External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Dec 22 00:28:28 UTC 2024]

Browse Source
This commit is contained in:
github-actions[bot]
2024-12-22 00:28:28 +00:00
parent b05a7d87c2
commit 1e4bb70b5d
50 changed files with 428 additions and 577 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
waf_patterns/apache/java.conf
View File

@@ -5,7 +5,7 @@ SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attac
SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx java.lang.(?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:unmarshaller|base64data|java.)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:unmarshaller|base64data|java.)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-classes.data" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
@@ -25,7 +25,6 @@ SecRule REQUEST_URI "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI
SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pm gzip compress deflate br zstd" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-code-leakages.data" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"