt 3|@lt 3|@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)|@lt 4|@lt 4|@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|@lt 1|@lt 1|@pmFromFile java-code-leakages.data|@pmFromFile java-errors.data|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_java 403
diff --git a/waf_patterns/caddy/leakages.conf b/waf_patterns/caddy/leakages.conf
index 4f19e79..f9602dd 100644
--- a/waf_patterns/caddy/leakages.conf
+++ b/waf_patterns/caddy/leakages.conf
@@ -1,4 +1,4 @@
 @block_leakages {
-    path_regexp leakages "(?i)(@eq 1|@pm gzip compress deflate br zstd|@lt 1|@lt 1|@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)|@rx ^#!s?/|@lt 2|@lt 2|@rx ^5d{2}$|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp leakages "(?i)(@lt 1|@lt 1|@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)|@rx ^#!s?/|@lt 2|@lt 2|@rx ^5d{2}$|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_leakages 403
diff --git a/waf_patterns/caddy/lfi.conf b/waf_patterns/caddy/lfi.conf
index ea5f36f..6040a33 100644
--- a/waf_patterns/caddy/lfi.conf
+++ b/waf_patterns/caddy/lfi.conf
@@ -1,4 +1,4 @@
 @block_lfi {
-    path_regexp lfi "(?i)(@lt 1|@lt 1|@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[01]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))|@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))|@pmFromFile lfi-os-files.data|@pmFromFile restricted-files.data|@lt 2|@lt 2|@pmFromFile lfi-os-files.data|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp lfi "(?i)(@lt 1|@lt 1|@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))|@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))|@pmFromFile lfi-os-files.data|@pmFromFile restricted-files.data|@lt 2|@lt 2|@pmFromFile lfi-os-files.data|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_lfi 403
diff --git a/waf_patterns/caddy/php.conf b/waf_patterns/caddy/php.conf
index 0d05479..73db202 100644
--- a/waf_patterns/caddy/php.conf
+++ b/waf_patterns/caddy/php.conf
@@ -1,4 +1,4 @@
 @block_php {
-    path_regexp php "(?i)(@lt 1|@lt 1|@rx (?i)<?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^sx0b]|[sx0b]+[^a-z]|$)))|$|php)|[[/x5c]?php]|@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$|@pmFromFile php-config-directives.data|@rx b([^s]+)s*=[^=]|@pmFromFile php-config-directives.data|@pmFromFile php-variables.data|@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)|@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://|@pmFromFile php-function-names-933150.data|@rx (?i)b(?[|@rx [oOcC]:d+:|@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)|@rx (?:((?:.+)(?:[|@lt 2|@lt 2|@pmFromFile php-function-names-933151.data|@rx b([^s]+)s*[(]|@pmFromFile php-function-names-933151.data|@lt 3|@lt 3|@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI|@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sx0b]|/*.**/|(?:#|//).*)*(.*)|@rx .*.(?:phpd*|phtml)..*$|@pm ?>|@rx (?:((?:.+)(?:[|@lt 4|@lt 4|@pm gzip compress deflate br zstd|@lt 1|@lt 1|@pmFromFile php-errors.data|@rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b|@rx (?i)<?(?:=|php)?s+|@lt 2|@lt 2|@pmFromFile php-errors-pl2.data|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp php "(?i)(@lt 1|@lt 1|@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])|@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$|@pmFromFile php-config-directives.data|@pm =|@pmFromFile php-variables.data|@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)|@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://|@pmFromFile php-function-names-933150.data|@rx (?i)b(?[|@rx [oOcC]:d+:|@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)|@rx (?:((?:.+)(?:[|@lt 2|@lt 2|@pmFromFile php-function-names-933151.data|@pm (|@lt 3|@lt 3|@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI|@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)|@rx .*.(?:phpd*|phtml)..*$|@pm ?>|@rx (?:((?:.+)(?:[|@lt 4|@lt 4|@lt 1|@lt 1|@pmFromFile php-errors.data|@rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b|@rx (?i)<?(?:=|php)?s+|@lt 2|@lt 2|@pmFromFile php-errors-pl2.data|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_php 403
diff --git a/waf_patterns/caddy/rce.conf b/waf_patterns/caddy/rce.conf
index da7f636..866dd13 100644
--- a/waf_patterns/caddy/rce.conf
+++ b/waf_patterns/caddy/rce.conf
@@ -1,4 +1,4 @@
 @block_rce {
-    path_regexp rce "(?i)(@lt 1|@lt 1|@rx (?i)(?:b[|@rx (?i)(?:b[|@pmFromFile windows-powershell-commands.data|@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b|@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]|@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sx0b]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))|@rx ~(?:[+-](?:$|[sx0b0-9]+)|[0-9]+)|@rx (?i)(?:^|b[|@rx (?i)(?:^|b[|@rx !-d|@pmFromFile unix-shell.data|@rx ^(s*)s+{|@rx ^(s*)s+{|@rx ba[|@pmFromFile restricted-upload.data|@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b|@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b|@lt 2|@lt 2|@rx (?:b[|@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]|@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]|@rx /|@rx s|@rx ^[^#]+|@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]))|@rx /|@rx s|@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{])|@rx /|@rx s|@rx (?i).|(?:[sx0b]*|b[|@rx (?i)[-0-9_a-z]+(?:[sx0b]*[|!@rx [0-9]s*'s*[0-9]|@rx ;[sx0b]*.[sx0b]*[|@rx rn.*?b(?:E(?:HLO [-.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [-.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}@.{1,255}>|R(?:CPT TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SETb)|VRFY .{1,64}(?: <.{1,64}@.{1,255}>|@.{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20} (?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}=|[+/-9A-Z_a-zx17fx212a]{3}))?=|STARTTLSb|NOOPb(?: .{1,255})?)|@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:[|@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9_a-z]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))|@rx (?i)(?:^|b[|@rx (?i)(?:^|b[|@pmFromFile unix-shell.data|@lt 3|@lt 3|@rx (?:b[|@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sx0b&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sx0b&)<>|]|pt(?:(?:itude)?[sx0b&)<>|]|-get)|r(?:[sx0b&)<>j|]|(?:p|ch)[sx0b&)<>|]|ia2c)|s(?:h?[sx0b&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sx0b&)<>|]|obm)|dd(?:group|user)|getty|nsible)|b(?:z(?:z[sx0b&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sx0b&)<>|]|c))|h[sx0b&)<>|])|tch[sx0b&)<>|])|lkid|pftrace|r(?:eaksw|idge[sx0b&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sx0b&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[sx0b&)<>|]|mp|p(?:[sx0b&)<>|]|io|ulimit)|s(?:h|cli[sx0b&)<>|]|plit|vtool)|u(?:t[sx0b&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sx0b&)<>|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[sx0b&)-<>|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sx0b&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sx0b&)<>|]|w(?:say|think))|r(?:ash[sx0b&)<>|]|on(?:[sx0b&)<>|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sx0b&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sx0b&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sx0b&)<>|]|n(?:v(?:[sx0b&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sx0b&)<>h|]|ac)|x(?:(?:ec)?[sx0b&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sx0b&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sx0b&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sx0b&)<>|]|le(?:[sx0b&)<>|]|test))|mt|tp(?:[sx0b&)<>|]|stats|who)|acter|o(?:ld[sx0b&)<>|]|reach)|ping)|g(?:c(?:c[^sx0b]|ore)|db|e(?:(?:m|tfacl)[sx0b&)<>|]|ni(?:e[sx0b&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sx0b&)<>|]|nsh)|(?:o|awk)[sx0b&)<>|]|pg|r(?:c|ep[sx0b&)<>|]|oup(?:[sx0b&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sx0b&)<>|]|e(?:ad[sx0b&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sx0b&)<>|]|onice|spell)|j(?:js|q|ava[sx0b&)<>|]|exec|o(?:(?:bs|in)[sx0b&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sx0b&)<>|]|all)|nife[sx0b&)<>|])|l(?:d(?:d?[sx0b&)<>|]|config)|(?:[np]|ynx)[sx0b&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sx0b&)<>|]|(?:la)?tex)|z(?:[sx0b&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sx0b&)<>|]|comm|log(?:in)?)|tex[sx0b&)<>|])|ess(?:[sx0b&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sx0b&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sx0b&)<>|]|il(?:[sx0b&)<>q|]|x[sx0b&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sx0b&)<>|]|k(?:dir[sx0b&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sx0b&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sx0b&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sx0b&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sx0b&)<>|]|m(?:[sx0b&)<>|]|ap)|p(?:m[sx0b&)<>|]|ing)|a(?:no[sx0b&)<>|]|sm|wk)|o(?:de[sx0b&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sx0b&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sx0b&)<>|]|s(?:swd|te[sx0b&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sx0b&)<>|]|tp)|g(?:[sx0b&)<>|]|rep)|hp(?:[sx0b&)57<>|]|-cgi)|i(?:(?:co?|ng)[sx0b&)<>|]|p[^sx0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sx0b&)<>|]|int(?:env|f[sx0b&)<>|]))|s(?:[sx0b&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sx0b&)<>|]|l(?:[sx0b&)5<>|]|sh))|opd|u(?:ppet[sx0b&)<>|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[sx0b&)<>|]|k(?:e[sx0b&)<>|]|u))|c(?:p[sx0b&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sx0b&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sx0b&)<>|]|user)|pm(?:[sx0b&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sx0b&)<>|]|sync|u(?:by[^sx0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[sx0b&)<>|])|e(?:(?:d|lf|rvice)[sx0b&)<>|]|t(?:(?:facl)?[sx0b&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sx0b&)<>|]|h(?:(?:adow|ells)?[sx0b&)<>|]|.distrib|u(?:f|tdown[sx0b&)<>|]))|s(?:[sx0b&)<>|]|h(?:[sx0b&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sx0b&)<>|]|do)|vn|diff|ftp|l(?:eep[sx0b&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sx0b&)<>|])|p(?:lit[sx0b&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sx0b&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sx0b&)<>|]|il[sx0b&)<>f|]|sk(?:[sx0b&)<>|]|set))|bl|c(?:p(?:[sx0b&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sx0b&)<>|]|lnet)|i(?:c[sx0b&)<>|]|me(?:(?:out)?[sx0b&)<>|]|datectl))|o(?:p|uch[sx0b&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sx0b&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sx0b&)<>|]|expand|iq|l(?:ink[sx0b&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sx0b&)<>|]|std))|p(?:2date[sx0b&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sx0b&)<>|]|m(?:[sx0b&)<>|]|diff)|gr|pw|rsh|sudo)|algrind|olatility[sx0b&)<>|])|w(?:[sx0b&)<>c|]|h(?:o(?:[sx0b&)<>|]|ami|is)?|iptail[sx0b&)<>|])|a(?:ll|tch)[sx0b&)<>|]|i(?:reshark|sh[sx0b&)<>|]))|x(?:(?:x|pa)d|z(?:[sx0b&)<>|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sx0b&)<>|]|um)|z(?:ip(?:[sx0b&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sx0b&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])|@rx (?i)(?:^|b[|@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)|@rx rn.*?b(?:DATA|QUIT|HELP(?: .{1,255})?)|@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) [|@rx rn.*?b(?:(?:QUI|STA|RSE)T|NOOP|CAPA)|@rx !(?:d|!)|@lt 4|@lt 4)"
+    path_regexp rce "(?i)(@lt 1|@lt 1|@rx (?i)(?:b[|@rx (?i)(?:b[|@pmFromFile windows-powershell-commands.data|@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv|@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]|@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))|@rx (?i)(?:^|b[|@rx (?i)(?:^|b[|@rx !-d|@pmFromFile unix-shell.data|@rx ^(s*)s+{|@rx ^(s*)s+{|@rx ba[|@pmFromFile restricted-upload.data|@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv|@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv|@lt 2|@lt 2|@rx (?:b[|@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]|@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]|@rx /|@rx s|@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))|@rx /|@rx s|@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])|@rx /|@rx s|@rx (?i).|(?:[sv]*|b[|@rx (?i)[-0-9_a-z]+(?:[sv]*[|!@rx [0-9]s*'s*[0-9]|@rx ;[sv]*.[sv]*[|@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)|@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:[|@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))|@rx (?i)(?:^|b[|@rx (?i)(?:^|b[|@pmFromFile unix-shell.data|@lt 3|@lt 3|@rx (?:b[|@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sv&)<>|]|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:[sv&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sv&)<>|]|l(?:[sv&)5<>|]|sh))|opd|u(?:ppet[sv&)<>|]|shd)|y(?:thon[2-3]|3?versions))|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:(?:facl)?[sv&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])|@rx (?i)(?:^|b[|@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)|@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)|@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) [|@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)|@rx !(?:d|!)|@lt 4|@lt 4)"
 }
 respond @block_rce 403
diff --git a/waf_patterns/caddy/shells.conf b/waf_patterns/caddy/shells.conf
index eda0174..f47aecf 100644
--- a/waf_patterns/caddy/shells.conf
+++ b/waf_patterns/caddy/shells.conf
@@ -1,4 +1,4 @@
 @block_shells {
-    path_regexp shells "(?i)(@pm gzip compress deflate br zstd|@lt 1|@lt 1|@pmFromFile web-shells-php.data|@rx <title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>|@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=(?:Windows-1251|UTF-8)?'><title>.*?(?: -)? W[Ss][Oo] [0-9.]+</title>|@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>|@rx <title>Mini Shell</title>.*Developed By LameHacker|@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>|@rx <title>Symlink_Sa [0-9.]+</title>|@rx <title>CasuS [0-9.]+ by MafiABoY</title>|@rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+|@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$|@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -|@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>|@rx <title>lama's'hell v. [0-9.]+</title>|@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -|@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->|@rx ^<html>n<head>n<div align=|@rx ^<html>n<head>n<title>Ru24PostWebShell|@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>|@rx ^<html>rn<head>rn<meta http-equiv=|@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+|@contains <title>punkholicshell</title>|@rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>|@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=|@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>|@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>|@lt 2|@lt 2|@contains <h1 style=|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp shells "(?i)(@lt 1|@lt 1|@pmFromFile web-shells-php.data|@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)|@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>|@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>|@rx <title>Mini Shell</title>.*Developed By LameHacker|@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>|@rx <title>Symlink_Sa [0-9.]+</title>|@rx <title>CasuS [0-9.]+ by MafiABoY</title>|@rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+|@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$|@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -|@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>|@rx <title>lama's'hell v. [0-9.]+</title>|@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -|@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->|@rx ^<html>n<head>n<div align=|@rx ^<html>n<head>n<title>Ru24PostWebShell -|@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>|@rx ^<html>rn<head>rn<meta http-equiv=|@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+|@contains <title>punkholicshell</title>|@rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>|@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=|@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>|@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>|@lt 2|@lt 2|@contains <h1 style=|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_shells 403
diff --git a/waf_patterns/caddy/sql.conf b/waf_patterns/caddy/sql.conf
index c3d94c5..e4d8ed7 100644
--- a/waf_patterns/caddy/sql.conf
+++ b/waf_patterns/caddy/sql.conf
@@ -1,4 +1,4 @@
 @block_sql {
-    path_regexp sql "(?i)(@pm gzip compress deflate br zstd|@lt 1|@lt 1|!@pmFromFile sql-errors.data|@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])|@rx (?i)bORA-[0-9][0-9][0-9][0-9][0-9]:|java.sql.SQLException|Oracle(?: erro|[^()]{0,20}Drive)r|Warning.{1,10}o(?:ci_.{1,30}|ra_.{1,20})|@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()|@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)|@rx (?i)Dynamic SQL Error|@rx (?i)Exception (?:condition )?d+. Transaction rollback.|@rx (?i)org.hsqldb.jdbc|@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)|@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)|@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)|@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)|@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)|@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[()_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):|@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|(?:pg_(?:query|exec)() [|org.postgresql.util.PSQLException):|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er|@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)|@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp sql "(?i)(@lt 1|@lt 1|!@pmFromFile sql-errors.data|@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])|@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)|@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()|@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)|@rx (?i)Dynamic SQL Error|@rx (?i)Exception (?:condition )?d+. Transaction rollback.|@rx (?i)org.hsqldb.jdbc|@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)|@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)|@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)|@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)|@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)|@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):|@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er|@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)|@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_sql 403
diff --git a/waf_patterns/caddy/sqli.conf b/waf_patterns/caddy/sqli.conf
index 5b92b4a..1751ace 100644
--- a/waf_patterns/caddy/sqli.conf
+++ b/waf_patterns/caddy/sqli.conf
@@ -1,4 +1,4 @@
 @block_sqli {
-    path_regexp sqli "(?i)(@lt 1|@lt 1|@detectSQLi|@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))|@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(|@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))|@rx (?i)(?:select|;)[sx0b]+(?:benchmark|if|sleep)[sx0b]*?([sx0b]*?(?[sx0b]*?[0-9A-Z_a-z]+|@rx (?i)[|@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$|@rx (?i)[sx0b()]case[sx0b]+when.*?then|)[sx0b]*?like[sx0b]*?(|select.*?having[sx0b]*?[^sx0b]+[sx0b]*?[^sx0b0-9A-Z_a-z]|if[sx0b]?([0-9A-Z_a-z]+[sx0b]*?[<->~]|@rx (?i)alter[sx0b]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sx0b]+set[sx0b]+[0-9A-Z_a-z]+|[|@rx (?i:merge.*?usings*?(|executes*?immediates*?[|@rx (?i)union.*?select.*?from|@rx (?i)select[sx0b]*?pg_sleep|waitfor[sx0b]*?delay[sx0b]?[|@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?|@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)|@rx (?i)create[sx0b]+function[sx0b].+[sx0b]returns|;[sx0b]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sx0b]*?[([]?[0-9A-Z_a-z]{2,}|@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)b[sx0b]*(?|end[sx0b]*?);)|[sx0b(]load_file[sx0b]*?(|[|@rx (?i)/*[sx0b]*?[!+](?:[sx0b()-0-9=A-Z_a-z]+)?*/|@rx ^(?:[^']*'|[^|@rx (?i)1.e[(),]|@rx [|@lt 2|@lt 2|@rx (?i)[!=]=|&&||||->|>[=>]|<(?:[<=]|>(?:[sx0b]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[|@rx (?i)[sx0b|@streq %{TX.2}|@rx (?i)[sx0b|!@streq %{TX.2}|@rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*(|@rx (?i)(?:/*)+[|@rx (?i),.*?[|@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sx0b(]+[0-9A-Z_a-z]+[sx0b)]*?[!+=]+[sx0b0-9]*?[|@rx (?i)[|@rx (?i))[sx0b]*?when[sx0b]*?[0-9]+[sx0b]*?then|[|@rx (?i)(?:([sx0b]*?select[sx0b]*?[0-9A-Z_a-z]+|coalesce|order[sx0b]+by[sx0b]+if[0-9A-Z_a-z]*?)[sx0b]*?(|*/from|+[sx0b]*?[0-9]+[sx0b]*?+[sx0b]*?@|[0-9A-Z_a-z][|@rx (?i)[|@rx (?i)in[sx0b]*?(+[sx0b]*?select|(?:(?:N?AND|X?X?OR|DIV|LIKE|BETWEEN|NOT)[sx0b]+|(?:|||&&)[sx0b]*)[sx0b+0-9A-Z_a-z]+(?:regexp[sx0b]*?(|sounds[sx0b]+like[sx0b]*?[|@rx (?i:^[Wd]+s*?(?:alter|union)b)|@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)[sx0b]?(?|end[sx0b]*?);|[sx0b(]load_file[sx0b]*?(|[|@rx (?i)[|@rx (?i)b(?:havingb(?:[sx0b]+(?:[0-9]{1,10}|'[^=]{1,10}')[sx0b]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[|@rx (?i)b(?:orb(?:[sx0b]?(?:[0-9]{1,10}|[|@rx (?i)bandb(?:[sx0b]+(?:[0-9]{1,10}[sx0b]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[|@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[12]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(|@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)|@rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'|!ARGS:foo|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx [a-zA-Z0-9_-]{61,61}|@rx [a-zA-Z0-9_-]{91,91}|@rx /*!?|*/|[';]--|--(?:[sx0b]|[^-]*?-)|[^&-]#.*?[sx0b]|;?x00|!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$|@rx (?i:b0x[a-fd]{3,})|@rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)|@rx (?i)[|@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^|@rx ^(?:and|or)$|@rx ^.*?x5c['|@detectSQLi|@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(|@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)|@lt 3|@lt 3|@rx (?i)W+d*?s*?bhavingbs*?[^s-]|@rx [|!REQUEST_COOKIES:foo_id|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx W{4}|@rx (?:'(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)')|@rx ';|@lt 4|@lt 4|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx ((?:[~!@#$%^&*()-+={}[]|:;)"
+    path_regexp sqli "(?i)(@lt 1|@lt 1|@detectSQLi|@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))|@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(|@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))|@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+|@rx (?i)[|@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$|@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]|@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|[|@rx (?i:merge.*?usings*?(|executes*?immediates*?[|@rx (?i)union.*?select.*?from|@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?[|@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?|@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)|@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}|@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|[|@rx (?i)/*[sv]*?[!+](?:[sv(-)-0-9=A-Z_a-z]+)?*/|@rx ^(?:[^']*'|[^|@rx (?i)1.e[(-),]|@rx [|@lt 2|@lt 2|@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[|@rx (?i)[sv|@streq %{TX.2}|@rx (?i)[sv|!@streq %{TX.2}|@rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*(|@rx (?i)(?:/*)+[|@rx (?i),.*?[|@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[|@rx (?i)[|@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[|@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][|@rx (?i)[|@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[|@rx (?i:^[Wd]+s*?(?:alter|union)b)|@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[|@rx (?i)[|@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[|@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[|@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[|@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(|@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)|@rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'|!ARGS:foo|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx [a-zA-Z0-9_-]{61,61}|@rx [a-zA-Z0-9_-]{91,91}|@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00|!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$|@rx (?i:b0x[a-fd]{3,})|@rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)|@rx (?i)[|@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^|@rx ^(?:and|or)$|@rx ^.*?x5c['|@detectSQLi|@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(|@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)|@lt 3|@lt 3|@rx (?i)W+d*?s*?bhavingbs*?[^s-]|@rx [|!REQUEST_COOKIES:foo_id|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx W{4}|@rx (?:'(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)')|@rx ';|@lt 4|@lt 4|@rx ((?:[~!@#$%^&*()-+={}[]|:;|@rx ((?:[~!@#$%^&*()-+={}[]|:;)"
 }
 respond @block_sqli 403
diff --git a/waf_patterns/caddy/xss.conf b/waf_patterns/caddy/xss.conf
index 1c4b043..ebb6cdb 100644
--- a/waf_patterns/caddy/xss.conf
+++ b/waf_patterns/caddy/xss.conf
@@ -1,4 +1,4 @@
 @block_xss {
-    path_regexp xss "(?i)(@lt 1|@lt 1|!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122|@detectXSS|@rx (?i)<script[^>]*>[sS]*?|@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sx0b]+(?:%[sx0b]+)?[^sx0b]+[sx0b]+(?:SYSTEM|PUBLIC)|@import|;base64)b|@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript|@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sx0b|@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[|@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[|@rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))|@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)|@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).|@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).|@rx (?i)<EMBED[s/+].*?(?:src|type).*?=|@rx <[?]?import[s/+S]*?implementation[s/+]*?=|@rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*[|@rx (?i:<META[s/+].*?charset[s/+]*=)|@rx (?i)<LINK[s/+].*?href[s/+]*=|@rx (?i)<BASE[s/+].*?href[s/+]*=|@rx (?i)<APPLET[s/+>]|@rx (?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=|@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe|@rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)|@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-|@rx ![!+ ][]|@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)|@rx (?i)b(?:eval|set(?:timeout|interval)|new[sx0b]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sx0b]*(|@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`|@lt 2|@lt 2|@detectXSS|@rx (?i)[s|@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=|@contains -->|@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W|@rx (?i:[|@rx (?i)[|@rx {{.*?}}|@lt 3|@lt 3|@lt 4|@lt 4)"
+    path_regexp xss "(?i)(@lt 1|@lt 1|!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122|@detectXSS|@rx (?i)<script[^>]*>[sS]*?|@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b|@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript|@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv|@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[|@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[|@rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))|@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)|@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).|@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).|@rx (?i)<EMBED[s/+].*?(?:src|type).*?=|@rx <[?]?import[s/+S]*?implementation[s/+]*?=|@rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*[|@rx (?i:<META[s/+].*?charset[s/+]*=)|@rx (?i)<LINK[s/+].*?href[s/+]*=|@rx (?i)<BASE[s/+].*?href[s/+]*=|@rx (?i)<APPLET[s/+>]|@rx (?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=|@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe|@rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)|@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-|@rx ![!+ ][]|@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)|@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sv]*(|@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`|@lt 2|@lt 2|@detectXSS|@rx (?i)[s|@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=|@contains -->|@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W|@rx (?i:[|@rx (?i)[|@rx {{.*?}}|@lt 3|@lt 3|@lt 4|@lt 4)"
 }
 respond @block_xss 403
diff --git a/waf_patterns/haproxy/bots.acl b/waf_patterns/haproxy/bots.acl
index 3e02958..046172c 100644
--- a/waf_patterns/haproxy/bots.acl
+++ b/waf_patterns/haproxy/bots.acl
@@ -667,4 +667,6 @@ acl bad_bot hdr_sub(User-Agent) -i x22Mozilla
 acl bad_bot hdr_sub(User-Agent) -i xpymep1.exe
 acl bad_bot hdr_sub(User-Agent) -i zauba.io
 acl bad_bot hdr_sub(User-Agent) -i zgrab
+acl evil_bit hdr(X-Evil-Bit) -i 1
 http-request deny if bad_bot
+http-request deny if evil_bit
diff --git a/waf_patterns/haproxy/waf.acl b/waf_patterns/haproxy/waf.acl
index 8798c50..cd64110 100644
--- a/waf_patterns/haproxy/waf.acl
+++ b/waf_patterns/haproxy/waf.acl
@@ -41,11 +41,9 @@ acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
-acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
-http-request deny if block_INITIALIZATION
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_INITIALIZATION
-acl block_INITIALIZATION hdr_sub(User-Agent) -i @unconditionalMatch
+acl block_INITIALIZATION hdr_sub(User-Agent) -i @rx ^.*$
 http-request deny if block_INITIALIZATION
 acl block_INITIALIZATION hdr_sub(User-Agent) -i !@rx (?:URLENCODED|MULTIPART|XML|JSON)
 http-request deny if block_INITIALIZATION
@@ -113,9 +111,9 @@ acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ENFORCEMENT
-acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx (?i)^(?:get /[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sx0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?)[sx0b]+[.-9A-Z_a-z]+)$
+acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$
 http-request deny if block_ENFORCEMENT
-acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^
+acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^d+$
 http-request deny if block_ENFORCEMENT
@@ -151,7 +149,7 @@ acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^(.*)/(?:[^?]+)?(?.*)?$
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateUrlEncoding
 http-request deny if block_ENFORCEMENT
-acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^.*%.*.[^sx0b.]+$
+acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^.*%.*.[^sv.]+$
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateUrlEncoding
 http-request deny if block_ENFORCEMENT
@@ -213,7 +211,7 @@ acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt %{tx.combined_file_sizes}
 http-request deny if block_ENFORCEMENT
-acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^[w/.+*-]+(?:s?;s*(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['
+acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^[^;s]+
 http-request deny if block_ENFORCEMENT
@@ -237,9 +235,9 @@ acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^.*$
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @within %{tx.restricted_headers_basic}
 http-request deny if block_ENFORCEMENT
-acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt 100
+acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt 50
 http-request deny if block_ENFORCEMENT
-acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^(?:(?:*|[^!
+acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^(?:(?:*|[^!-
 http-request deny if block_ENFORCEMENT
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@streq JSON
 http-request deny if block_ENFORCEMENT
@@ -341,7 +339,7 @@ acl block_ATTACK hdr_sub(User-Agent) -i @rx [nr]
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)
 http-request deny if block_ATTACK
-acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^sx0b,;]+[sx0b,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)
+acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @rx unix:[^|]*|
 http-request deny if block_ATTACK
@@ -351,7 +349,7 @@ acl block_ATTACK hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [nr]
 http-request deny if block_ATTACK
-acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^sx0b,;]+[sx0b,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b
+acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_ATTACK
@@ -363,6 +361,8 @@ acl block_ATTACK hdr_sub(User-Agent) -i @rx .
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @gt 1
 http-request deny if block_ATTACK
+acl block_ATTACK hdr_sub(User-Agent) -i @rx TX:paramcounter_(.*)
+http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @rx (][^]]+$|][^]]+[)
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 4
@@ -377,17 +377,15 @@ acl block_ATTACK hdr_sub(User-Agent) -i !@within %{tx.allowed_request_content_ty
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @rx ^content-types*:s*(.*)$
 http-request deny if block_ATTACK
-acl block_ATTACK hdr_sub(User-Agent) -i !@rx ^(?:(?:*|[^!
+acl block_ATTACK hdr_sub(User-Agent) -i !@rx ^(?:(?:*|[^!-
 http-request deny if block_ATTACK
 acl block_ATTACK hdr_sub(User-Agent) -i @rx content-transfer-encoding:(.*)
 http-request deny if block_ATTACK
-acl block_ATTACK hdr_sub(User-Agent) -i @rx [^x21-x7E][x21-x39x3B-x7E]*:
-http-request deny if block_ATTACK
 acl block_LFI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_LFI
 acl block_LFI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_LFI
-acl block_LFI hdr_sub(User-Agent) -i @rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[01]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))
+acl block_LFI hdr_sub(User-Agent) -i @rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))
 http-request deny if block_LFI
 acl block_LFI hdr_sub(User-Agent) -i @rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))
 http-request deny if block_LFI
@@ -449,13 +447,11 @@ acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:b[
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @pmFromFile windows-powershell-commands.data
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b
+acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]
+acl block_RCE hdr_sub(User-Agent) -i @rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sx0b]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))
-http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx ~(?:[+-](?:$|[sx0b0-9]+)|[0-9]+)
+acl block_RCE hdr_sub(User-Agent) -i @rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:^|b[
 http-request deny if block_RCE
@@ -473,9 +469,9 @@ acl block_RCE hdr_sub(User-Agent) -i @rx ba[
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @pmFromFile restricted-upload.data
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b
+acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b
+acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_RCE
@@ -483,41 +479,39 @@ acl block_RCE hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx (?:b[
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]
+acl block_RCE hdr_sub(User-Agent) -i @rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]
+acl block_RCE hdr_sub(User-Agent) -i @rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx /
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx s
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx ^[^#]+
-http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]))
+acl block_RCE hdr_sub(User-Agent) -i @rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx /
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx s
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{])
+acl block_RCE hdr_sub(User-Agent) -i @rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx /
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx s
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx (?i).|(?:[sx0b]*|b[
+acl block_RCE hdr_sub(User-Agent) -i @rx (?i).|(?:[sv]*|b[
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx (?i)[-0-9_a-z]+(?:[sx0b]*[
+acl block_RCE hdr_sub(User-Agent) -i @rx (?i)[-0-9_a-z]+(?:[sv]*[
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i !@rx [0-9]s*'s*[0-9]
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx ;[sx0b]*.[sx0b]*[
+acl block_RCE hdr_sub(User-Agent) -i @rx ;[sv]*.[sv]*[
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx rn.*?b(?:E(?:HLO [-.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [-.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}@.{1,255}>|R(?:CPT TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SETb)|VRFY .{1,64}(?: <.{1,64}@.{1,255}>|@.{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20} (?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}=|[+/-9A-Z_a-zx17fx212a]{3}))?=|STARTTLSb|NOOPb(?: .{1,255})?)
+acl block_RCE hdr_sub(User-Agent) -i @rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:[
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9_a-z]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))
+acl block_RCE hdr_sub(User-Agent) -i @rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:^|b[
 http-request deny if block_RCE
@@ -531,17 +525,17 @@ acl block_RCE hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx (?:b[
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sx0b&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sx0b&)<>|]|pt(?:(?:itude)?[sx0b&)<>|]|-get)|r(?:[sx0b&)<>j|]|(?:p|ch)[sx0b&)<>|]|ia2c)|s(?:h?[sx0b&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sx0b&)<>|]|obm)|dd(?:group|user)|getty|nsible)|b(?:z(?:z[sx0b&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sx0b&)<>|]|c))|h[sx0b&)<>|])|tch[sx0b&)<>|])|lkid|pftrace|r(?:eaksw|idge[sx0b&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sx0b&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[sx0b&)<>|]|mp|p(?:[sx0b&)<>|]|io|ulimit)|s(?:h|cli[sx0b&)<>|]|plit|vtool)|u(?:t[sx0b&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sx0b&)<>|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[sx0b&)-<>|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sx0b&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sx0b&)<>|]|w(?:say|think))|r(?:ash[sx0b&)<>|]|on(?:[sx0b&)<>|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sx0b&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sx0b&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sx0b&)<>|]|n(?:v(?:[sx0b&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sx0b&)<>h|]|ac)|x(?:(?:ec)?[sx0b&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sx0b&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sx0b&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sx0b&)<>|]|le(?:[sx0b&)<>|]|test))|mt|tp(?:[sx0b&)<>|]|stats|who)|acter|o(?:ld[sx0b&)<>|]|reach)|ping)|g(?:c(?:c[^sx0b]|ore)|db|e(?:(?:m|tfacl)[sx0b&)<>|]|ni(?:e[sx0b&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sx0b&)<>|]|nsh)|(?:o|awk)[sx0b&)<>|]|pg|r(?:c|ep[sx0b&)<>|]|oup(?:[sx0b&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sx0b&)<>|]|e(?:ad[sx0b&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sx0b&)<>|]|onice|spell)|j(?:js|q|ava[sx0b&)<>|]|exec|o(?:(?:bs|in)[sx0b&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sx0b&)<>|]|all)|nife[sx0b&)<>|])|l(?:d(?:d?[sx0b&)<>|]|config)|(?:[np]|ynx)[sx0b&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sx0b&)<>|]|(?:la)?tex)|z(?:[sx0b&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sx0b&)<>|]|comm|log(?:in)?)|tex[sx0b&)<>|])|ess(?:[sx0b&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sx0b&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sx0b&)<>|]|il(?:[sx0b&)<>q|]|x[sx0b&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sx0b&)<>|]|k(?:dir[sx0b&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sx0b&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sx0b&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sx0b&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sx0b&)<>|]|m(?:[sx0b&)<>|]|ap)|p(?:m[sx0b&)<>|]|ing)|a(?:no[sx0b&)<>|]|sm|wk)|o(?:de[sx0b&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sx0b&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sx0b&)<>|]|s(?:swd|te[sx0b&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sx0b&)<>|]|tp)|g(?:[sx0b&)<>|]|rep)|hp(?:[sx0b&)57<>|]|-cgi)|i(?:(?:co?|ng)[sx0b&)<>|]|p[^sx0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sx0b&)<>|]|int(?:env|f[sx0b&)<>|]))|s(?:[sx0b&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sx0b&)<>|]|l(?:[sx0b&)5<>|]|sh))|opd|u(?:ppet[sx0b&)<>|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[sx0b&)<>|]|k(?:e[sx0b&)<>|]|u))|c(?:p[sx0b&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sx0b&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sx0b&)<>|]|user)|pm(?:[sx0b&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sx0b&)<>|]|sync|u(?:by[^sx0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[sx0b&)<>|])|e(?:(?:d|lf|rvice)[sx0b&)<>|]|t(?:(?:facl)?[sx0b&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sx0b&)<>|]|h(?:(?:adow|ells)?[sx0b&)<>|]|.distrib|u(?:f|tdown[sx0b&)<>|]))|s(?:[sx0b&)<>|]|h(?:[sx0b&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sx0b&)<>|]|do)|vn|diff|ftp|l(?:eep[sx0b&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sx0b&)<>|])|p(?:lit[sx0b&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sx0b&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sx0b&)<>|]|il[sx0b&)<>f|]|sk(?:[sx0b&)<>|]|set))|bl|c(?:p(?:[sx0b&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sx0b&)<>|]|lnet)|i(?:c[sx0b&)<>|]|me(?:(?:out)?[sx0b&)<>|]|datectl))|o(?:p|uch[sx0b&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sx0b&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sx0b&)<>|]|expand|iq|l(?:ink[sx0b&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sx0b&)<>|]|std))|p(?:2date[sx0b&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sx0b&)<>|]|m(?:[sx0b&)<>|]|diff)|gr|pw|rsh|sudo)|algrind|olatility[sx0b&)<>|])|w(?:[sx0b&)<>c|]|h(?:o(?:[sx0b&)<>|]|ami|is)?|iptail[sx0b&)<>|])|a(?:ll|tch)[sx0b&)<>|]|i(?:reshark|sh[sx0b&)<>|]))|x(?:(?:x|pa)d|z(?:[sx0b&)<>|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sx0b&)<>|]|um)|z(?:ip(?:[sx0b&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sx0b&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])
+acl block_RCE hdr_sub(User-Agent) -i @rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sv&)<>|]|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:[sv&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sv&)<>|]|l(?:[sv&)5<>|]|sh))|opd|u(?:ppet[sv&)<>|]|shd)|y(?:thon[2-3]|3?versions))|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:(?:facl)?[sv&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:^|b[
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx rn.*?b(?:DATA|QUIT|HELP(?: .{1,255})?)
+acl block_RCE hdr_sub(User-Agent) -i @rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) [
 http-request deny if block_RCE
-acl block_RCE hdr_sub(User-Agent) -i @rx rn.*?b(?:(?:QUI|STA|RSE)T|NOOP|CAPA)
+acl block_RCE hdr_sub(User-Agent) -i @rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)
 http-request deny if block_RCE
 acl block_RCE hdr_sub(User-Agent) -i @rx !(?:d|!)
 http-request deny if block_RCE
@@ -553,15 +547,13 @@ acl block_PHP hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_PHP
-acl block_PHP hdr_sub(User-Agent) -i @rx (?i)<?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^sx0b]|[sx0b]+[^a-z]|$)))|$|php)|[[/x5c]?php]
+acl block_PHP hdr_sub(User-Agent) -i @rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-config-directives.data
 http-request deny if block_PHP
-acl block_PHP hdr_sub(User-Agent) -i @rx b([^s]+)s*=[^=]
-http-request deny if block_PHP
-acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-config-directives.data
+acl block_PHP hdr_sub(User-Agent) -i @pm =
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-variables.data
 http-request deny if block_PHP
@@ -585,9 +577,7 @@ acl block_PHP hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-function-names-933151.data
 http-request deny if block_PHP
-acl block_PHP hdr_sub(User-Agent) -i @rx b([^s]+)s*[(]
-http-request deny if block_PHP
-acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-function-names-933151.data
+acl block_PHP hdr_sub(User-Agent) -i @pm (
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_PHP
@@ -595,7 +585,7 @@ acl block_PHP hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI
 http-request deny if block_PHP
-acl block_PHP hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sx0b]|/*.**/|(?:#|//).*)*(.*)
+acl block_PHP hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @rx .*.(?:phpd*|phtml)..*$
 http-request deny if block_PHP
@@ -611,27 +601,27 @@ acl block_GENERIC hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_GENERIC
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_GENERIC
-acl block_GENERIC hdr_sub(User-Agent) -i @rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sx0b]+Function[sx0b]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sx0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sx0b]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[
+acl block_GENERIC hdr_sub(User-Agent) -i @rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[
 http-request deny if block_GENERIC
 acl block_GENERIC hdr_sub(User-Agent) -i @pmFromFile ssrf.data
 http-request deny if block_GENERIC
 acl block_GENERIC hdr_sub(User-Agent) -i @rx (?:__proto__|constructors*(?:.|[)s*prototype)
 http-request deny if block_GENERIC
-acl block_GENERIC hdr_sub(User-Agent) -i @rx Process[sx0b]*.[sx0b]*spawn[sx0b]*(
+acl block_GENERIC hdr_sub(User-Agent) -i @rx Process[sv]*.[sv]*spawn[sv]*(
 http-request deny if block_GENERIC
-acl block_GENERIC hdr_sub(User-Agent) -i @rx while[sx0b]*([sx0b(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|
+acl block_GENERIC hdr_sub(User-Agent) -i @rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|
 http-request deny if block_GENERIC
-acl block_GENERIC hdr_sub(User-Agent) -i @rx ^data:(?:(?:*|[^!
+acl block_GENERIC hdr_sub(User-Agent) -i @rx ^data:(?:(?:*|[^!-
 http-request deny if block_GENERIC
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_GENERIC
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_GENERIC
-acl block_GENERIC hdr_sub(User-Agent) -i @rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sx0b]*(
+acl block_GENERIC hdr_sub(User-Agent) -i @rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(
 http-request deny if block_GENERIC
-acl block_GENERIC hdr_sub(User-Agent) -i @rx (?i)(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][-.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sx0b]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][-.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+)
+acl block_GENERIC hdr_sub(User-Agent) -i @rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))
 http-request deny if block_GENERIC
-acl block_GENERIC hdr_sub(User-Agent) -i @rx ^(?:[^@]|@[^{])*@+{.*}
+acl block_GENERIC hdr_sub(User-Agent) -i @rx @{.*}
 http-request deny if block_GENERIC
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_GENERIC
@@ -651,11 +641,11 @@ acl block_XSS hdr_sub(User-Agent) -i @detectXSS
 http-request deny if block_XSS
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<script[^>]*>[sS]*?
 http-request deny if block_XSS
-acl block_XSS hdr_sub(User-Agent) -i @rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sx0b]+(?:%[sx0b]+)?[^sx0b]+[sx0b]+(?:SYSTEM|PUBLIC)|@import|;base64)b
+acl block_XSS hdr_sub(User-Agent) -i @rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b
 http-request deny if block_XSS
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript
 http-request deny if block_XSS
-acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sx0b
+acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv
 http-request deny if block_XSS
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[
 http-request deny if block_XSS
@@ -665,9 +655,9 @@ acl block_XSS hdr_sub(User-Agent) -i @rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x
 http-request deny if block_XSS
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)
 http-request deny if block_XSS
-acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).
+acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).
 http-request deny if block_XSS
-acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).
+acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).
 http-request deny if block_XSS
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<EMBED[s/+].*?(?:src|type).*?=
 http-request deny if block_XSS
@@ -695,7 +685,7 @@ acl block_XSS hdr_sub(User-Agent) -i @rx ![!+ ][]
 http-request deny if block_XSS
 acl block_XSS hdr_sub(User-Agent) -i @rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)
 http-request deny if block_XSS
-acl block_XSS hdr_sub(User-Agent) -i @rx (?i)b(?:eval|set(?:timeout|interval)|new[sx0b]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sx0b]*(
+acl block_XSS hdr_sub(User-Agent) -i @rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sv]*(
 http-request deny if block_XSS
 acl block_XSS hdr_sub(User-Agent) -i @rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`
 http-request deny if block_XSS
@@ -735,39 +725,39 @@ acl block_SQLI hdr_sub(User-Agent) -i @detectSQLi
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:select|;)[sx0b]+(?:benchmark|if|sleep)[sx0b]*?([sx0b]*?(?[sx0b]*?[0-9A-Z_a-z]+
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sx0b()]case[sx0b]+when.*?then|)[sx0b]*?like[sx0b]*?(|select.*?having[sx0b]*?[^sx0b]+[sx0b]*?[^sx0b0-9A-Z_a-z]|if[sx0b]?([0-9A-Z_a-z]+[sx0b]*?[<->~]
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)alter[sx0b]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sx0b]+set[sx0b]+[0-9A-Z_a-z]+|[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:merge.*?usings*?(|executes*?immediates*?[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)union.*?select.*?from
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)select[sx0b]*?pg_sleep|waitfor[sx0b]*?delay[sx0b]?[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sx0b]+function[sx0b].+[sx0b]returns|;[sx0b]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sx0b]*?[([]?[0-9A-Z_a-z]{2,}
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)b[sx0b]*(?|end[sx0b]*?);)|[sx0b(]load_file[sx0b]*?(|[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)/*[sx0b]*?[!+](?:[sx0b()-0-9=A-Z_a-z]+)?*/
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)/*[sv]*?[!+](?:[sv(-)-0-9=A-Z_a-z]+)?*/
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx ^(?:[^']*'|[^
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)1.e[(),]
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)1.e[(-),]
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx [
 http-request deny if block_SQLI
@@ -775,13 +765,13 @@ acl block_SQLI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[!=]=|&&||||->|>[=>]|<(?:[<=]|>(?:[sx0b]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sx0b
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sv
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @streq %{TX.2}
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sx0b
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sv
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i !@streq %{TX.2}
 http-request deny if block_SQLI
@@ -791,31 +781,31 @@ acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:/*)+[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i),.*?[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sx0b(]+[0-9A-Z_a-z]+[sx0b)]*?[!+=]+[sx0b0-9]*?[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i))[sx0b]*?when[sx0b]*?[0-9]+[sx0b]*?then|[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:([sx0b]*?select[sx0b]*?[0-9A-Z_a-z]+|coalesce|order[sx0b]+by[sx0b]+if[0-9A-Z_a-z]*?)[sx0b]*?(|*/from|+[sx0b]*?[0-9]+[sx0b]*?+[sx0b]*?@|[0-9A-Z_a-z][
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)in[sx0b]*?(+[sx0b]*?select|(?:(?:N?AND|X?X?OR|DIV|LIKE|BETWEEN|NOT)[sx0b]+|(?:|||&&)[sx0b]*)[sx0b+0-9A-Z_a-z]+(?:regexp[sx0b]*?(|sounds[sx0b]+like[sx0b]*?[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:^[Wd]+s*?(?:alter|union)b)
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)[sx0b]?(?|end[sx0b]*?);|[sx0b(]load_file[sx0b]*?(|[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:havingb(?:[sx0b]+(?:[0-9]{1,10}|'[^=]{1,10}')[sx0b]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:orb(?:[sx0b]?(?:[0-9]{1,10}|[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)bandb(?:[sx0b]+(?:[0-9]{1,10}[sx0b]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[12]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)
 http-request deny if block_SQLI
@@ -829,7 +819,7 @@ acl block_SQLI hdr_sub(User-Agent) -i @rx [a-zA-Z0-9_-]{61,61}
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @rx [a-zA-Z0-9_-]{91,91}
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx /*!?|*/|[';]--|--(?:[sx0b]|[^-]*?-)|[^&-]#.*?[sx0b]|;?x00
+acl block_SQLI hdr_sub(User-Agent) -i @rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i !@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$
 http-request deny if block_SQLI
@@ -847,9 +837,9 @@ acl block_SQLI hdr_sub(User-Agent) -i @rx ^.*?x5c['
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @detectSQLi
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(
 http-request deny if block_SQLI
-acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)
+acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)
 http-request deny if block_SQLI
 acl block_SQLI hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_SQLI
@@ -915,7 +905,7 @@ acl block_JAVA hdr_sub(User-Agent) -i @rx java.lang.(?:runtime|processbuilder)
 http-request deny if block_JAVA
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:runtime|processbuilder)
 http-request deny if block_JAVA
-acl block_JAVA hdr_sub(User-Agent) -i @rx (?i)(?:unmarshaller|base64data|java.)
+acl block_JAVA hdr_sub(User-Agent) -i @rx (?:unmarshaller|base64data|java.)
 http-request deny if block_JAVA
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)
 http-request deny if block_JAVA
@@ -1009,10 +999,6 @@ acl block_EVALUATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_EVALUATION
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_EVALUATION
-acl block_LEAKAGES hdr_sub(User-Agent) -i @eq 1
-http-request deny if block_LEAKAGES
-acl block_LEAKAGES hdr_sub(User-Agent) -i @pm gzip compress deflate br zstd
-http-request deny if block_LEAKAGES
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_LEAKAGES
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 1
@@ -1035,8 +1021,6 @@ acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_LEAKAGES
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_LEAKAGES
-acl block_SQL hdr_sub(User-Agent) -i @pm gzip compress deflate br zstd
-http-request deny if block_SQL
 acl block_SQL hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SQL
 acl block_SQL hdr_sub(User-Agent) -i @lt 1
@@ -1045,7 +1029,7 @@ acl block_SQL hdr_sub(User-Agent) -i !@pmFromFile sql-errors.data
 http-request deny if block_SQL
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])
 http-request deny if block_SQL
-acl block_SQL hdr_sub(User-Agent) -i @rx (?i)bORA-[0-9][0-9][0-9][0-9][0-9]:|java.sql.SQLException|Oracle(?: erro|[^()]{0,20}Drive)r|Warning.{1,10}o(?:ci_.{1,30}|ra_.{1,20})
+acl block_SQL hdr_sub(User-Agent) -i @rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)
 http-request deny if block_SQL
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()
 http-request deny if block_SQL
@@ -1067,9 +1051,9 @@ acl block_SQL hdr_sub(User-Agent) -i @rx (?i:SQL error.*POS[0-9]+.*|Warning.*max
 http-request deny if block_SQL
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)
 http-request deny if block_SQL
-acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[()_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):
+acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):
 http-request deny if block_SQL
-acl block_SQL hdr_sub(User-Agent) -i @rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|(?:pg_(?:query|exec)() [|org.postgresql.util.PSQLException):|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er
+acl block_SQL hdr_sub(User-Agent) -i @rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er
 http-request deny if block_SQL
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)
 http-request deny if block_SQL
@@ -1087,8 +1071,6 @@ acl block_SQL hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SQL
 acl block_SQL hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SQL
-acl block_JAVA hdr_sub(User-Agent) -i @pm gzip compress deflate br zstd
-http-request deny if block_JAVA
 acl block_JAVA hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_JAVA
 acl block_JAVA hdr_sub(User-Agent) -i @lt 1
@@ -1109,8 +1091,6 @@ acl block_JAVA hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_JAVA
 acl block_JAVA hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_JAVA
-acl block_PHP hdr_sub(User-Agent) -i @pm gzip compress deflate br zstd
-http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @lt 1
@@ -1135,8 +1115,6 @@ acl block_PHP hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_PHP
 acl block_PHP hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_PHP
-acl block_IIS hdr_sub(User-Agent) -i @pm gzip compress deflate br zstd
-http-request deny if block_IIS
 acl block_IIS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_IIS
 acl block_IIS hdr_sub(User-Agent) -i @lt 1
@@ -1163,17 +1141,15 @@ acl block_IIS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_IIS
 acl block_IIS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_IIS
-acl block_SHELLS hdr_sub(User-Agent) -i @pm gzip compress deflate br zstd
-http-request deny if block_SHELLS
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SHELLS
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SHELLS
 acl block_SHELLS hdr_sub(User-Agent) -i @pmFromFile web-shells-php.data
 http-request deny if block_SHELLS
-acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>
+acl block_SHELLS hdr_sub(User-Agent) -i @rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)
 http-request deny if block_SHELLS
-acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=(?:Windows-1251|UTF-8)?'><title>.*?(?: -)? W[Ss][Oo] [0-9.]+</title>
+acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>
 http-request deny if block_SHELLS
 acl block_SHELLS hdr_sub(User-Agent) -i @rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>
 http-request deny if block_SHELLS
@@ -1201,7 +1177,7 @@ acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<title>PHP Web Shell</title>rn<html
 http-request deny if block_SHELLS
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>n<head>n<div align=
 http-request deny if block_SHELLS
-acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>n<head>n<title>Ru24PostWebShell
+acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>n<head>n<title>Ru24PostWebShell -
 http-request deny if block_SHELLS
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>
 http-request deny if block_SHELLS
diff --git a/waf_patterns/nginx/attack.conf b/waf_patterns/nginx/attack.conf
index e0cba76..d2ae055 100644
--- a/waf_patterns/nginx/attack.conf
+++ b/waf_patterns/nginx/attack.conf
@@ -42,7 +42,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^[^sx0b,;]+[sx0b,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)") {
+    if ($request_uri ~* "@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)") {
         set $attack_detected 1;
     }
 
@@ -62,7 +62,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^[^sx0b,;]+[sx0b,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b") {
+    if ($request_uri ~* "@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b") {
         set $attack_detected 1;
     }
 
@@ -86,6 +86,10 @@ location / {
         set $attack_detected 1;
     }
 
+    if ($request_uri ~* "@rx TX:paramcounter_(.*)") {
+        set $attack_detected 1;
+    }
+
     if ($request_uri ~* "@rx (][^]]+$|][^]]+[)") {
         set $attack_detected 1;
     }
@@ -114,7 +118,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "!@rx ^(?:(?:*|[^!") {
+    if ($request_uri ~* "!@rx ^(?:(?:*|[^!-") {
         set $attack_detected 1;
     }
 
@@ -122,10 +126,6 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx [^x21-x7E][x21-x39x3B-x7E]*:") {
-        set $attack_detected 1;
-    }
-
     if ($attack_detected = 1) {
         return 403;
     }
diff --git a/waf_patterns/nginx/bots.conf b/waf_patterns/nginx/bots.conf
index 659eebd..26cf84f 100644
--- a/waf_patterns/nginx/bots.conf
+++ b/waf_patterns/nginx/bots.conf
@@ -670,6 +670,10 @@ map $http_user_agent $bad_bot {
     "~*zgrab" 1;
     default 0;
 }
-if ($bad_bot) {
+map $http_x_evil_bit $evil_bit_detected {
+    default 0;
+    "1" 1;
+}
+if ($bad_bot or $evil_bit_detected) {
     return 403;
 }
diff --git a/waf_patterns/nginx/enforcement.conf b/waf_patterns/nginx/enforcement.conf
index 807276e..6b237b8 100644
--- a/waf_patterns/nginx/enforcement.conf
+++ b/waf_patterns/nginx/enforcement.conf
@@ -46,11 +46,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "!@rx (?i)^(?:get /[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sx0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?)[sx0b]+[.-9A-Z_a-z]+)$") {
+    if ($request_uri ~* "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^") {
+    if ($request_uri ~* "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^") {
         set $attack_detected 1;
     }
 
@@ -122,7 +122,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "!@rx ^.*%.*.[^sx0b.]+$") {
+    if ($request_uri ~* "!@rx ^.*%.*.[^sv.]+$") {
         set $attack_detected 1;
     }
 
@@ -246,7 +246,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s*(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['") {
+    if ($request_uri ~* "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['") {
         set $attack_detected 1;
     }
 
@@ -294,11 +294,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@gt 100") {
+    if ($request_uri ~* "@gt 50") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "!@rx ^(?:(?:*|[^!") {
+    if ($request_uri ~* "!@rx ^(?:(?:*|[^!-") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/generic.conf b/waf_patterns/nginx/generic.conf
index 60f7ab0..f7677cf 100644
--- a/waf_patterns/nginx/generic.conf
+++ b/waf_patterns/nginx/generic.conf
@@ -10,7 +10,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sx0b]+Function[sx0b]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sx0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sx0b]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[") {
+    if ($request_uri ~* "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[") {
         set $attack_detected 1;
     }
 
@@ -22,15 +22,15 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx Process[sx0b]*.[sx0b]*spawn[sx0b]*(") {
+    if ($request_uri ~* "@rx Process[sv]*.[sv]*spawn[sv]*(") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx while[sx0b]*([sx0b(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|") {
+    if ($request_uri ~* "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^data:(?:(?:*|[^!") {
+    if ($request_uri ~* "@rx ^data:(?:(?:*|[^!-") {
         set $attack_detected 1;
     }
 
@@ -42,15 +42,15 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sx0b]*(") {
+    if ($request_uri ~* "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][-.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sx0b]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][-.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+)") {
+    if ($request_uri ~* "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^(?:[^@]|@[^{])*@+{.*}") {
+    if ($request_uri ~* "@rx @{.*}") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/iis.conf b/waf_patterns/nginx/iis.conf
index 738296b..6ceb03c 100644
--- a/waf_patterns/nginx/iis.conf
+++ b/waf_patterns/nginx/iis.conf
@@ -2,10 +2,6 @@
 location / {
     set $attack_detected 0;
 
-    if ($request_uri ~* "@pm gzip compress deflate br zstd") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@lt 1") {
         set $attack_detected 1;
     }
diff --git a/waf_patterns/nginx/initialization.conf b/waf_patterns/nginx/initialization.conf
index df762ec..998f8c0 100644
--- a/waf_patterns/nginx/initialization.conf
+++ b/waf_patterns/nginx/initialization.conf
@@ -86,15 +86,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@eq 0") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@eq 1") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@unconditionalMatch") {
+    if ($request_uri ~* "@rx ^.*$") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/java.conf b/waf_patterns/nginx/java.conf
index 6c69ba3..c4f8687 100644
--- a/waf_patterns/nginx/java.conf
+++ b/waf_patterns/nginx/java.conf
@@ -18,7 +18,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:unmarshaller|base64data|java.)") {
+    if ($request_uri ~* "@rx (?:unmarshaller|base64data|java.)") {
         set $attack_detected 1;
     }
 
@@ -98,10 +98,6 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@pm gzip compress deflate br zstd") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@lt 1") {
         set $attack_detected 1;
     }
diff --git a/waf_patterns/nginx/leakages.conf b/waf_patterns/nginx/leakages.conf
index 4384016..982c627 100644
--- a/waf_patterns/nginx/leakages.conf
+++ b/waf_patterns/nginx/leakages.conf
@@ -2,14 +2,6 @@
 location / {
     set $attack_detected 0;
 
-    if ($request_uri ~* "@eq 1") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@pm gzip compress deflate br zstd") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@lt 1") {
         set $attack_detected 1;
     }
diff --git a/waf_patterns/nginx/lfi.conf b/waf_patterns/nginx/lfi.conf
index ee54f68..077252e 100644
--- a/waf_patterns/nginx/lfi.conf
+++ b/waf_patterns/nginx/lfi.conf
@@ -10,7 +10,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[01]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))") {
+    if ($request_uri ~* "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/php.conf b/waf_patterns/nginx/php.conf
index b5736f1..d6d0392 100644
--- a/waf_patterns/nginx/php.conf
+++ b/waf_patterns/nginx/php.conf
@@ -10,7 +10,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)<?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^sx0b]|[sx0b]+[^a-z]|$)))|$|php)|[[/x5c]?php]") {
+    if ($request_uri ~* "@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])") {
         set $attack_detected 1;
     }
 
@@ -22,11 +22,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx b([^s]+)s*=[^=]") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@pmFromFile php-config-directives.data") {
+    if ($request_uri ~* "@pm =") {
         set $attack_detected 1;
     }
 
@@ -74,11 +70,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx b([^s]+)s*[(]") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@pmFromFile php-function-names-933151.data") {
+    if ($request_uri ~* "@pm (") {
         set $attack_detected 1;
     }
 
@@ -94,7 +86,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sx0b]|/*.**/|(?:#|//).*)*(.*)") {
+    if ($request_uri ~* "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)") {
         set $attack_detected 1;
     }
 
@@ -118,10 +110,6 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@pm gzip compress deflate br zstd") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@lt 1") {
         set $attack_detected 1;
     }
diff --git a/waf_patterns/nginx/rce.conf b/waf_patterns/nginx/rce.conf
index d840341..ace134f 100644
--- a/waf_patterns/nginx/rce.conf
+++ b/waf_patterns/nginx/rce.conf
@@ -22,19 +22,15 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b") {
+    if ($request_uri ~* "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]") {
+    if ($request_uri ~* "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sx0b]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@rx ~(?:[+-](?:$|[sx0b0-9]+)|[0-9]+)") {
+    if ($request_uri ~* "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))") {
         set $attack_detected 1;
     }
 
@@ -70,11 +66,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b") {
+    if ($request_uri ~* "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b") {
+    if ($request_uri ~* "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv") {
         set $attack_detected 1;
     }
 
@@ -90,11 +86,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]") {
+    if ($request_uri ~* "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]") {
+    if ($request_uri ~* "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]") {
         set $attack_detected 1;
     }
 
@@ -106,11 +102,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^[^#]+") {
-        set $attack_detected 1;
-    }
-
-    if ($request_uri ~* "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]))") {
+    if ($request_uri ~* "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))") {
         set $attack_detected 1;
     }
 
@@ -122,7 +114,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{])") {
+    if ($request_uri ~* "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])") {
         set $attack_detected 1;
     }
 
@@ -134,11 +126,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i).|(?:[sx0b]*|b[") {
+    if ($request_uri ~* "@rx (?i).|(?:[sv]*|b[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)[-0-9_a-z]+(?:[sx0b]*[") {
+    if ($request_uri ~* "@rx (?i)[-0-9_a-z]+(?:[sv]*[") {
         set $attack_detected 1;
     }
 
@@ -146,11 +138,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ;[sx0b]*.[sx0b]*[") {
+    if ($request_uri ~* "@rx ;[sv]*.[sv]*[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx rn.*?b(?:E(?:HLO [-.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [-.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}@.{1,255}>|R(?:CPT TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SETb)|VRFY .{1,64}(?: <.{1,64}@.{1,255}>|@.{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20} (?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}=|[+/-9A-Z_a-zx17fx212a]{3}))?=|STARTTLSb|NOOPb(?: .{1,255})?)") {
+    if ($request_uri ~* "@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)") {
         set $attack_detected 1;
     }
 
@@ -158,7 +150,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9_a-z]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))") {
+    if ($request_uri ~* "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))") {
         set $attack_detected 1;
     }
 
@@ -186,7 +178,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sx0b&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sx0b&)<>|]|pt(?:(?:itude)?[sx0b&)<>|]|-get)|r(?:[sx0b&)<>j|]|(?:p|ch)[sx0b&)<>|]|ia2c)|s(?:h?[sx0b&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sx0b&)<>|]|obm)|dd(?:group|user)|getty|nsible)|b(?:z(?:z[sx0b&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sx0b&)<>|]|c))|h[sx0b&)<>|])|tch[sx0b&)<>|])|lkid|pftrace|r(?:eaksw|idge[sx0b&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sx0b&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[sx0b&)<>|]|mp|p(?:[sx0b&)<>|]|io|ulimit)|s(?:h|cli[sx0b&)<>|]|plit|vtool)|u(?:t[sx0b&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sx0b&)<>|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[sx0b&)-<>|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sx0b&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sx0b&)<>|]|w(?:say|think))|r(?:ash[sx0b&)<>|]|on(?:[sx0b&)<>|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sx0b&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sx0b&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sx0b&)<>|]|n(?:v(?:[sx0b&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sx0b&)<>h|]|ac)|x(?:(?:ec)?[sx0b&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sx0b&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sx0b&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sx0b&)<>|]|le(?:[sx0b&)<>|]|test))|mt|tp(?:[sx0b&)<>|]|stats|who)|acter|o(?:ld[sx0b&)<>|]|reach)|ping)|g(?:c(?:c[^sx0b]|ore)|db|e(?:(?:m|tfacl)[sx0b&)<>|]|ni(?:e[sx0b&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sx0b&)<>|]|nsh)|(?:o|awk)[sx0b&)<>|]|pg|r(?:c|ep[sx0b&)<>|]|oup(?:[sx0b&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sx0b&)<>|]|e(?:ad[sx0b&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sx0b&)<>|]|onice|spell)|j(?:js|q|ava[sx0b&)<>|]|exec|o(?:(?:bs|in)[sx0b&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sx0b&)<>|]|all)|nife[sx0b&)<>|])|l(?:d(?:d?[sx0b&)<>|]|config)|(?:[np]|ynx)[sx0b&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sx0b&)<>|]|(?:la)?tex)|z(?:[sx0b&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sx0b&)<>|]|comm|log(?:in)?)|tex[sx0b&)<>|])|ess(?:[sx0b&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sx0b&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sx0b&)<>|]|il(?:[sx0b&)<>q|]|x[sx0b&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sx0b&)<>|]|k(?:dir[sx0b&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sx0b&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sx0b&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sx0b&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sx0b&)<>|]|m(?:[sx0b&)<>|]|ap)|p(?:m[sx0b&)<>|]|ing)|a(?:no[sx0b&)<>|]|sm|wk)|o(?:de[sx0b&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sx0b&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sx0b&)<>|]|s(?:swd|te[sx0b&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sx0b&)<>|]|tp)|g(?:[sx0b&)<>|]|rep)|hp(?:[sx0b&)57<>|]|-cgi)|i(?:(?:co?|ng)[sx0b&)<>|]|p[^sx0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sx0b&)<>|]|int(?:env|f[sx0b&)<>|]))|s(?:[sx0b&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sx0b&)<>|]|l(?:[sx0b&)5<>|]|sh))|opd|u(?:ppet[sx0b&)<>|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[sx0b&)<>|]|k(?:e[sx0b&)<>|]|u))|c(?:p[sx0b&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sx0b&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sx0b&)<>|]|user)|pm(?:[sx0b&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sx0b&)<>|]|sync|u(?:by[^sx0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[sx0b&)<>|])|e(?:(?:d|lf|rvice)[sx0b&)<>|]|t(?:(?:facl)?[sx0b&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sx0b&)<>|]|h(?:(?:adow|ells)?[sx0b&)<>|]|.distrib|u(?:f|tdown[sx0b&)<>|]))|s(?:[sx0b&)<>|]|h(?:[sx0b&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sx0b&)<>|]|do)|vn|diff|ftp|l(?:eep[sx0b&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sx0b&)<>|])|p(?:lit[sx0b&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sx0b&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sx0b&)<>|]|il[sx0b&)<>f|]|sk(?:[sx0b&)<>|]|set))|bl|c(?:p(?:[sx0b&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sx0b&)<>|]|lnet)|i(?:c[sx0b&)<>|]|me(?:(?:out)?[sx0b&)<>|]|datectl))|o(?:p|uch[sx0b&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sx0b&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sx0b&)<>|]|expand|iq|l(?:ink[sx0b&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sx0b&)<>|]|std))|p(?:2date[sx0b&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sx0b&)<>|]|m(?:[sx0b&)<>|]|diff)|gr|pw|rsh|sudo)|algrind|olatility[sx0b&)<>|])|w(?:[sx0b&)<>c|]|h(?:o(?:[sx0b&)<>|]|ami|is)?|iptail[sx0b&)<>|])|a(?:ll|tch)[sx0b&)<>|]|i(?:reshark|sh[sx0b&)<>|]))|x(?:(?:x|pa)d|z(?:[sx0b&)<>|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sx0b&)<>|]|um)|z(?:ip(?:[sx0b&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sx0b&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])") {
+    if ($request_uri ~* "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sv&)<>|]|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:[sv&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sv&)<>|]|l(?:[sv&)5<>|]|sh))|opd|u(?:ppet[sv&)<>|]|shd)|y(?:thon[2-3]|3?versions))|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:(?:facl)?[sv&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])") {
         set $attack_detected 1;
     }
 
@@ -198,7 +190,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx rn.*?b(?:DATA|QUIT|HELP(?: .{1,255})?)") {
+    if ($request_uri ~* "@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)") {
         set $attack_detected 1;
     }
 
@@ -206,7 +198,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx rn.*?b(?:(?:QUI|STA|RSE)T|NOOP|CAPA)") {
+    if ($request_uri ~* "@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/shells.conf b/waf_patterns/nginx/shells.conf
index d546a4d..3f7b5f1 100644
--- a/waf_patterns/nginx/shells.conf
+++ b/waf_patterns/nginx/shells.conf
@@ -2,10 +2,6 @@
 location / {
     set $attack_detected 0;
 
-    if ($request_uri ~* "@pm gzip compress deflate br zstd") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@lt 1") {
         set $attack_detected 1;
     }
@@ -18,11 +14,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx <title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>") {
+    if ($request_uri ~* "@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=(?:Windows-1251|UTF-8)?'><title>.*?(?: -)? W[Ss][Oo] [0-9.]+</title>") {
+    if ($request_uri ~* "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>") {
         set $attack_detected 1;
     }
 
@@ -78,7 +74,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx ^<html>n<head>n<title>Ru24PostWebShell") {
+    if ($request_uri ~* "@rx ^<html>n<head>n<title>Ru24PostWebShell -") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/sql.conf b/waf_patterns/nginx/sql.conf
index 01ec8f3..1093f5f 100644
--- a/waf_patterns/nginx/sql.conf
+++ b/waf_patterns/nginx/sql.conf
@@ -2,10 +2,6 @@
 location / {
     set $attack_detected 0;
 
-    if ($request_uri ~* "@pm gzip compress deflate br zstd") {
-        set $attack_detected 1;
-    }
-
     if ($request_uri ~* "@lt 1") {
         set $attack_detected 1;
     }
@@ -22,7 +18,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)bORA-[0-9][0-9][0-9][0-9][0-9]:|java.sql.SQLException|Oracle(?: erro|[^()]{0,20}Drive)r|Warning.{1,10}o(?:ci_.{1,30}|ra_.{1,20})") {
+    if ($request_uri ~* "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)") {
         set $attack_detected 1;
     }
 
@@ -66,11 +62,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[()_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):") {
+    if ($request_uri ~* "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|(?:pg_(?:query|exec)() [|org.postgresql.util.PSQLException):|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er") {
+    if ($request_uri ~* "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/sqli.conf b/waf_patterns/nginx/sqli.conf
index 0682ddc..f552961 100644
--- a/waf_patterns/nginx/sqli.conf
+++ b/waf_patterns/nginx/sqli.conf
@@ -18,7 +18,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(") {
+    if ($request_uri ~* "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(") {
         set $attack_detected 1;
     }
 
@@ -26,7 +26,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:select|;)[sx0b]+(?:benchmark|if|sleep)[sx0b]*?([sx0b]*?(?[sx0b]*?[0-9A-Z_a-z]+") {
+    if ($request_uri ~* "@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+") {
         set $attack_detected 1;
     }
 
@@ -38,11 +38,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)[sx0b()]case[sx0b]+when.*?then|)[sx0b]*?like[sx0b]*?(|select.*?having[sx0b]*?[^sx0b]+[sx0b]*?[^sx0b0-9A-Z_a-z]|if[sx0b]?([0-9A-Z_a-z]+[sx0b]*?[<->~]") {
+    if ($request_uri ~* "@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)alter[sx0b]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sx0b]+set[sx0b]+[0-9A-Z_a-z]+|[") {
+    if ($request_uri ~* "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|[") {
         set $attack_detected 1;
     }
 
@@ -54,7 +54,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)select[sx0b]*?pg_sleep|waitfor[sx0b]*?delay[sx0b]?[") {
+    if ($request_uri ~* "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?[") {
         set $attack_detected 1;
     }
 
@@ -62,19 +62,19 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)") {
+    if ($request_uri ~* "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)create[sx0b]+function[sx0b].+[sx0b]returns|;[sx0b]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sx0b]*?[([]?[0-9A-Z_a-z]{2,}") {
+    if ($request_uri ~* "@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)b[sx0b]*(?|end[sx0b]*?);)|[sx0b(]load_file[sx0b]*?(|[") {
+    if ($request_uri ~* "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)/*[sx0b]*?[!+](?:[sx0b()-0-9=A-Z_a-z]+)?*/") {
+    if ($request_uri ~* "@rx (?i)/*[sv]*?[!+](?:[sv(-)-0-9=A-Z_a-z]+)?*/") {
         set $attack_detected 1;
     }
 
@@ -82,7 +82,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)1.e[(),]") {
+    if ($request_uri ~* "@rx (?i)1.e[(-),]") {
         set $attack_detected 1;
     }
 
@@ -98,11 +98,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)[!=]=|&&||||->|>[=>]|<(?:[<=]|>(?:[sx0b]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[") {
+    if ($request_uri ~* "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)[sx0b") {
+    if ($request_uri ~* "@rx (?i)[sv") {
         set $attack_detected 1;
     }
 
@@ -110,7 +110,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)[sx0b") {
+    if ($request_uri ~* "@rx (?i)[sv") {
         set $attack_detected 1;
     }
 
@@ -130,7 +130,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sx0b(]+[0-9A-Z_a-z]+[sx0b)]*?[!+=]+[sx0b0-9]*?[") {
+    if ($request_uri ~* "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[") {
         set $attack_detected 1;
     }
 
@@ -138,11 +138,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i))[sx0b]*?when[sx0b]*?[0-9]+[sx0b]*?then|[") {
+    if ($request_uri ~* "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:([sx0b]*?select[sx0b]*?[0-9A-Z_a-z]+|coalesce|order[sx0b]+by[sx0b]+if[0-9A-Z_a-z]*?)[sx0b]*?(|*/from|+[sx0b]*?[0-9]+[sx0b]*?+[sx0b]*?@|[0-9A-Z_a-z][") {
+    if ($request_uri ~* "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][") {
         set $attack_detected 1;
     }
 
@@ -150,7 +150,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)in[sx0b]*?(+[sx0b]*?select|(?:(?:N?AND|X?X?OR|DIV|LIKE|BETWEEN|NOT)[sx0b]+|(?:|||&&)[sx0b]*)[sx0b+0-9A-Z_a-z]+(?:regexp[sx0b]*?(|sounds[sx0b]+like[sx0b]*?[") {
+    if ($request_uri ~* "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[") {
         set $attack_detected 1;
     }
 
@@ -158,7 +158,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)[sx0b]?(?|end[sx0b]*?);|[sx0b(]load_file[sx0b]*?(|[") {
+    if ($request_uri ~* "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[") {
         set $attack_detected 1;
     }
 
@@ -166,19 +166,19 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:havingb(?:[sx0b]+(?:[0-9]{1,10}|'[^=]{1,10}')[sx0b]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[") {
+    if ($request_uri ~* "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:orb(?:[sx0b]?(?:[0-9]{1,10}|[") {
+    if ($request_uri ~* "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)bandb(?:[sx0b]+(?:[0-9]{1,10}[sx0b]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[") {
+    if ($request_uri ~* "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[12]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(") {
+    if ($request_uri ~* "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(") {
         set $attack_detected 1;
     }
 
@@ -206,7 +206,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx /*!?|*/|[';]--|--(?:[sx0b]|[^-]*?-)|[^&-]#.*?[sx0b]|;?x00") {
+    if ($request_uri ~* "@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00") {
         set $attack_detected 1;
     }
 
@@ -242,11 +242,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(") {
+    if ($request_uri ~* "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)") {
+    if ($request_uri ~* "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/nginx/xss.conf b/waf_patterns/nginx/xss.conf
index 5bca403..6c3cb78 100644
--- a/waf_patterns/nginx/xss.conf
+++ b/waf_patterns/nginx/xss.conf
@@ -22,7 +22,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sx0b]+(?:%[sx0b]+)?[^sx0b]+[sx0b]+(?:SYSTEM|PUBLIC)|@import|;base64)b") {
+    if ($request_uri ~* "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b") {
         set $attack_detected 1;
     }
 
@@ -30,7 +30,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sx0b") {
+    if ($request_uri ~* "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv") {
         set $attack_detected 1;
     }
 
@@ -50,11 +50,11 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).") {
+    if ($request_uri ~* "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).") {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).") {
+    if ($request_uri ~* "@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).") {
         set $attack_detected 1;
     }
 
@@ -110,7 +110,7 @@ location / {
         set $attack_detected 1;
     }
 
-    if ($request_uri ~* "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sx0b]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sx0b]*(") {
+    if ($request_uri ~* "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sv]*(") {
         set $attack_detected 1;
     }
 
diff --git a/waf_patterns/traefik/bots.toml b/waf_patterns/traefik/bots.toml
index aed87ff..b1a1911 100644
--- a/waf_patterns/traefik/bots.toml
+++ b/waf_patterns/traefik/bots.toml
@@ -671,3 +671,11 @@
       "zauba.io",
       "zgrab",
     ]
+  [http.middlewares.evil_bit_block]
+    [http.middlewares.evil_bit_block.headers]
+      headers = [
+          "X-Evil-Bit=1",
+      ]
+  [http.middlewares.bad_bot_block.chain.middlewares] = ["evil_bit_block"]
+[http.routers.my_router]
+  middlewares = ["bad_bot_block"]
diff --git a/waf_patterns/traefik/middleware.toml b/waf_patterns/traefik/middleware.toml
index bcbab38..b05ce75 100644
--- a/waf_patterns/traefik/middleware.toml
+++ b/waf_patterns/traefik/middleware.toml
@@ -62,15 +62,12 @@
 [http.middlewares.bad_bot_block_INITIALIZATION]
   [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
     userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
 [http.middlewares.bad_bot_block_INITIALIZATION]
   [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
     userAgent = ["@eq 1"]
 [http.middlewares.bad_bot_block_INITIALIZATION]
   [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@unconditionalMatch"]
+    userAgent = ["@rx ^.*$"]
 [http.middlewares.bad_bot_block_INITIALIZATION]
   [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
     userAgent = ["!@rx (?:URLENCODED|MULTIPART|XML|JSON)"]
@@ -172,10 +169,10 @@
     userAgent = ["@lt 1"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx (?i)^(?:get /[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sx0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sx0b#]*)?(?:#[^sx0b]*)?)[sx0b]+[.-9A-Z_a-z]+)$"]
+    userAgent = ["!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"]
+    userAgent = ["!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
     userAgent = ["!@rx ^d+$"]
@@ -229,7 +226,7 @@
     userAgent = ["@validateUrlEncoding"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^.*%.*.[^sx0b.]+$"]
+    userAgent = ["!@rx ^.*%.*.[^sv.]+$"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
     userAgent = ["@validateUrlEncoding"]
@@ -322,7 +319,7 @@
     userAgent = ["@gt %{tx.combined_file_sizes}"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^[w/.+*-]+(?:s?;s*(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"]
+    userAgent = ["!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
     userAgent = ["@rx ^[^;s]+"]
@@ -358,10 +355,10 @@
     userAgent = ["@within %{tx.restricted_headers_basic}"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt 100"]
+    userAgent = ["@gt 50"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^(?:(?:*|[^!"]
+    userAgent = ["!@rx ^(?:(?:*|[^!-"]
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
     userAgent = ["!@streq JSON"]
@@ -514,7 +511,7 @@
     userAgent = ["@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)"]
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ^[^sx0b,;]+[sx0b,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)"]
+    userAgent = ["@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)"]
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
     userAgent = ["@rx unix:[^|]*|"]
@@ -529,7 +526,7 @@
     userAgent = ["@rx [nr]"]
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ^[^sx0b,;]+[sx0b,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b"]
+    userAgent = ["@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b"]
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
     userAgent = ["@lt 3"]
@@ -545,6 +542,9 @@
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
     userAgent = ["@gt 1"]
+[http.middlewares.bad_bot_block_ATTACK]
+  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
+    userAgent = ["@rx TX:paramcounter_(.*)"]
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
     userAgent = ["@rx (][^]]+$|][^]]+[)"]
@@ -568,13 +568,10 @@
     userAgent = ["@rx ^content-types*:s*(.*)$"]
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["!@rx ^(?:(?:*|[^!"]
+    userAgent = ["!@rx ^(?:(?:*|[^!-"]
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
     userAgent = ["@rx content-transfer-encoding:(.*)"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx [^x21-x7E][x21-x39x3B-x7E]*:"]
 [http.middlewares.bad_bot_block_LFI]
   [http.middlewares.bad_bot_block_LFI.plugin.badbot]
     userAgent = ["@lt 1"]
@@ -583,7 +580,7 @@
     userAgent = ["@lt 1"]
 [http.middlewares.bad_bot_block_LFI]
   [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[01]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))"]
+    userAgent = ["@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))"]
 [http.middlewares.bad_bot_block_LFI]
   [http.middlewares.bad_bot_block_LFI.plugin.badbot]
     userAgent = ["@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))"]
@@ -676,16 +673,13 @@
     userAgent = ["@pmFromFile windows-powershell-commands.data"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b"]
+    userAgent = ["@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"]
+    userAgent = ["@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sx0b]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ~(?:[+-](?:$|[sx0b0-9]+)|[0-9]+)"]
+    userAgent = ["@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx (?i)(?:^|b["]
@@ -712,10 +706,10 @@
     userAgent = ["@pmFromFile restricted-upload.data"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b"]
+    userAgent = ["@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:[nr;`{]|||?|&&?)[sx0b]*[sx0b"]
+    userAgent = ["@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@lt 2"]
@@ -727,10 +721,10 @@
     userAgent = ["@rx (?:b["]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx $(?:((?:.*|(.*)))|{.*}|[.*])|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"]
+    userAgent = ["@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]"]
+    userAgent = ["@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx /"]
@@ -739,10 +733,7 @@
     userAgent = ["@rx s"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ^[^#]+"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{]))"]
+    userAgent = ["@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx /"]
@@ -751,7 +742,7 @@
     userAgent = ["@rx s"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#$(*-0-9?-[_a-{])"]
+    userAgent = ["@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx /"]
@@ -760,25 +751,25 @@
     userAgent = ["@rx s"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i).|(?:[sx0b]*|b["]
+    userAgent = ["@rx (?i).|(?:[sv]*|b["]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)[-0-9_a-z]+(?:[sx0b]*["]
+    userAgent = ["@rx (?i)[-0-9_a-z]+(?:[sv]*["]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["!@rx [0-9]s*'s*[0-9]"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ;[sx0b]*.[sx0b]*["]
+    userAgent = ["@rx ;[sv]*.[sv]*["]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx rn.*?b(?:E(?:HLO [-.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [-.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}@.{1,255}>|R(?:CPT TO:(?:<.{1,64}@.{1,255}>| )?<.{1,64}>|SETb)|VRFY .{1,64}(?: <.{1,64}@.{1,255}>|@.{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20} (?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}=|[+/-9A-Z_a-zx17fx212a]{3}))?=|STARTTLSb|NOOPb(?: .{1,255})?)"]
+    userAgent = ["@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:["]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9_a-z]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))"]
+    userAgent = ["@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx (?i)(?:^|b["]
@@ -799,7 +790,7 @@
     userAgent = ["@rx (?:b["]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sx0b&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sx0b&)<>|]|pt(?:(?:itude)?[sx0b&)<>|]|-get)|r(?:[sx0b&)<>j|]|(?:p|ch)[sx0b&)<>|]|ia2c)|s(?:h?[sx0b&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sx0b&)<>|]|obm)|dd(?:group|user)|getty|nsible)|b(?:z(?:z[sx0b&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sx0b&)<>|]|c))|h[sx0b&)<>|])|tch[sx0b&)<>|])|lkid|pftrace|r(?:eaksw|idge[sx0b&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sx0b&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[sx0b&)<>|]|mp|p(?:[sx0b&)<>|]|io|ulimit)|s(?:h|cli[sx0b&)<>|]|plit|vtool)|u(?:t[sx0b&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sx0b&)<>|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[sx0b&)-<>|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sx0b&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sx0b&)<>|]|w(?:say|think))|r(?:ash[sx0b&)<>|]|on(?:[sx0b&)<>|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sx0b&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sx0b&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sx0b&)<>|]|n(?:v(?:[sx0b&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sx0b&)<>h|]|ac)|x(?:(?:ec)?[sx0b&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sx0b&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sx0b&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sx0b&)<>|]|le(?:[sx0b&)<>|]|test))|mt|tp(?:[sx0b&)<>|]|stats|who)|acter|o(?:ld[sx0b&)<>|]|reach)|ping)|g(?:c(?:c[^sx0b]|ore)|db|e(?:(?:m|tfacl)[sx0b&)<>|]|ni(?:e[sx0b&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sx0b&)<>|]|nsh)|(?:o|awk)[sx0b&)<>|]|pg|r(?:c|ep[sx0b&)<>|]|oup(?:[sx0b&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sx0b&)<>|]|e(?:ad[sx0b&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sx0b&)<>|]|onice|spell)|j(?:js|q|ava[sx0b&)<>|]|exec|o(?:(?:bs|in)[sx0b&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sx0b&)<>|]|all)|nife[sx0b&)<>|])|l(?:d(?:d?[sx0b&)<>|]|config)|(?:[np]|ynx)[sx0b&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sx0b&)<>|]|(?:la)?tex)|z(?:[sx0b&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sx0b&)<>|]|comm|log(?:in)?)|tex[sx0b&)<>|])|ess(?:[sx0b&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sx0b&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sx0b&)<>|]|il(?:[sx0b&)<>q|]|x[sx0b&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sx0b&)<>|]|k(?:dir[sx0b&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sx0b&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sx0b&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sx0b&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sx0b&)<>|]|m(?:[sx0b&)<>|]|ap)|p(?:m[sx0b&)<>|]|ing)|a(?:no[sx0b&)<>|]|sm|wk)|o(?:de[sx0b&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sx0b&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sx0b&)<>|]|s(?:swd|te[sx0b&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sx0b&)<>|]|tp)|g(?:[sx0b&)<>|]|rep)|hp(?:[sx0b&)57<>|]|-cgi)|i(?:(?:co?|ng)[sx0b&)<>|]|p[^sx0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sx0b&)<>|]|int(?:env|f[sx0b&)<>|]))|s(?:[sx0b&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sx0b&)<>|]|l(?:[sx0b&)5<>|]|sh))|opd|u(?:ppet[sx0b&)<>|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[sx0b&)<>|]|k(?:e[sx0b&)<>|]|u))|c(?:p[sx0b&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sx0b&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sx0b&)<>|]|user)|pm(?:[sx0b&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sx0b&)<>|]|sync|u(?:by[^sx0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[sx0b&)<>|])|e(?:(?:d|lf|rvice)[sx0b&)<>|]|t(?:(?:facl)?[sx0b&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sx0b&)<>|]|h(?:(?:adow|ells)?[sx0b&)<>|]|.distrib|u(?:f|tdown[sx0b&)<>|]))|s(?:[sx0b&)<>|]|h(?:[sx0b&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sx0b&)<>|]|do)|vn|diff|ftp|l(?:eep[sx0b&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sx0b&)<>|])|p(?:lit[sx0b&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sx0b&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sx0b&)<>|]|il[sx0b&)<>f|]|sk(?:[sx0b&)<>|]|set))|bl|c(?:p(?:[sx0b&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sx0b&)<>|]|lnet)|i(?:c[sx0b&)<>|]|me(?:(?:out)?[sx0b&)<>|]|datectl))|o(?:p|uch[sx0b&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sx0b&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sx0b&)<>|]|expand|iq|l(?:ink[sx0b&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sx0b&)<>|]|std))|p(?:2date[sx0b&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sx0b&)<>|]|m(?:[sx0b&)<>|]|diff)|gr|pw|rsh|sudo)|algrind|olatility[sx0b&)<>|])|w(?:[sx0b&)<>c|]|h(?:o(?:[sx0b&)<>|]|ami|is)?|iptail[sx0b&)<>|])|a(?:ll|tch)[sx0b&)<>|]|i(?:reshark|sh[sx0b&)<>|]))|x(?:(?:x|pa)d|z(?:[sx0b&)<>|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sx0b&)<>|]|um)|z(?:ip(?:[sx0b&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sx0b&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])"]
+    userAgent = ["@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sv&)<>|]|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:[sv&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sv&)<>|]|l(?:[sv&)5<>|]|sh))|opd|u(?:ppet[sv&)<>|]|shd)|y(?:thon[2-3]|3?versions))|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:(?:facl)?[sv&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx (?i)(?:^|b["]
@@ -808,13 +799,13 @@
     userAgent = ["@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx rn.*?b(?:DATA|QUIT|HELP(?: .{1,255})?)"]
+    userAgent = ["@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) ["]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx rn.*?b(?:(?:QUI|STA|RSE)T|NOOP|CAPA)"]
+    userAgent = ["@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)"]
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
     userAgent = ["@rx !(?:d|!)"]
@@ -832,7 +823,7 @@
     userAgent = ["@lt 1"]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?i)<?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^sx0b]|[sx0b]+[^a-z]|$)))|$|php)|[[/x5c]?php]"]
+    userAgent = ["@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])"]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
     userAgent = ["@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$"]
@@ -841,10 +832,7 @@
     userAgent = ["@pmFromFile php-config-directives.data"]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx b([^s]+)s*=[^=]"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-config-directives.data"]
+    userAgent = ["@pm ="]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
     userAgent = ["@pmFromFile php-variables.data"]
@@ -880,10 +868,7 @@
     userAgent = ["@pmFromFile php-function-names-933151.data"]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx b([^s]+)s*[(]"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-function-names-933151.data"]
+    userAgent = ["@pm ("]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
     userAgent = ["@lt 3"]
@@ -895,7 +880,7 @@
     userAgent = ["@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI"]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sx0b]|/*.**/|(?:#|//).*)*(.*)"]
+    userAgent = ["@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)"]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
     userAgent = ["@rx .*.(?:phpd*|phtml)..*$"]
@@ -919,7 +904,7 @@
     userAgent = ["@lt 1"]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sx0b]+Function[sx0b]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sx0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sx0b]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["]
+    userAgent = ["@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
     userAgent = ["@pmFromFile ssrf.data"]
@@ -928,13 +913,13 @@
     userAgent = ["@rx (?:__proto__|constructors*(?:.|[)s*prototype)"]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx Process[sx0b]*.[sx0b]*spawn[sx0b]*("]
+    userAgent = ["@rx Process[sv]*.[sv]*spawn[sv]*("]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx while[sx0b]*([sx0b(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"]
+    userAgent = ["@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx ^data:(?:(?:*|[^!"]
+    userAgent = ["@rx ^data:(?:(?:*|[^!-"]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
     userAgent = ["@lt 2"]
@@ -943,13 +928,13 @@
     userAgent = ["@lt 2"]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sx0b]*("]
+    userAgent = ["@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*("]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx (?i)(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][-.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sx0b]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][-.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+)"]
+    userAgent = ["@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))"]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx ^(?:[^@]|@[^{])*@+{.*}"]
+    userAgent = ["@rx @{.*}"]
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
     userAgent = ["@lt 3"]
@@ -979,13 +964,13 @@
     userAgent = ["@rx (?i)<script[^>]*>[sS]*?"]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sx0b]+(?:%[sx0b]+)?[^sx0b]+[sx0b]+(?:SYSTEM|PUBLIC)|@import|;base64)b"]
+    userAgent = ["@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b"]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
     userAgent = ["@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript"]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sx0b"]
+    userAgent = ["@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv"]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
     userAgent = ["@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:["]
@@ -1000,10 +985,10 @@
     userAgent = ["@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)"]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."]
+    userAgent = ["@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[tnr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."]
+    userAgent = ["@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
     userAgent = ["@rx (?i)<EMBED[s/+].*?(?:src|type).*?="]
@@ -1045,7 +1030,7 @@
     userAgent = ["@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)"]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:eval|set(?:timeout|interval)|new[sx0b]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sx0b]*("]
+    userAgent = ["@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa|prompt|confirm)[sv]*("]
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
     userAgent = ["@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`"]
@@ -1105,13 +1090,13 @@
     userAgent = ["@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("]
+    userAgent = ["@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:select|;)[sx0b]+(?:benchmark|if|sleep)[sx0b]*?([sx0b]*?(?[sx0b]*?[0-9A-Z_a-z]+"]
+    userAgent = ["@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i)["]
@@ -1120,10 +1105,10 @@
     userAgent = ["@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[sx0b()]case[sx0b]+when.*?then|)[sx0b]*?like[sx0b]*?(|select.*?having[sx0b]*?[^sx0b]+[sx0b]*?[^sx0b0-9A-Z_a-z]|if[sx0b]?([0-9A-Z_a-z]+[sx0b]*?[<->~]"]
+    userAgent = ["@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)alter[sx0b]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sx0b]+set[sx0b]+[0-9A-Z_a-z]+|["]
+    userAgent = ["@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i:merge.*?usings*?(|executes*?immediates*?["]
@@ -1132,28 +1117,28 @@
     userAgent = ["@rx (?i)union.*?select.*?from"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)select[sx0b]*?pg_sleep|waitfor[sx0b]*?delay[sx0b]?["]
+    userAgent = ["@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"]
+    userAgent = ["@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)create[sx0b]+function[sx0b].+[sx0b]returns|;[sx0b]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sx0b]*?[([]?[0-9A-Z_a-z]{2,}"]
+    userAgent = ["@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)b[sx0b]*(?|end[sx0b]*?);)|[sx0b(]load_file[sx0b]*?(|["]
+    userAgent = ["@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)/*[sx0b]*?[!+](?:[sx0b()-0-9=A-Z_a-z]+)?*/"]
+    userAgent = ["@rx (?i)/*[sv]*?[!+](?:[sv(-)-0-9=A-Z_a-z]+)?*/"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx ^(?:[^']*'|[^"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)1.e[(),]"]
+    userAgent = ["@rx (?i)1.e[(-),]"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx ["]
@@ -1165,16 +1150,16 @@
     userAgent = ["@lt 2"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[!=]=|&&||||->|>[=>]|<(?:[<=]|>(?:[sx0b]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["]
+    userAgent = ["@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[sx0b"]
+    userAgent = ["@rx (?i)[sv"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@streq %{TX.2}"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[sx0b"]
+    userAgent = ["@rx (?i)[sv"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["!@streq %{TX.2}"]
@@ -1189,43 +1174,43 @@
     userAgent = ["@rx (?i),.*?["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sx0b(]+[0-9A-Z_a-z]+[sx0b)]*?[!+=]+[sx0b0-9]*?["]
+    userAgent = ["@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i)["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i))[sx0b]*?when[sx0b]*?[0-9]+[sx0b]*?then|["]
+    userAgent = ["@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:([sx0b]*?select[sx0b]*?[0-9A-Z_a-z]+|coalesce|order[sx0b]+by[sx0b]+if[0-9A-Z_a-z]*?)[sx0b]*?(|*/from|+[sx0b]*?[0-9]+[sx0b]*?+[sx0b]*?@|[0-9A-Z_a-z]["]
+    userAgent = ["@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z]["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i)["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)in[sx0b]*?(+[sx0b]*?select|(?:(?:N?AND|X?X?OR|DIV|LIKE|BETWEEN|NOT)[sx0b]+|(?:|||&&)[sx0b]*)[sx0b+0-9A-Z_a-z]+(?:regexp[sx0b]*?(|sounds[sx0b]+like[sx0b]*?["]
+    userAgent = ["@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i:^[Wd]+s*?(?:alter|union)b)"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sx0b]+(?:char|group_concat|load_file)[sx0b]?(?|end[sx0b]*?);|[sx0b(]load_file[sx0b]*?(|["]
+    userAgent = ["@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i)["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:havingb(?:[sx0b]+(?:[0-9]{1,10}|'[^=]{1,10}')[sx0b]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["]
+    userAgent = ["@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:orb(?:[sx0b]?(?:[0-9]{1,10}|["]
+    userAgent = ["@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)bandb(?:[sx0b]+(?:[0-9]{1,10}[sx0b]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["]
+    userAgent = ["@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[12]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?("]
+    userAgent = ["@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?("]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)"]
@@ -1246,7 +1231,7 @@
     userAgent = ["@rx [a-zA-Z0-9_-]{91,91}"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx /*!?|*/|[';]--|--(?:[sx0b]|[^-]*?-)|[^&-]#.*?[sx0b]|;?x00"]
+    userAgent = ["@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$"]
@@ -1273,10 +1258,10 @@
     userAgent = ["@detectSQLi"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("]
+    userAgent = ["@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)create[sx0b]+(?:function|procedure)[sx0b]*?[0-9A-Z_a-z]+[sx0b]*?([sx0b]*?)[sx0b]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sx0b]*?[0-9A-Z_a-z]+|iv[sx0b]*?([+-]*[sx0b.0-9]+,[+-]*[sx0b.0-9]+))|exec[sx0b]*?([sx0b]*?@|(?:lo_(?:impor|ge)t|procedure[sx0b]+analyse)[sx0b]*?(|;[sx0b]*?(?:declare|open)[sx0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sx0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"]
+    userAgent = ["@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"]
 [http.middlewares.bad_bot_block_SQLI]
   [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
     userAgent = ["@lt 3"]
@@ -1375,7 +1360,7 @@
     userAgent = ["@rx (?:runtime|processbuilder)"]
 [http.middlewares.bad_bot_block_JAVA]
   [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?i)(?:unmarshaller|base64data|java.)"]
+    userAgent = ["@rx (?:unmarshaller|base64data|java.)"]
 [http.middlewares.bad_bot_block_JAVA]
   [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
     userAgent = ["@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)"]
@@ -1514,12 +1499,6 @@
 [http.middlewares.bad_bot_block_EVALUATION]
   [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
     userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@pm gzip compress deflate br zstd"]
 [http.middlewares.bad_bot_block_LEAKAGES]
   [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
     userAgent = ["@lt 1"]
@@ -1553,9 +1532,6 @@
 [http.middlewares.bad_bot_block_LEAKAGES]
   [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
     userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@pm gzip compress deflate br zstd"]
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
     userAgent = ["@lt 1"]
@@ -1570,7 +1546,7 @@
     userAgent = ["@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])"]
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)bORA-[0-9][0-9][0-9][0-9][0-9]:|java.sql.SQLException|Oracle(?: erro|[^()]{0,20}Drive)r|Warning.{1,10}o(?:ci_.{1,30}|ra_.{1,20})"]
+    userAgent = ["@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)"]
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
     userAgent = ["@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()"]
@@ -1603,10 +1579,10 @@
     userAgent = ["@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)"]
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[()_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):"]
+    userAgent = ["@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):"]
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|(?:pg_(?:query|exec)() [|org.postgresql.util.PSQLException):|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er"]
+    userAgent = ["@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er"]
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
     userAgent = ["@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)"]
@@ -1631,9 +1607,6 @@
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
     userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@pm gzip compress deflate br zstd"]
 [http.middlewares.bad_bot_block_JAVA]
   [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
     userAgent = ["@lt 1"]
@@ -1664,9 +1637,6 @@
 [http.middlewares.bad_bot_block_JAVA]
   [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
     userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pm gzip compress deflate br zstd"]
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
     userAgent = ["@lt 1"]
@@ -1703,9 +1673,6 @@
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
     userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@pm gzip compress deflate br zstd"]
 [http.middlewares.bad_bot_block_IIS]
   [http.middlewares.bad_bot_block_IIS.plugin.badbot]
     userAgent = ["@lt 1"]
@@ -1745,9 +1712,6 @@
 [http.middlewares.bad_bot_block_IIS]
   [http.middlewares.bad_bot_block_IIS.plugin.badbot]
     userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@pm gzip compress deflate br zstd"]
 [http.middlewares.bad_bot_block_SHELLS]
   [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
     userAgent = ["@lt 1"]
@@ -1759,10 +1723,10 @@
     userAgent = ["@pmFromFile web-shells-php.data"]
 [http.middlewares.bad_bot_block_SHELLS]
   [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>"]
+    userAgent = ["@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)"]
 [http.middlewares.bad_bot_block_SHELLS]
   [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=(?:Windows-1251|UTF-8)?'><title>.*?(?: -)? W[Ss][Oo] [0-9.]+</title>"]
+    userAgent = ["@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>"]
 [http.middlewares.bad_bot_block_SHELLS]
   [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
     userAgent = ["@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>"]
@@ -1804,7 +1768,7 @@
     userAgent = ["@rx ^<html>n<head>n<div align="]
 [http.middlewares.bad_bot_block_SHELLS]
   [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html>n<head>n<title>Ru24PostWebShell"]
+    userAgent = ["@rx ^<html>n<head>n<title>Ru24PostWebShell -"]
 [http.middlewares.bad_bot_block_SHELLS]
   [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
     userAgent = ["@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>"]