diff --git a/owasp_rules.json b/owasp_rules.json index 08ec20e..f44d515 100644 --- a/owasp_rules.json +++ b/owasp_rules.json @@ -111,10 +111,6 @@ "category": "INITIALIZATION", "pattern": "@rx ^[a-f]*([0-9])[a-f]*([0-9])" }, - { - "category": "INITIALIZATION", - "pattern": "nolog" - }, { "category": "INITIALIZATION", "pattern": "!@lt %{tx.sampling_percentage}" @@ -229,7 +225,7 @@ }, { "category": "ENFORCEMENT", - "pattern": "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^" + "pattern": "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^\"';=])*$" }, { "category": "ENFORCEMENT", @@ -291,17 +287,17 @@ "category": "ENFORCEMENT", "pattern": "@rx x25" }, - { - "category": "ENFORCEMENT", - "pattern": "@rx ^(.*)/(?:[^?]+)?(?.*)?$" - }, { "category": "ENFORCEMENT", "pattern": "@validateUrlEncoding" }, { "category": "ENFORCEMENT", - "pattern": "!@rx ^.*%.*.[^sv.]+$" + "pattern": "@rx ^(?i)application/x-www-form-urlencoded" + }, + { + "category": "ENFORCEMENT", + "pattern": "@rx x25" }, { "category": "ENFORCEMENT", @@ -317,7 +313,7 @@ }, { "category": "ENFORCEMENT", - "pattern": "@rx (?i)%uff[0-9a-f]{2}" + "pattern": "@rx %u[fF]{2}[0-9a-fA-F]{2}" }, { "category": "ENFORCEMENT", @@ -425,7 +421,7 @@ }, { "category": "ENFORCEMENT", - "pattern": "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['" + "pattern": "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['\"w.()+,/:=?<>@#*-]+)*$" }, { "category": "ENFORCEMENT", @@ -437,7 +433,7 @@ }, { "category": "ENFORCEMENT", - "pattern": "@rx charsets*=s*[" + "pattern": "@rx charsets*=s*[\"']?([^;\"'s]+)" }, { "category": "ENFORCEMENT", @@ -477,7 +473,7 @@ }, { "category": "ENFORCEMENT", - "pattern": "!@rx ^(?:(?:*|[^!-" + "pattern": "!@rx ^(?:(?:*|[^!-\"(-),/:-?[-]{}]+)/(?:*|[^!-\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\"?(?:iso-8859-15?|utf-8|windows-1252)b\"?|(?:[^sv -\"(-),/:-?[-]c{}]|c(?:[^!-\"(-),/:-?[-]h{}]|h(?:[^!-\"(-),/:-?[-]a{}]|a(?:[^!-\"(-),/:-?[-]r{}]|r(?:[^!-\"(-),/:-?[-]s{}]|s(?:[^!-\"(-),/:-?[-]e{}]|e[^!-\"(-),/:-?[-]t{}]))))))[^!-\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\"(-),/:-?[-]{}]+)/(?:*|[^!-\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\"?(?:iso-8859-15?|utf-8|windows-1252)b\"?|(?:[^sv -\"(-),/:-?[-]c{}]|c(?:[^!-\"(-),/:-?[-]h{}]|h(?:[^!-\"(-),/:-?[-]a{}]|a(?:[^!-\"(-),/:-?[-]r{}]|r(?:[^!-\"(-),/:-?[-]s{}]|s(?:[^!-\"(-),/:-?[-]e{}]|e[^!-\"(-),/:-?[-]t{}]))))))[^!-\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" }, { "category": "ENFORCEMENT", @@ -533,7 +529,7 @@ }, { "category": "ENFORCEMENT", - "pattern": "@rx ['" + "pattern": "@rx ['\";=]" }, { "category": "ENFORCEMENT", @@ -551,18 +547,6 @@ "category": "ENFORCEMENT", "pattern": "@within %{tx.restricted_headers_extended}" }, - { - "category": "ENFORCEMENT", - "pattern": "@rx ^(?i)application/x-www-form-urlencoded" - }, - { - "category": "ENFORCEMENT", - "pattern": "@rx x25" - }, - { - "category": "ENFORCEMENT", - "pattern": "@validateUrlEncoding" - }, { "category": "ENFORCEMENT", "pattern": "@lt 3" @@ -749,7 +733,7 @@ }, { "category": "ATTACK", - "pattern": "!@within %{tx.allowed_request_content_type_charset}" + "pattern": "!@within |%{tx.allowed_request_content_type_charset}|" }, { "category": "ATTACK", @@ -757,7 +741,7 @@ }, { "category": "ATTACK", - "pattern": "!@rx ^(?:(?:*|[^!-" + "pattern": "!@rx ^(?:(?:*|[^!-\"(-),/:-?[-]{}]+)/(?:*|[^!-\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\"?(?:iso-8859-15?|utf-8|windows-1252)b\"?|(?:[^sv -\"(-),/:-?[-]c{}]|c(?:[^!-\"(-),/:-?[-]h{}]|h(?:[^!-\"(-),/:-?[-]a{}]|a(?:[^!-\"(-),/:-?[-]r{}]|r(?:[^!-\"(-),/:-?[-]s{}]|s(?:[^!-\"(-),/:-?[-]e{}]|e[^!-\"(-),/:-?[-]t{}]))))))[^!-\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\"(-),/:-?[-]{}]+)/(?:*|[^!-\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\"?(?:iso-8859-15?|utf-8|windows-1252)b\"?|(?:[^sv -\"(-),/:-?[-]c{}]|c(?:[^!-\"(-),/:-?[-]h{}]|h(?:[^!-\"(-),/:-?[-]a{}]|a(?:[^!-\"(-),/:-?[-]r{}]|r(?:[^!-\"(-),/:-?[-]s{}]|s(?:[^!-\"(-),/:-?[-]e{}]|e[^!-\"(-),/:-?[-]t{}]))))))[^!-\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" }, { "category": "ATTACK", @@ -885,11 +869,11 @@ }, { "category": "RCE", - "pattern": "@rx (?i)(?:b[" + "pattern": "@rx (?i)(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:7[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:(?:b[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|[ckz][\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[&,<>|]|(?:[--.0-9A-Z_a-z][\"'[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#*-0-9?-@_a-{]*)?x5c?)+[sv&,<>|]).*|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:4|[sv&),<>|].*))|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*)?|s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|(?:e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|v[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)b" }, { "category": "RCE", - "pattern": "@rx (?i)(?:b[" + "pattern": "@rx (?i)(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[sv&)<>|]|a(?:dd(?:group|user)|getty|l(?:ias|pine)[sv&)<>|]|nsible-playbook|pt(?:-get|itude[sv&)<>|])|r(?:ch[sv&)<>|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm|xel)|b(?:a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[sv&)<>|]|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[sv&)<>|]|on(?:tab)?)|s(?:plit|vtool)|u(?:psfilter|rl[sv&)<>|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[sv&)<>|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[sv&)<>|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r)))|f(?:acter|(?:etch|lock|unction)[sv&)<>|]|grep|i(?:le(?:[sv&)<>|]|test)|(?:n(?:d|ger)|sh)[sv&)<>|])|o(?:ld[sv&)<>|]|reach)|ping|tp(?:stats|who))|g(?:awk[sv&)<>|]|core|e(?:ni(?:e[sv&)<>|]|soimage)|tfacl[sv&)<>|])|hci|i(?:mp[sv&)<>|]|nsh)|r(?:ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[sv&)<>|]|onice|p(?:6?tables|config)|spell)|j(?:ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:ill(?:[sv&)<>|]|all)|nife[sv&)<>|]|sshell)|l(?:a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|dconfig|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[sv&)<>|]|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[sv&)<>q|]|x[sv&)<>|])|ke[sv&)<>|]|ster.passwd|wk)|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[sv&)<>|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[sv&)<>|]|sm|wk)|c(?:.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[sv&)<>|]|map|o(?:de[sv&)<>|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:f(?:la)?tex|ksh)|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[sv&)<>|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[sv&)<>|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[sv&)<>|]|shd)|wd.db|ython[^sv])|r(?:ak(?:e[sv&)<>|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[sv&)<>|]|stic)|l(?:ogin|wrap)|m(?:dir[sv&)<>|]|user)|nano|oute[sv&)<>|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|nap)[sv&)<>|]|c(?:hed|r(?:een|ipt)[sv&)<>|])|diff|e(?:(?:lf|rvice)[sv&)<>|]|ndmail|t(?:arch|env|facl[sv&)<>|]|sid))|ftp|h(?:.distrib|(?:adow|ells)[sv&)<>|]|u(?:f|tdown[sv&)<>|]))|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:(?:out)?[sv&)<>|]|datectl)|mux|ouch[sv&)<>|]|r(?:aceroute6?|off)|shark)|u(?:limit[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[sv&)<>|]|gr|mdiff|pw|rsh)|olatility[sv&)<>|])|w(?:a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))" }, { "category": "RCE", @@ -897,7 +881,7 @@ }, { "category": "RCE", - "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv" + "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv\"'-(,@]*(?:[\"'.-9A-Z_a-z]+/|(?:[\"'x5c^]*[0-9A-Z_a-z][\"'x5c^]*:.*|[ \"'.-9A-Zx5c^-_a-z]*)x5c)?[\"^]*(?:(?:a[\"^]*(?:c|s[\"^]*n[\"^]*p)|e[\"^]*(?:b[\"^]*p|p[\"^]*(?:a[\"^]*l|c[\"^]*s[\"^]*v|s[\"^]*n)|[tx][\"^]*s[\"^]*n)|f[\"^]*(?:[cltw]|o[\"^]*r[\"^]*e[\"^]*a[\"^]*c[\"^]*h)|i[\"^]*(?:[cr][\"^]*m|e[\"^]*x|h[\"^]*y|i|p[\"^]*(?:a[\"^]*l|c[\"^]*s[\"^]*v|m[\"^]*o|s[\"^]*n)|s[\"^]*e|w[\"^]*(?:m[\"^]*i|r))|m[\"^]*(?:a[\"^]*n|[dipv]|o[\"^]*u[\"^]*n[\"^]*t)|o[\"^]*g[\"^]*v|p[\"^]*(?:o[\"^]*p|u[\"^]*s[\"^]*h)[\"^]*d|t[\"^]*r[\"^]*c[\"^]*m|w[\"^]*j[\"^]*b)[\"^]*[sv,.-/;-<>].*|c[\"^]*(?:(?:(?:d|h[\"^]*d[\"^]*i[\"^]*r|v[\"^]*p[\"^]*a)[\"^]*|p[\"^]*(?:[ip][\"^]*)?)[sv,.-/;-<>].*|l[\"^]*(?:(?:[cipv]|h[\"^]*y)[\"^]*[sv,.-/;-<>].*|s)|n[\"^]*s[\"^]*n)|d[\"^]*(?:(?:b[\"^]*p|e[\"^]*l|i[\"^]*(?:f[\"^]*f|r))[\"^]*[sv,.-/;-<>].*|n[\"^]*s[\"^]*n)|g[\"^]*(?:(?:(?:(?:a[\"^]*)?l|b[\"^]*p|d[\"^]*r|h[\"^]*y|(?:w[\"^]*m[\"^]*)?i|j[\"^]*b|[u-v])[\"^]*|c[\"^]*(?:[ims][\"^]*)?|m[\"^]*(?:o[\"^]*)?|s[\"^]*(?:n[\"^]*(?:p[\"^]*)?|v[\"^]*))[sv,.-/;-<>].*|e[\"^]*r[\"^]*r|p[\"^]*(?:(?:s[\"^]*)?[sv,.-/;-<>].*|v))|l[\"^]*s|n[\"^]*(?:(?:a[\"^]*l|d[\"^]*r|[iv]|m[\"^]*o|s[\"^]*n)[\"^]*[sv,.-/;-<>].*|p[\"^]*s[\"^]*s[\"^]*c)|r[\"^]*(?:(?:(?:(?:b[\"^]*)?p|e[\"^]*n|(?:w[\"^]*m[\"^]*)?i|j[\"^]*b|n[\"^]*[ip])[\"^]*|d[\"^]*(?:r[\"^]*)?|m[\"^]*(?:(?:d[\"^]*i[\"^]*r|o)[\"^]*)?|s[\"^]*n[\"^]*(?:p[\"^]*)?|v[\"^]*(?:p[\"^]*a[\"^]*)?)[sv,.-/;-<>].*|c[\"^]*(?:j[\"^]*b[\"^]*[sv,.-/;-<>].*|s[\"^]*n)|u[\"^]*j[\"^]*b)|s[\"^]*(?:(?:(?:a[\"^]*(?:j[\"^]*b|l|p[\"^]*s|s[\"^]*v)|b[\"^]*p|[civ]|w[\"^]*m[\"^]*i)[\"^]*|l[\"^]*(?:s[\"^]*)?|p[\"^]*(?:(?:j[\"^]*b|p[\"^]*s|s[\"^]*v)[\"^]*)?)[sv,.-/;-<>].*|h[\"^]*c[\"^]*m|u[\"^]*j[\"^]*b))(?:.[\"^]*[0-9A-Z_a-z]+)?b" }, { "category": "RCE", @@ -909,11 +893,15 @@ }, { "category": "RCE", - "pattern": "@rx (?i)(?:^|b[" + "pattern": "@rx (?i)(?:^|=)[sv]*(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:7[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:b[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|[ckz][\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|(?:h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h|v[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)[sv&)<>|]" }, { "category": "RCE", - "pattern": "@rx (?i)(?:^|b[" + "pattern": "@rx (?i)(?:^|=)[sv]*(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:a(?:ddgroup|xel)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:g(?:passwd|rp)|pass|sh)|lang++|oproc|ron)|d(?:iff[sv&)<>|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[sv&)<>|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|erl5?|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[sv&)<>|])|tar(?:diff|grep)?|wd.db|ython[2-3])|r(?:(?:bas|ealpat)h|m(?:dir[sv&)<>|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h.distri|pwd.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[sv&)<>|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:c(?:at|mp)|diff|[e-f]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))" + }, + { + "category": "RCE", + "pattern": "!@rx [0-9]s*'s*[0-9]" }, { "category": "RCE", @@ -933,7 +921,7 @@ }, { "category": "RCE", - "pattern": "@rx ba[" + "pattern": "@rx ba[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?sb[sv]+[!-\"%',0-9@-Z_a-z]+=[^sv]" }, { "category": "RCE", @@ -941,11 +929,11 @@ }, { "category": "RCE", - "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv" + "pattern": "@rx (?i)(?:t[\"^]*i[\"^]*m[\"^]*e|[nr;`{]|||?|&&?)[sv]*[sv\"'-(,@]*(?:[\"'.-9A-Z_a-z]+/|(?:[\"'x5c^]*[0-9A-Z_a-z][\"'x5c^]*:.*|[ \"'.-9A-Zx5c^-_a-z]*)x5c)?[\"^]*(?:a[\"^]*(?:c[\"^]*c[\"^]*c[\"^]*h[\"^]*e[\"^]*c[\"^]*k[\"^]*c[\"^]*o[\"^]*n[\"^]*s[\"^]*o[\"^]*l[\"^]*e|d[\"^]*(?:p[\"^]*l[\"^]*u[\"^]*s|v[\"^]*p[\"^]*a[\"^]*c[\"^]*k)|(?:g[\"^]*e[\"^]*n[\"^]*t[\"^]*e[\"^]*x[\"^]*e[\"^]*c[\"^]*u[\"^]*t[\"^]*o|s[\"^]*p[\"^]*n[\"^]*e[\"^]*t[\"^]*_[\"^]*c[\"^]*o[\"^]*m[\"^]*p[\"^]*i[\"^]*l[\"^]*e)[\"^]*r|p[\"^]*p[\"^]*(?:i[\"^]*n[\"^]*s[\"^]*t[\"^]*a[\"^]*l[\"^]*l[\"^]*e[\"^]*r|v[\"^]*l[\"^]*p)|t[\"^]*(?:[sv,.-/;-<>].*|b[\"^]*r[\"^]*o[\"^]*k[\"^]*e[\"^]*r))|b[\"^]*(?:a[\"^]*s[\"^]*h|g[\"^]*i[\"^]*n[\"^]*f[\"^]*o|i[\"^]*t[\"^]*s[\"^]*a[\"^]*d[\"^]*m[\"^]*i[\"^]*n)|c[\"^]*(?:d[\"^]*b|e[\"^]*r[\"^]*t[\"^]*(?:o[\"^]*c|r[\"^]*e[\"^]*q|u[\"^]*t[\"^]*i[\"^]*l)|l[\"^]*_[\"^]*(?:i[\"^]*n[\"^]*v[\"^]*o[\"^]*c[\"^]*a[\"^]*t[\"^]*i[\"^]*o[\"^]*n|l[\"^]*o[\"^]*a[\"^]*d[\"^]*a[\"^]*s[\"^]*s[\"^]*e[\"^]*m[\"^]*b[\"^]*l[\"^]*y|m[\"^]*u[\"^]*t[\"^]*e[\"^]*x[\"^]*v[\"^]*e[\"^]*r[\"^]*i[\"^]*f[\"^]*i[\"^]*e[\"^]*r[\"^]*s)|m[\"^]*(?:d(?:[\"^]*(?:k[\"^]*e[\"^]*y|l[\"^]*3[\"^]*2))?|s[\"^]*t[\"^]*p)|o[\"^]*(?:m[\"^]*s[\"^]*v[\"^]*c[\"^]*s|n[\"^]*(?:f[\"^]*i[\"^]*g[\"^]*s[\"^]*e[\"^]*c[\"^]*u[\"^]*r[\"^]*i[\"^]*t[\"^]*y[\"^]*p[\"^]*o[\"^]*l[\"^]*i[\"^]*c[\"^]*y|h[\"^]*o[\"^]*s[\"^]*t|t[\"^]*r[\"^]*o[\"^]*l)|r[\"^]*e[\"^]*g[\"^]*e[\"^]*n)|r[\"^]*e[\"^]*a[\"^]*t[\"^]*e[\"^]*d[\"^]*u[\"^]*m[\"^]*p|s[\"^]*(?:c(?:[\"^]*r[\"^]*i[\"^]*p[\"^]*t)?|i)|u[\"^]*s[\"^]*t[\"^]*o[\"^]*m[\"^]*s[\"^]*h[\"^]*e[\"^]*l[\"^]*l[\"^]*h[\"^]*o[\"^]*s[\"^]*t)|d[\"^]*(?:a[\"^]*t[\"^]*a[\"^]*s[\"^]*v[\"^]*c[\"^]*u[\"^]*t[\"^]*i[\"^]*l|e[\"^]*(?:f[\"^]*a[\"^]*u[\"^]*l[\"^]*t[\"^]*p[\"^]*a[\"^]*c[\"^]*k|s[\"^]*k(?:[\"^]*t[\"^]*o[\"^]*p[\"^]*i[\"^]*m[\"^]*g[\"^]*d[\"^]*o[\"^]*w[\"^]*n[\"^]*l[\"^]*d[\"^]*r)?|v[\"^]*(?:i[\"^]*c[\"^]*e[\"^]*c[\"^]*r[\"^]*e[\"^]*d[\"^]*e[\"^]*n[\"^]*t[\"^]*i[\"^]*a[\"^]*l[\"^]*d[\"^]*e[\"^]*p[\"^]*l[\"^]*o[\"^]*y[\"^]*m[\"^]*e[\"^]*n[\"^]*t|t[\"^]*o[\"^]*o[\"^]*l[\"^]*s[\"^]*l[\"^]*a[\"^]*u[\"^]*n[\"^]*c[\"^]*h[\"^]*e[\"^]*r))|f[\"^]*s[\"^]*(?:h[\"^]*i[\"^]*m|v[\"^]*c)|i[\"^]*(?:a[\"^]*n[\"^]*t[\"^]*z|s[\"^]*k[\"^]*s[\"^]*h[\"^]*a[\"^]*d[\"^]*o[\"^]*w)|n[\"^]*(?:s[\"^]*c[\"^]*m[\"^]*d|x)|o[\"^]*t[\"^]*n[\"^]*e[\"^]*t|u[\"^]*m[\"^]*p[\"^]*6[\"^]*4|x[\"^]*c[\"^]*a[\"^]*p)|e[\"^]*(?:s[\"^]*e[\"^]*n[\"^]*t[\"^]*u[\"^]*t[\"^]*l|v[\"^]*e[\"^]*n[\"^]*t[\"^]*v[\"^]*w[\"^]*r|x[\"^]*(?:c[\"^]*e[\"^]*l|p[\"^]*(?:a[\"^]*n[\"^]*d|l[\"^]*o[\"^]*r[\"^]*e[\"^]*r)|t[\"^]*(?:e[\"^]*x[\"^]*p[\"^]*o[\"^]*r[\"^]*t|r[\"^]*a[\"^]*c[\"^]*3[\"^]*2)))|f[\"^]*(?:i[\"^]*n[\"^]*(?:d[\"^]*s[\"^]*t|g[\"^]*e)[\"^]*r|l[\"^]*t[\"^]*m[\"^]*c|o[\"^]*r[\"^]*f[\"^]*i[\"^]*l[\"^]*e[\"^]*s|s[\"^]*(?:i(?:[\"^]*a[\"^]*n[\"^]*y[\"^]*c[\"^]*p[\"^]*u)?|u[\"^]*t[\"^]*i[\"^]*l)|t[\"^]*p)|g[\"^]*(?:f[\"^]*x[\"^]*d[\"^]*o[\"^]*w[\"^]*n[\"^]*l[\"^]*o[\"^]*a[\"^]*d[\"^]*w[\"^]*r[\"^]*a[\"^]*p[\"^]*p[\"^]*e[\"^]*r|p[\"^]*s[\"^]*c[\"^]*r[\"^]*i[\"^]*p[\"^]*t)|h[\"^]*h|i[\"^]*(?:e[\"^]*(?:4[\"^]*u[\"^]*i[\"^]*n[\"^]*i[\"^]*t|a[\"^]*d[\"^]*v[\"^]*p[\"^]*a[\"^]*c[\"^]*k|e[\"^]*x[\"^]*e[\"^]*c|f[\"^]*r[\"^]*a[\"^]*m[\"^]*e)|l[\"^]*a[\"^]*s[\"^]*m|m[\"^]*e[\"^]*w[\"^]*d[\"^]*b[\"^]*l[\"^]*d|n[\"^]*(?:f[\"^]*d[\"^]*e[\"^]*f[\"^]*a[\"^]*u[\"^]*l[\"^]*t[\"^]*i[\"^]*n[\"^]*s[\"^]*t[\"^]*a[\"^]*l|s[\"^]*t[\"^]*a[\"^]*l[\"^]*l[\"^]*u[\"^]*t[\"^]*i)[\"^]*l)|j[\"^]*s[\"^]*c|l[\"^]*(?:a[\"^]*u[\"^]*n[\"^]*c[\"^]*h[\"^]*-[\"^]*v[\"^]*s[\"^]*d[\"^]*e[\"^]*v[\"^]*s[\"^]*h[\"^]*e[\"^]*l[\"^]*l|d[\"^]*i[\"^]*f[\"^]*d[\"^]*e)|m[\"^]*(?:a[\"^]*(?:k[\"^]*e[\"^]*c[\"^]*a[\"^]*b|n[\"^]*a[\"^]*g[\"^]*e[\"^]*-[\"^]*b[\"^]*d[\"^]*e|v[\"^]*i[\"^]*n[\"^]*j[\"^]*e[\"^]*c[\"^]*t)|f[\"^]*t[\"^]*r[\"^]*a[\"^]*c[\"^]*e|i[\"^]*c[\"^]*r[\"^]*o[\"^]*s[\"^]*o[\"^]*f[\"^]*t|m[\"^]*c|p[\"^]*c[\"^]*m[\"^]*d[\"^]*r[\"^]*u[\"^]*n|s[\"^]*(?:(?:b[\"^]*u[\"^]*i[\"^]*l|o[\"^]*h[\"^]*t[\"^]*m[\"^]*e)[\"^]*d|c[\"^]*o[\"^]*n[\"^]*f[\"^]*i[\"^]*g|d[\"^]*(?:e[\"^]*p[\"^]*l[\"^]*o[\"^]*y|t)|h[\"^]*t[\"^]*(?:a|m[\"^]*l)|i[\"^]*e[\"^]*x[\"^]*e[\"^]*c|p[\"^]*u[\"^]*b|x[\"^]*s[\"^]*l))|n[\"^]*(?:e[\"^]*t[\"^]*s[\"^]*h|t[\"^]*d[\"^]*s[\"^]*u[\"^]*t[\"^]*i[\"^]*l)|o[\"^]*(?:d[\"^]*b[\"^]*c[\"^]*c[\"^]*o[\"^]*n[\"^]*f|f[\"^]*f[\"^]*l[\"^]*i[\"^]*n[\"^]*e[\"^]*s[\"^]*c[\"^]*a[\"^]*n[\"^]*n[\"^]*e[\"^]*r[\"^]*s[\"^]*h[\"^]*e[\"^]*l[\"^]*l|n[\"^]*e[\"^]*d[\"^]*r[\"^]*i[\"^]*v[\"^]*e[\"^]*s[\"^]*t[\"^]*a[\"^]*n[\"^]*d[\"^]*a[\"^]*l[\"^]*o[\"^]*n[\"^]*e[\"^]*u[\"^]*p[\"^]*d[\"^]*a[\"^]*t[\"^]*e[\"^]*r|p[\"^]*e[\"^]*n[\"^]*c[\"^]*o[\"^]*n[\"^]*s[\"^]*o[\"^]*l[\"^]*e)|p[\"^]*(?:c[\"^]*(?:a[\"^]*l[\"^]*u[\"^]*a|w[\"^]*(?:r[\"^]*u[\"^]*n|u[\"^]*t[\"^]*l))|(?:e[\"^]*s[\"^]*t[\"^]*e|s)[\"^]*r|(?:k[\"^]*t[\"^]*m[\"^]*o|u[\"^]*b[\"^]*p[\"^]*r)[\"^]*n|n[\"^]*p[\"^]*u[\"^]*t[\"^]*i[\"^]*l|o[\"^]*w[\"^]*e[\"^]*r[\"^]*p[\"^]*n[\"^]*t|r[\"^]*(?:e[\"^]*s[\"^]*e[\"^]*n[\"^]*t[\"^]*a[\"^]*t[\"^]*i[\"^]*o[\"^]*n[\"^]*h[\"^]*o[\"^]*s[\"^]*t|i[\"^]*n[\"^]*t(?:[\"^]*b[\"^]*r[\"^]*m)?|o[\"^]*(?:c[\"^]*d[\"^]*u[\"^]*m[\"^]*p|t[\"^]*o[\"^]*c[\"^]*o[\"^]*l[\"^]*h[\"^]*a[\"^]*n[\"^]*d[\"^]*l[\"^]*e[\"^]*r)))|r[\"^]*(?:a[\"^]*s[\"^]*a[\"^]*u[\"^]*t[\"^]*o[\"^]*u|c[\"^]*s[\"^]*i|(?:d[\"^]*r[\"^]*l[\"^]*e[\"^]*a[\"^]*k[\"^]*d[\"^]*i[\"^]*a|p[\"^]*c[\"^]*p[\"^]*i[\"^]*n)[\"^]*g|e[\"^]*(?:g(?:[\"^]*(?:a[\"^]*s[\"^]*m|e[\"^]*d[\"^]*i[\"^]*t|i[\"^]*(?:n[\"^]*i|s[\"^]*t[\"^]*e[\"^]*r[\"^]*-[\"^]*c[\"^]*i[\"^]*m[\"^]*p[\"^]*r[\"^]*o[\"^]*v[\"^]*i[\"^]*d[\"^]*e[\"^]*r)|s[\"^]*v[\"^]*(?:c[\"^]*s|r[\"^]*3[\"^]*2)))?|(?:m[\"^]*o[\"^]*t|p[\"^]*l[\"^]*a[\"^]*c)[\"^]*e)|u[\"^]*n[\"^]*(?:d[\"^]*l[\"^]*l[\"^]*3[\"^]*2|(?:e[\"^]*x[\"^]*e|s[\"^]*c[\"^]*r[\"^]*i[\"^]*p[\"^]*t)[\"^]*h[\"^]*e[\"^]*l[\"^]*p[\"^]*e[\"^]*r|o[\"^]*n[\"^]*c[\"^]*e))|s[\"^]*(?:c[\"^]*(?:[sv,.-/;-<>].*|h[\"^]*t[\"^]*a[\"^]*s[\"^]*k[\"^]*s|r[\"^]*i[\"^]*p[\"^]*t[\"^]*r[\"^]*u[\"^]*n[\"^]*n[\"^]*e[\"^]*r)|e[\"^]*t[\"^]*(?:r[\"^]*e[\"^]*s|t[\"^]*i[\"^]*n[\"^]*g[\"^]*s[\"^]*y[\"^]*n[\"^]*c[\"^]*h[\"^]*o[\"^]*s[\"^]*t|u[\"^]*p[\"^]*a[\"^]*p[\"^]*i)|h[\"^]*(?:d[\"^]*o[\"^]*c[\"^]*v[\"^]*w|e[\"^]*l[\"^]*l[\"^]*3[\"^]*2)|q[\"^]*(?:l[\"^]*(?:d[\"^]*u[\"^]*m[\"^]*p[\"^]*e[\"^]*r|(?:t[\"^]*o[\"^]*o[\"^]*l[\"^]*s[\"^]*)?p[\"^]*s)|u[\"^]*i[\"^]*r[\"^]*r[\"^]*e[\"^]*l)|s[\"^]*h|t[\"^]*o[\"^]*r[\"^]*d[\"^]*i[\"^]*a[\"^]*g|y[\"^]*(?:n[\"^]*c[\"^]*a[\"^]*p[\"^]*p[\"^]*v[\"^]*p[\"^]*u[\"^]*b[\"^]*l[\"^]*i[\"^]*s[\"^]*h[\"^]*i[\"^]*n[\"^]*g[\"^]*s[\"^]*e[\"^]*r[\"^]*v[\"^]*e[\"^]*r|s[\"^]*s[\"^]*e[\"^]*t[\"^]*u[\"^]*p))|t[\"^]*(?:e[\"^]*[sv,.-/;-<>].*|r[\"^]*a[\"^]*c[\"^]*k[\"^]*e[\"^]*r|t[\"^]*(?:d[\"^]*i[\"^]*n[\"^]*j[\"^]*e[\"^]*c[\"^]*t|t[\"^]*r[\"^]*a[\"^]*c[\"^]*e[\"^]*r))|u[\"^]*(?:n[\"^]*r[\"^]*e[\"^]*g[\"^]*m[\"^]*p[\"^]*2|p[\"^]*d[\"^]*a[\"^]*t[\"^]*e|r[\"^]*l|t[\"^]*i[\"^]*l[\"^]*i[\"^]*t[\"^]*y[\"^]*f[\"^]*u[\"^]*n[\"^]*c[\"^]*t[\"^]*i[\"^]*o[\"^]*n[\"^]*s)|v[\"^]*(?:b[\"^]*c|e[\"^]*r[\"^]*c[\"^]*l[\"^]*s[\"^]*i[\"^]*d|i[\"^]*s[\"^]*u[\"^]*a[\"^]*l[\"^]*u[\"^]*i[\"^]*a[\"^]*v[\"^]*e[\"^]*r[\"^]*i[\"^]*f[\"^]*y[\"^]*n[\"^]*a[\"^]*t[\"^]*i[\"^]*v[\"^]*e|s[\"^]*(?:i[\"^]*i[\"^]*s[\"^]*e[\"^]*x[\"^]*e[\"^]*l[\"^]*a[\"^]*u[\"^]*n[\"^]*c[\"^]*h|j[\"^]*i[\"^]*t[\"^]*d[\"^]*e[\"^]*b[\"^]*u[\"^]*g[\"^]*g)[\"^]*e[\"^]*r)|w[\"^]*(?:a[\"^]*b|(?:f|m[\"^]*i)[\"^]*c|i[\"^]*n[\"^]*(?:g[\"^]*e[\"^]*t|r[\"^]*m|w[\"^]*o[\"^]*r[\"^]*d)|l[\"^]*r[\"^]*m[\"^]*d[\"^]*r|o[\"^]*r[\"^]*k[\"^]*f[\"^]*o[\"^]*l[\"^]*d[\"^]*e[\"^]*r[\"^]*s|s[\"^]*(?:(?:c[\"^]*r[\"^]*i[\"^]*p|r[\"^]*e[\"^]*s[\"^]*e)[\"^]*t|l)|t[\"^]*[sv,.-/;-<>].*|u[\"^]*a[\"^]*u[\"^]*c[\"^]*l[\"^]*t)|x[\"^]*w[\"^]*i[\"^]*z[\"^]*a[\"^]*r[\"^]*d|z[\"^]*i[\"^]*p[\"^]*f[\"^]*l[\"^]*d[\"^]*r)(?:.[\"^]*[0-9A-Z_a-z]+)?b" }, { "category": "RCE", - "pattern": "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv" + "pattern": "@rx (?i)(?:t[\"^]*i[\"^]*m[\"^]*e|[nr;`{]|||?|&&?)[sv]*[sv\"'-(,@]*(?:[\"'.-9A-Z_a-z]+/|(?:[\"'x5c^]*[0-9A-Z_a-z][\"'x5c^]*:.*|[ \"'.-9A-Zx5c^-_a-z]*)x5c)?[\"^]*(?:a[\"^]*(?:s[\"^]*s[\"^]*o[\"^]*c|t[\"^]*(?:m[\"^]*a[\"^]*d[\"^]*m|t[\"^]*r[\"^]*i[\"^]*b)|u[\"^]*(?:d[\"^]*i[\"^]*t[\"^]*p[\"^]*o[\"^]*l|t[\"^]*o[\"^]*(?:c[\"^]*(?:h[\"^]*k|o[\"^]*n[\"^]*v)|(?:f[\"^]*m|m[\"^]*o[\"^]*u[\"^]*n)[\"^]*t)))|b[\"^]*(?:c[\"^]*d[\"^]*(?:b[\"^]*o[\"^]*o|e[\"^]*d[\"^]*i)[\"^]*t|(?:d[\"^]*e[\"^]*h[\"^]*d|o[\"^]*o[\"^]*t)[\"^]*c[\"^]*f[\"^]*g|i[\"^]*t[\"^]*s[\"^]*a[\"^]*d[\"^]*m[\"^]*i[\"^]*n)|c[\"^]*(?:a[\"^]*c[\"^]*l[\"^]*s|e[\"^]*r[\"^]*t[\"^]*(?:r[\"^]*e[\"^]*q|u[\"^]*t[\"^]*i[\"^]*l)|h[\"^]*(?:c[\"^]*p|d[\"^]*i[\"^]*r|g[\"^]*(?:l[\"^]*o[\"^]*g[\"^]*o[\"^]*n|p[\"^]*o[\"^]*r[\"^]*t|u[\"^]*s[\"^]*r)|k[\"^]*(?:d[\"^]*s[\"^]*k|n[\"^]*t[\"^]*f[\"^]*s))|l[\"^]*e[\"^]*a[\"^]*n[\"^]*m[\"^]*g[\"^]*r|m[\"^]*(?:d(?:[\"^]*k[\"^]*e[\"^]*y)?|s[\"^]*t[\"^]*p)|s[\"^]*c[\"^]*r[\"^]*i[\"^]*p[\"^]*t)|d[\"^]*(?:c[\"^]*(?:d[\"^]*i[\"^]*a[\"^]*g|g[\"^]*p[\"^]*o[\"^]*f[\"^]*i[\"^]*x)|e[\"^]*(?:f[\"^]*r[\"^]*a[\"^]*g|l)|f[\"^]*s[\"^]*(?:d[\"^]*i[\"^]*a|r[\"^]*m[\"^]*i)[\"^]*g|i[\"^]*(?:a[\"^]*n[\"^]*t[\"^]*z|r|s[\"^]*(?:k[\"^]*(?:c[\"^]*o[\"^]*(?:m[\"^]*p|p[\"^]*y)|p[\"^]*(?:a[\"^]*r[\"^]*t|e[\"^]*r[\"^]*f)|r[\"^]*a[\"^]*i[\"^]*d|s[\"^]*h[\"^]*a[\"^]*d[\"^]*o[\"^]*w)|p[\"^]*d[\"^]*i[\"^]*a[\"^]*g))|n[\"^]*s[\"^]*c[\"^]*m[\"^]*d|(?:o[\"^]*s[\"^]*k[\"^]*e|r[\"^]*i[\"^]*v[\"^]*e[\"^]*r[\"^]*q[\"^]*u[\"^]*e[\"^]*r)[\"^]*y)|e[\"^]*(?:n[\"^]*d[\"^]*l[\"^]*o[\"^]*c[\"^]*a[\"^]*l|v[\"^]*e[\"^]*n[\"^]*t[\"^]*c[\"^]*r[\"^]*e[\"^]*a[\"^]*t[\"^]*e)|E[\"^]*v[\"^]*n[\"^]*t[\"^]*c[\"^]*m[\"^]*d|f[\"^]*(?:c|i[\"^]*(?:l[\"^]*e[\"^]*s[\"^]*y[\"^]*s[\"^]*t[\"^]*e[\"^]*m[\"^]*s|n[\"^]*d[\"^]*s[\"^]*t[\"^]*r)|l[\"^]*a[\"^]*t[\"^]*t[\"^]*e[\"^]*m[\"^]*p|o[\"^]*r(?:[\"^]*f[\"^]*i[\"^]*l[\"^]*e[\"^]*s)?|r[\"^]*e[\"^]*e[\"^]*d[\"^]*i[\"^]*s[\"^]*k|s[\"^]*u[\"^]*t[\"^]*i[\"^]*l|(?:t[\"^]*y[\"^]*p|v[\"^]*e[\"^]*u[\"^]*p[\"^]*d[\"^]*a[\"^]*t)[\"^]*e)|g[\"^]*(?:e[\"^]*t[\"^]*(?:m[\"^]*a[\"^]*c|t[\"^]*y[\"^]*p[\"^]*e)|o[\"^]*t[\"^]*o|p[\"^]*(?:f[\"^]*i[\"^]*x[\"^]*u[\"^]*p|(?:r[\"^]*e[\"^]*s[\"^]*u[\"^]*l[\"^]*)?t|u[\"^]*p[\"^]*d[\"^]*a[\"^]*t[\"^]*e)|r[\"^]*a[\"^]*f[\"^]*t[\"^]*a[\"^]*b[\"^]*l)|h[\"^]*(?:e[\"^]*l[\"^]*p[\"^]*c[\"^]*t[\"^]*r|o[\"^]*s[\"^]*t[\"^]*n[\"^]*a[\"^]*m[\"^]*e)|i[\"^]*(?:c[\"^]*a[\"^]*c[\"^]*l[\"^]*s|f|p[\"^]*(?:c[\"^]*o[\"^]*n[\"^]*f[\"^]*i[\"^]*g|x[\"^]*r[\"^]*o[\"^]*u[\"^]*t[\"^]*e)|r[\"^]*f[\"^]*t[\"^]*p)|j[\"^]*e[\"^]*t[\"^]*p[\"^]*a[\"^]*c[\"^]*k|k[\"^]*(?:l[\"^]*i[\"^]*s[\"^]*t|s[\"^]*e[\"^]*t[\"^]*u[\"^]*p|t[\"^]*(?:m[\"^]*u[\"^]*t[\"^]*i[\"^]*l|p[\"^]*a[\"^]*s[\"^]*s))|l[\"^]*(?:o[\"^]*(?:d[\"^]*c[\"^]*t[\"^]*r|g[\"^]*(?:m[\"^]*a[\"^]*n|o[\"^]*f[\"^]*f))|p[\"^]*[q-r])|m[\"^]*(?:a[\"^]*(?:c[\"^]*f[\"^]*i[\"^]*l[\"^]*e|k[\"^]*e[\"^]*c[\"^]*a[\"^]*b|p[\"^]*a[\"^]*d[\"^]*m[\"^]*i[\"^]*n)|k[\"^]*(?:d[\"^]*i[\"^]*r|l[\"^]*i[\"^]*n[\"^]*k)|m[\"^]*c|o[\"^]*u[\"^]*n[\"^]*t[\"^]*v[\"^]*o[\"^]*l|q[\"^]*(?:b[\"^]*k[\"^]*u[\"^]*p|(?:t[\"^]*g[\"^]*)?s[\"^]*v[\"^]*c)|s[\"^]*(?:d[\"^]*t|i[\"^]*(?:e[\"^]*x[\"^]*e[\"^]*c|n[\"^]*f[\"^]*o[\"^]*3[\"^]*2)|t[\"^]*s[\"^]*c))|n[\"^]*(?:b[\"^]*t[\"^]*s[\"^]*t[\"^]*a[\"^]*t|e[\"^]*t[\"^]*(?:c[\"^]*f[\"^]*g|d[\"^]*o[\"^]*m|s[\"^]*(?:h|t[\"^]*a[\"^]*t))|f[\"^]*s[\"^]*(?:a[\"^]*d[\"^]*m[\"^]*i[\"^]*n|s[\"^]*(?:h[\"^]*a[\"^]*r[\"^]*e|t[\"^]*a[\"^]*t))|l[\"^]*(?:b[\"^]*m[\"^]*g[\"^]*r|t[\"^]*e[\"^]*s[\"^]*t)|s[\"^]*l[\"^]*o[\"^]*o[\"^]*k[\"^]*u[\"^]*p|t[\"^]*(?:b[\"^]*a[\"^]*c[\"^]*k[\"^]*u[\"^]*p|c[\"^]*m[\"^]*d[\"^]*p[\"^]*r[\"^]*o[\"^]*m[\"^]*p[\"^]*t|f[\"^]*r[\"^]*s[\"^]*u[\"^]*t[\"^]*l))|o[\"^]*(?:f[\"^]*f[\"^]*l[\"^]*i[\"^]*n[\"^]*e|p[\"^]*e[\"^]*n[\"^]*f[\"^]*i[\"^]*l[\"^]*e[\"^]*s)|p[\"^]*(?:a[\"^]*(?:g[\"^]*e[\"^]*f[\"^]*i[\"^]*l[\"^]*e[\"^]*c[\"^]*o[\"^]*n[\"^]*f[\"^]*i|t[\"^]*h[\"^]*p[\"^]*i[\"^]*n)[\"^]*g|(?:b[\"^]*a[\"^]*d[\"^]*m[\"^]*i|k[\"^]*t[\"^]*m[\"^]*o)[\"^]*n|e[\"^]*(?:n[\"^]*t[\"^]*n[\"^]*t|r[\"^]*f[\"^]*m[\"^]*o[\"^]*n)|n[\"^]*p[\"^]*u[\"^]*(?:n[\"^]*a[\"^]*t[\"^]*t[\"^]*e[\"^]*n[\"^]*d|t[\"^]*i[\"^]*l)|o[\"^]*(?:p[\"^]*d|w[\"^]*e[\"^]*r[\"^]*s[\"^]*h[\"^]*e[\"^]*l[\"^]*l)|r[\"^]*n[\"^]*(?:c[\"^]*n[\"^]*f[\"^]*g|(?:d[\"^]*r[\"^]*v|m[\"^]*n[\"^]*g)[\"^]*r|j[\"^]*o[\"^]*b[\"^]*s|p[\"^]*o[\"^]*r[\"^]*t|q[\"^]*c[\"^]*t[\"^]*l)|u[\"^]*(?:b[\"^]*p[\"^]*r[\"^]*n|s[\"^]*h[\"^]*(?:d|p[\"^]*r[\"^]*i[\"^]*n[\"^]*t[\"^]*e[\"^]*r[\"^]*c[\"^]*o[\"^]*n[\"^]*n[\"^]*e[\"^]*c[\"^]*t[\"^]*i[\"^]*o[\"^]*n[\"^]*s))|w[\"^]*(?:l[\"^]*a[\"^]*u[\"^]*n[\"^]*c[\"^]*h[\"^]*e[\"^]*r|s[\"^]*h))|q[\"^]*(?:a[\"^]*p[\"^]*p[\"^]*s[\"^]*r[\"^]*v|p[\"^]*r[\"^]*o[\"^]*c[\"^]*e[\"^]*s[\"^]*s|u[\"^]*s[\"^]*e[\"^]*r|w[\"^]*i[\"^]*n[\"^]*s[\"^]*t[\"^]*a)|r[\"^]*(?:d(?:[\"^]*p[\"^]*s[\"^]*i[\"^]*g[\"^]*n)?|e[\"^]*(?:f[\"^]*s[\"^]*u[\"^]*t[\"^]*i[\"^]*l|g(?:[\"^]*(?:i[\"^]*n[\"^]*i|s[\"^]*v[\"^]*r[\"^]*3[\"^]*2))?|l[\"^]*o[\"^]*g|(?:(?:p[\"^]*a[\"^]*d[\"^]*m[\"^]*i|s[\"^]*c[\"^]*a)[\"^]*)?n|x[\"^]*e[\"^]*c)|i[\"^]*s[\"^]*e[\"^]*t[\"^]*u[\"^]*p|m[\"^]*d[\"^]*i[\"^]*r|o[\"^]*b[\"^]*o[\"^]*c[\"^]*o[\"^]*p[\"^]*y|p[\"^]*c[\"^]*(?:i[\"^]*n[\"^]*f[\"^]*o|p[\"^]*i[\"^]*n[\"^]*g)|s[\"^]*h|u[\"^]*n[\"^]*d[\"^]*l[\"^]*l[\"^]*3[\"^]*2|w[\"^]*i[\"^]*n[\"^]*s[\"^]*t[\"^]*a)|s[\"^]*(?:a[\"^]*n|c[\"^]*(?:h[\"^]*t[\"^]*a[\"^]*s[\"^]*k[\"^]*s|w[\"^]*c[\"^]*m[\"^]*d)|e[\"^]*(?:c[\"^]*e[\"^]*d[\"^]*i[\"^]*t|r[\"^]*v[\"^]*e[\"^]*r[\"^]*(?:(?:c[\"^]*e[\"^]*i[\"^]*p|w[\"^]*e[\"^]*r)[\"^]*o[\"^]*p[\"^]*t[\"^]*i[\"^]*n|m[\"^]*a[\"^]*n[\"^]*a[\"^]*g[\"^]*e[\"^]*r[\"^]*c[\"^]*m[\"^]*d)|t[\"^]*x)|f[\"^]*c|(?:h[\"^]*o[\"^]*w[\"^]*m[\"^]*o[\"^]*u[\"^]*n|u[\"^]*b[\"^]*s)[\"^]*t|x[\"^]*s[\"^]*t[\"^]*r[\"^]*a[\"^]*c[\"^]*e|y[\"^]*s[\"^]*(?:o[\"^]*c[\"^]*m[\"^]*g[\"^]*r|t[\"^]*e[\"^]*m[\"^]*i[\"^]*n[\"^]*f[\"^]*o))|t[\"^]*(?:a[\"^]*(?:k[\"^]*e[\"^]*o[\"^]*w[\"^]*n|p[\"^]*i[\"^]*c[\"^]*f[\"^]*g|s[\"^]*k[\"^]*(?:k[\"^]*i[\"^]*l[\"^]*l|l[\"^]*i[\"^]*s[\"^]*t))|(?:c[\"^]*m[\"^]*s[\"^]*e[\"^]*t[\"^]*u|f[\"^]*t)[\"^]*p|(?:(?:e[\"^]*l[\"^]*n[\"^]*e|i[\"^]*m[\"^]*e[\"^]*o[\"^]*u)[\"^]*|r[\"^]*a[\"^]*c[\"^]*e[\"^]*r[\"^]*(?:p[\"^]*)?)t|l[\"^]*n[\"^]*t[\"^]*a[\"^]*d[\"^]*m[\"^]*n|p[\"^]*m[\"^]*(?:t[\"^]*o[\"^]*o[\"^]*l|v[\"^]*s[\"^]*c[\"^]*m[\"^]*g[\"^]*r)|s[\"^]*(?:(?:d[\"^]*i[\"^]*s[\"^]*)?c[\"^]*o[\"^]*n|e[\"^]*c[\"^]*i[\"^]*m[\"^]*p|k[\"^]*i[\"^]*l[\"^]*l|p[\"^]*r[\"^]*o[\"^]*f)|y[\"^]*p[\"^]*e[\"^]*p[\"^]*e[\"^]*r[\"^]*f|z[\"^]*u[\"^]*t[\"^]*i[\"^]*l)|u[\"^]*n[\"^]*(?:e[\"^]*x[\"^]*p[\"^]*o[\"^]*s[\"^]*e|i[\"^]*q[\"^]*u[\"^]*e[\"^]*i[\"^]*d|l[\"^]*o[\"^]*d[\"^]*c[\"^]*t[\"^]*r)|v[\"^]*(?:o[\"^]*l|s[\"^]*s[\"^]*a[\"^]*d[\"^]*m[\"^]*i[\"^]*n)|w[\"^]*(?:a[\"^]*i[\"^]*t[\"^]*f[\"^]*o[\"^]*r|b[\"^]*a[\"^]*d[\"^]*m[\"^]*i[\"^]*n|(?:d[\"^]*s|e[\"^]*(?:c|v[\"^]*t))[\"^]*u[\"^]*t[\"^]*i[\"^]*l|h[\"^]*(?:e[\"^]*r[\"^]*e|o[\"^]*a[\"^]*m[\"^]*i)|i[\"^]*n[\"^]*(?:n[\"^]*t(?:[\"^]*3[\"^]*2)?|r[\"^]*s)|m[\"^]*i[\"^]*c|s[\"^]*c[\"^]*r[\"^]*i[\"^]*p[\"^]*t)|x[\"^]*c[\"^]*o[\"^]*p[\"^]*y)(?:.[\"^]*[0-9A-Z_a-z]+)?b" }, { "category": "RCE", @@ -957,11 +945,11 @@ }, { "category": "RCE", - "pattern": "@rx (?:b[" + "pattern": "@rx (?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*.[sv].*b" }, { "category": "RCE", - "pattern": "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]" + "pattern": "@rx (?:$(?:((?:(.*)|.*))|{.*})|[<>](.*)|[!?.+])" }, { "category": "RCE", @@ -1001,11 +989,11 @@ }, { "category": "RCE", - "pattern": "@rx (?i).|(?:[sv]*|b[" + "pattern": "@rx (?i).|(?:[sv]*|t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:7[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|G[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?E[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?T|a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:b|(?:p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?t|r(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[jp])?|s(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ks])|b[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[8-9][\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?9|[au][\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|c|(?:m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?p|s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dfu]|i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[gr])|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[bdx]|n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|q[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|s(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?)|f[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[c-dgi]|m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|g[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[chr][\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|o|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dp]|r[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b)|j[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:j[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|q)|k[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|l[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)?|[nps]|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a|z(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|v)|n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[cl]|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|(?:p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|o[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[at][\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?x|d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|f|(?:k[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?g|h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cp]|r(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?y)?|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|c(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dv]|(?:p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dt]|[g-hu]|s(?:[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|v[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cr]|b[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l|[co][\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ex]|i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c)|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|l)|v[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:3[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|c)|x[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:x[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|z)|y[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:e[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)|z[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|s[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h))" }, { "category": "RCE", - "pattern": "@rx (?i)[-0-9_a-z]+(?:[sv]*[" + "pattern": "@rx (?i)[-0-9_a-z]+(?:[\"'[-]]+|$+[!#*-0-9?-@x5c_a-{]+|``|[$<>]())[sv]*[-0-9_a-z]+" }, { "category": "RCE", @@ -1013,7 +1001,7 @@ }, { "category": "RCE", - "pattern": "@rx ;[sv]*.[sv]*[" + "pattern": "@rx ;[sv]*.[sv]*[\"']?(?:a(?:rchive|uth)|b(?:a(?:ckup|il)|inary)|c(?:d|h(?:anges|eck)|lone|onnection)|d(?:atabases|b(?:config|info)|ump)|e(?:cho|qp|x(?:cel|it|p(?:ert|lain)))|f(?:ilectrl|ullschema)|he(?:aders|lp)|i(?:mpo(?:rt|ster)|ndexes|otrace)|l(?:i(?:mi|n)t|o(?:ad|g))|(?:mod|n(?:onc|ullvalu)|unmodul)e|o(?:nce|pen|utput)|p(?:arameter|r(?:int|o(?:gress|mpt)))|quit|re(?:ad|cover|store)|s(?:ave|c(?:anstats|hema)|e(?:lftest|parator|ssion)|h(?:a3sum|ell|ow)?|tats|ystem)|t(?:ables|estc(?:ase|trl)|ime(?:out|r)|race)|vfs(?:info|list|name)|width)" }, { "category": "RCE", @@ -1021,7 +1009,7 @@ }, { "category": "RCE", - "pattern": "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:[" + "pattern": "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:[\"-#%-&*--9A-Zx5c_a-z]+)?(?: ([ x5ca-z]+))?(?: \"?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [+-][0-9]{4}\"?)? {[0-9]{1,20}+?}|UTHENTICATE [-0-9_a-z]{1,20}rn)|L(?:SUB (?:[\"-#*.-9A-Z_a-z~]+)? (?:[\"%-&*.-9A-Zx5c_a-z]+)?|ISTRIGHTS (?:[\"%-&*--9A-Zx5c_a-z]+)?)|S(?:TATUS (?:[\"%-&*--9A-Zx5c_a-z]+)? ((?:U(?:NSEEN|IDNEXT)|MESSAGES|UIDVALIDITY|RECENT| )+)|ETACL (?:[\"%-&*--9A-Zx5c_a-z]+)? [+-][ac-eik-lpr-tw-x]+?)|UID (?:COPY|FETCH|STORE) (?:[*,0-:]+)?|(?:(?:DELETE|GET)ACL|MYRIGHTS) (?:[\"%-&*--9A-Zx5c_a-z]+)?)" }, { "category": "RCE", @@ -1029,11 +1017,11 @@ }, { "category": "RCE", - "pattern": "@rx (?i)(?:^|b[" + "pattern": "@rx (?i)(?:(?:^|=)[sv]*(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*|(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*)[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|an|io|ulimit)|s(?:h|plit|vtool)|u(?:(?:t|rl)[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|inks|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[^sv])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash|nap)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:3m|c|a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))" }, { "category": "RCE", - "pattern": "@rx (?i)(?:^|b[" + "pattern": "@rx (?i)(?:(?:^|=)[sv]*(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*|(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*)[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:c|a(?:ll|tch)[sv&)<>|]|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))" }, { "category": "RCE", @@ -1049,15 +1037,15 @@ }, { "category": "RCE", - "pattern": "@rx (?:b[" + "pattern": "@rx (?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:(?:(?:a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))b" }, { "category": "RCE", - "pattern": "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[sv&)<>|]|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:[sv&)<>|]|-update)|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:(?:f|ms)[sv&)<>|]|l(?:[sv&)5<>|]|sh))|opd|u(?:ppet[sv&)<>|]|shd)|y(?:thon[2-3]|3?versions))|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:(?:facl)?[sv&)<>|]|arch|env|sid)|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))(?:b|[^0-9A-Z_a-z])" + "pattern": "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))b" }, { "category": "RCE", - "pattern": "@rx (?i)(?:^|b[" + "pattern": "@rx (?i)(?:(?:^|=)[sv]*(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*|(?:t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\".*\")[sv]+)*)[sv]*[\"']*(?:[\"'-+--9?A-]_a-z|]+/)?[\"'x5c]*(?:(?:(?:a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))" }, { "category": "RCE", @@ -1069,7 +1057,7 @@ }, { "category": "RCE", - "pattern": "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) [" + "pattern": "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) [\"-#%-&*--9A-Zx5c_a-z]+|APABILITY|HECK|LOSE)|DELETE [\"-#%-&*--.0-9A-Zx5c_a-z]+|EX(?:AMINE [\"-#%-&*--.0-9A-Zx5c_a-z]+|PUNGE)|FETCH [*,0-:]+|L(?:IST [\"-#*--9A-Zx5c_a-z~]+? [\"-#%-&*--9A-Zx5c_a-z]+|OG(?:IN [--.0-9@_a-z]{1,40} .*?|OUT))|RENAME [\"-#%-&*--9A-Zx5c_a-z]+? [\"-#%-&*--9A-Zx5c_a-z]+|S(?:E(?:LECT [\"-#%-&*--9A-Zx5c_a-z]+|ARCH(?: CHARSET [--.0-9A-Z_a-z]{1,40})? (?:(KEYWORD x5c)?(?:A(?:LL|NSWERED)|BCC|D(?:ELETED|RAFT)|(?:FLAGGE|OL)D|RECENT|SEEN|UN(?:(?:ANSWER|FLAGG)ED|D(?:ELETED|RAFT)|SEEN)|NEW)|(?:BODY|CC|FROM|HEADER .{1,100}|NOT|OR .{1,255}|T(?:EXT|O)) .{1,255}|LARGER [0-9]{1,20}|[*,0-:]+|(?:BEFORE|ON|S(?:ENT(?:(?:BEFOR|SINC)E|ON)|INCE)) \"?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4}\"?|S(?:MALLER [0-9]{1,20}|UBJECT .{1,255})|U(?:ID [*,0-:]+?|NKEYWORD x5c(Seen|(?:Answer|Flagg)ed|D(?:eleted|raft)|Recent))))|T(?:ORE [*,0-:]+? [+-]?FLAGS(?:.SILENT)? (?:(x5c[a-z]{1,20}))?|ARTTLS)|UBSCRIBE [\"-#%-&*--9A-Zx5c_a-z]+)|UN(?:SUBSCRIBE [\"-#%-&*--9A-Zx5c_a-z]+|AUTHENTICATE)|NOOP)" }, { "category": "RCE", @@ -1129,11 +1117,11 @@ }, { "category": "PHP", - "pattern": "@rx (?i)b(?[" + "pattern": "@rx (?i)b(?[\"']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:*.**/|/.*)|#.*[sv]|\")*[\"']*)?[sv]*(.*)" }, { "category": "PHP", - "pattern": "@rx [oOcC]:d+:" + "pattern": "@rx [oOcC]:d+:\".+?\":d+:{.*}" }, { "category": "PHP", @@ -1141,7 +1129,7 @@ }, { "category": "PHP", - "pattern": "@rx (?:((?:.+)(?:[" + "pattern": "@rx (?:((?:.+)(?:[\"'][-0-9A-Z_a-z]+[\"'])?(.+|[^)]*string[^)]*)[sv\"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|[\"'][-0-9A-Zx5c_a-z]+[\"'])(.+));" }, { "category": "PHP", @@ -1185,7 +1173,7 @@ }, { "category": "PHP", - "pattern": "@rx (?:((?:.+)(?:[" + "pattern": "@rx (?:((?:.+)(?:[\"'][-0-9A-Z_a-z]+[\"'])?(.+|[^)]*string[^)]*)[sv\"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|[\"'][-0-9A-Zx5c_a-z]+[\"'])(.+))(?:;|$)?" }, { "category": "PHP", @@ -1205,7 +1193,11 @@ }, { "category": "GENERIC", - "pattern": "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[" + "pattern": "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[\"'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)[\"'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[[\"'`](?:debug|error|info|trace|warn)[\"'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[[\"'`](?:(?:resolv|cach)e|main|extensions)[\"'`]])" + }, + { + "category": "GENERIC", + "pattern": "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(" }, { "category": "GENERIC", @@ -1221,11 +1213,11 @@ }, { "category": "GENERIC", - "pattern": "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|" + "pattern": "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\"[^\"]+\"|'[^']+'|`[^`]+`)).*)" }, { "category": "GENERIC", - "pattern": "@rx ^data:(?:(?:*|[^!-" + "pattern": "@rx ^data:(?:(?:*|[^!-\"(-),/:-?[-]{}]+)/(?:*|[^!-\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\"?(?:iso-8859-15?|utf-8|windows-1252)b\"?|(?:[^sv -\"(-),/:-?[-]c{}]|c(?:[^!-\"(-),/:-?[-]h{}]|h(?:[^!-\"(-),/:-?[-]a{}]|a(?:[^!-\"(-),/:-?[-]r{}]|r(?:[^!-\"(-),/:-?[-]s{}]|s(?:[^!-\"(-),/:-?[-]e{}]|e[^!-\"(-),/:-?[-]t{}]))))))[^!-\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\"(-),/:-?[-]{}]+)/(?:*|[^!-\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\"?(?:iso-8859-15?|utf-8|windows-1252)b\"?|(?:[^sv -\"(-),/:-?[-]c{}]|c(?:[^!-\"(-),/:-?[-]h{}]|h(?:[^!-\"(-),/:-?[-]a{}]|a(?:[^!-\"(-),/:-?[-]r{}]|r(?:[^!-\"(-),/:-?[-]s{}]|s(?:[^!-\"(-),/:-?[-]e{}]|e[^!-\"(-),/:-?[-]t{}]))))))[^!-\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*" }, { "category": "GENERIC", @@ -1235,14 +1227,14 @@ "category": "GENERIC", "pattern": "@lt 2" }, - { - "category": "GENERIC", - "pattern": "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(" - }, { "category": "GENERIC", "pattern": "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))" }, + { + "category": "GENERIC", + "pattern": "@rx [s*constructors*]" + }, { "category": "GENERIC", "pattern": "@rx @{.*}" @@ -1293,11 +1285,11 @@ }, { "category": "XSS", - "pattern": "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv" + "pattern": "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv\"'<>]*:)?[^0-9<>A-Z_a-z]*[^0-9A-Z_a-z]*?(?:s[^0-9A-Z_a-z]*?(?:c[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?t|t[^0-9A-Z_a-z]*?y[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e|v[^0-9A-Z_a-z]*?g|e[^0-9A-Z_a-z]*?t[^0-9>A-Z_a-z])|f[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?m|m[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?q[^0-9A-Z_a-z]*?u[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?e|e[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?a[^0-9>A-Z_a-z])|(?:l[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?k|o[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?j[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?c[^0-9A-Z_a-z]*?t|e[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?d|a[^0-9A-Z_a-z]*?(?:p[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?t|u[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?o|n[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?e)|p[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m|i?[^0-9A-Z_a-z]*?f[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?e|b[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?s[^0-9A-Z_a-z]*?e|o[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?y|i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?s)|i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a?[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?e?|v[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?o)[^0-9>A-Z_a-z])|(?:<[0-9A-Z_a-z].*[sv/]|[\"'](?:.*[sv/])?)(?:background|formaction|lowsrc|on(?:a(?:bort|ctivate|d(?:apteradded|dtrack)|fter(?:print|(?:scriptexecu|upda)te)|lerting|n(?:imation(?:cancel|end|iteration|start)|tennastatechange)|ppcommand|u(?:dio(?:end|process|start)|xclick))|b(?:e(?:fore(?:(?:(?:(?:de)?activa|scriptexecu)t|toggl)e|c(?:opy|ut)|editfocus|input|p(?:aste|rint)|u(?:nload|pdate))|gin(?:Event)?)|l(?:ocked|ur)|oun(?:ce|dary)|roadcast|usy)|c(?:a(?:(?:ch|llschang)ed|nplay(?:through)?|rdstatechange)|(?:ell|fstate)change|h(?:a(?:rging(?:time)?cha)?nge|ecking)|l(?:ick|ose)|o(?:m(?:mand(?:update)?|p(?:lete|osition(?:end|start|update)))|n(?:nect(?:ed|ing)|t(?:extmenu|rolselect))|py)|u(?:echange|t))|d(?:ata(?:(?:availabl|chang)e|error|setc(?:hanged|omplete))|blclick|e(?:activate|livery(?:error|success)|vice(?:found|light|(?:mo|orienta)tion|proximity))|i(?:aling|s(?:abled|c(?:hargingtimechange|onnect(?:ed|ing))))|o(?:m(?:a(?:ctivate|ttrmodified)|(?:characterdata|subtree)modified|focus(?:in|out)|mousescroll|node(?:inserted(?:intodocument)?|removed(?:fromdocument)?))|wnloading)|r(?:ag(?:drop|e(?:n(?:d|ter)|xit)|(?:gestur|leav)e|over|start)|op)|urationchange)|e(?:mptied|n(?:abled|d(?:ed|Event)?|ter)|rror(?:update)?|xit)|f(?:ailed|i(?:lterchange|nish)|o(?:cus(?:in|out)?|rm(?:change|input))|ullscreenchange)|g(?:amepad(?:axismove|button(?:down|up)|(?:dis)?connected)|et)|h(?:ashchange|e(?:adphoneschange|l[dp])|olding)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|put|valid))|key(?:down|press|up)|l(?:evelchange|o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|y)|m(?:ark|essage|o(?:use(?:down|enter|(?:lea|mo)ve|o(?:ut|ver)|up|wheel)|ve(?:end|start)?|z(?:a(?:fterpaint|udioavailable)|(?:beforeresiz|orientationchang|t(?:apgestur|imechang))e|(?:edgeui(?:c(?:ancel|omplet)|start)e|network(?:down|up)loa)d|fullscreen(?:change|error)|m(?:agnifygesture(?:start|update)?|ouse(?:hittest|pixelscroll))|p(?:ointerlock(?:change|error)|resstapgesture)|rotategesture(?:start|update)?|s(?:crolledareachanged|wipegesture(?:end|start|update)?))))|no(?:match|update)|o(?:(?:bsolet|(?:ff|n)lin)e|pen|verflow(?:changed)?)|p(?:a(?:ge(?:hide|show)|int|(?:st|us)e)|lay(?:ing)?|o(?:inter(?:down|enter|(?:(?:lea|mo)v|rawupdat)e|o(?:ut|ver)|up)|p(?:state|up(?:hid(?:den|ing)|show(?:ing|n))))|ro(?:gress|pertychange))|r(?:atechange|e(?:adystatechange|ceived|movetrack|peat(?:Event)?|quest|s(?:et|ize|u(?:lt|m(?:e|ing)))|trieving)|ow(?:e(?:nter|xit)|s(?:delete|inserted)))|s(?:croll(?:end)?|e(?:arch|ek(?:complete|ed|ing)|lect(?:ionchange|start)?|n(?:ding|t)|t)|how|(?:ound|peech)(?:end|start)|t(?:a(?:lled|rt|t(?:echange|uschanged))|k(?:comma|sessione)nd|op)|u(?:bmit|ccess|spend)|vg(?:abort|error|(?:un)?load|resize|scroll|zoom))|t(?:ext|ime(?:out|update)|o(?:ggle|uch(?:cancel|en(?:d|ter)|(?:lea|mo)ve|start))|ransition(?:cancel|end|run|start))|u(?:n(?:derflow|handledrejection|load)|p(?:dateready|gradeneeded)|s(?:erproximity|sdreceived))|v(?:ersion|o(?:ic|lum)e)change|w(?:a(?:it|rn)ing|ebkit(?:animation(?:end|iteration|start)|transitionend)|heel)|zoom)|ping|s(?:rc|tyle))[x08-nf-r ]*?=" }, { "category": "XSS", - "pattern": "@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[" + "pattern": "@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[\"']|W*?uW*?rW*?l[sS]*?()|[^-]*?-W*?mW*?oW*?zW*?-W*?bW*?iW*?nW*?dW*?iW*?nW*?g[^:]*?:W*?uW*?rW*?l[sS]*?(" }, { "category": "XSS", @@ -1317,7 +1309,7 @@ }, { "category": "XSS", - "pattern": "@rx (?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." + "pattern": "@rx (?i)(?:v|&#(?:0*8|x0*5)[36];)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*6[26]|x0*(?:98|42));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." }, { "category": "XSS", @@ -1329,7 +1321,7 @@ }, { "category": "XSS", - "pattern": "@rx (?i:?)>|<@|?[&|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)[\"'`][[{].*[]}][\"'`]|json_extract.*(.*)" }, { "category": "SQLI", @@ -1533,11 +1525,15 @@ }, { "category": "SQLI", - "pattern": "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[" + "pattern": "@rx (?:^s*[\"'`;]+|[\"'`]+s*$)" }, { "category": "SQLI", - "pattern": "@rx (?i)[sv" + "pattern": "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[\"'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[sv]*()|r(?:egexp|like)[sv]+binary|not[sv]+between[sv]+(?:0[sv]+and|(?:'[^']*'|\"[^\"]*\")[sv]+and[sv]+(?:'[^']*'|\"[^\"]*\"))|is[sv]+null|like[sv]+(?:null|[0-9A-Z_a-z]+[sv]+escapeb)|(?:^|[^0-9A-Z_a-z])in[sv+]*([sv\"0-9]+[^(-)]*)|[!<->]{1,2}[sv]*allb" + }, + { + "category": "SQLI", + "pattern": "@rx (?i)[sv\"'-)`]*?b([0-9A-Z_a-z]+)b[sv\"'-)`]*?(?:=|<=>|(?:sounds[sv]+)?like|glob|r(?:like|egexp))[sv\"'-)`]*?b([0-9A-Z_a-z]+)b" }, { "category": "SQLI", @@ -1545,7 +1541,7 @@ }, { "category": "SQLI", - "pattern": "@rx (?i)[sv" + "pattern": "@rx (?i)[sv\"'-)`]*?b([0-9A-Z_a-z]+)b[sv\"'-)`]*?(?:![<->]|<[=->]?|>=?|^|is[sv]+not|not[sv]+(?:like|r(?:like|egexp)))[sv\"'-)`]*?b([0-9A-Z_a-z]+)b" }, { "category": "SQLI", @@ -1557,35 +1553,35 @@ }, { "category": "SQLI", - "pattern": "@rx (?i)(?:/*)+[" + "pattern": "@rx (?i)(?:/*)+[\"'`]+[sv]?(?:--|[#{]|/*)?|[\"'`](?:[sv]*(?:(?:x?or|and|div|like|between)[sv-0-9A-Z_a-z]+[(-)+--<->][sv]*[\"'0-9`]|[!=|](?:[sv -!+-0-9=]+.*?[\"'-(`].*?|[sv -!0-9=]+.*?[0-9]+)$|(?:like|print)[^0-9A-Z_a-z]+[\"'-(0-9A-Z_-z]|;)|(?:[<>~]+|[sv]*[^sv0-9A-Z_a-z]?=[sv]*|[^0-9A-Z_a-z]*?[+=]+[^0-9A-Z_a-z]*?)[\"'`])|[0-9][\"'`][sv]+[\"'`][sv]+[0-9]|^admin[sv]*?[\"'`]|[sv\"'-(`][sv]*?glob[^0-9A-Z_a-z]+[\"'-(0-9A-Z_-z]|[sv]is[sv]*?0[^0-9A-Z_a-z]|where[sv][sv,-.0-9A-Z_a-z]+[sv]=" }, { "category": "SQLI", - "pattern": "@rx (?i),.*?[" + "pattern": "@rx (?i),.*?[\"')0-9`-f][\"'`](?:[\"'`].*?[\"'`]|(?:r?n)?z|[^\"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]*?([sv]*?space[sv]*?(" }, { "category": "SQLI", - "pattern": "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[" + "pattern": "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[\"'-)=`]|[0-9](?:[sv]*?(?:and|between|div|like|x?or)[sv]*?[0-9]+[sv]*?[+-]|[sv]+group[sv]+by.+()|/[0-9A-Z_a-z]+;?[sv]+(?:and|between|div|having|like|x?or|select)[^0-9A-Z_a-z]|(?:[#;]|--)[sv]*?(?:alter|drop|(?:insert|update)[sv]*?[0-9A-Z_a-z]{2,})|@.+=[sv]*?([sv]*?select|[^0-9A-Z_a-z]SET[sv]*?@[0-9A-Z_a-z]+" }, { "category": "SQLI", - "pattern": "@rx (?i)[" + "pattern": "@rx (?i)[\"'`][sv]*?(?:(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)[sv]+[sv0-9A-Z_a-z]+=[sv]*?[0-9A-Z_a-z]+[sv]*?having[sv]+|like[^0-9A-Z_a-z]*?[\"'0-9`])|[0-9A-Z_a-z][sv]+like[sv]+[\"'`]|like[sv]*?[\"'`]%|select[sv]+?[sv\"'-),-.0-9A-[]_-z]+from[sv]+" }, { "category": "SQLI", - "pattern": "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[" + "pattern": "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[\"'`][sv]*?(?:[#{]|--)|/*![sv]?[0-9]+|b(?:(?:binary|cha?r)[sv]*?([sv]*?[0-9]|(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between|r(?:egexp|like))[sv]+[0-9A-Z_a-z]+()|(?:|||&&)[sv]*?[0-9A-Z_a-z]+(" }, { "category": "SQLI", - "pattern": "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][" + "pattern": "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][\"'`][sv]*?(?:(?:[+-=@|]+[sv]+?)+|[+-=@|]+)[(0-9]|@@[0-9A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]|[^0-9A-Z_a-z]!+[\"'`][0-9A-Z_a-z]|[\"'`](?:;[sv]*?(?:if|while|begin)|[sv0-9]+=[sv]*?[0-9])|[sv(]+case[0-9]*?[^0-9A-Z_a-z].+[tw]hen[sv(]" }, { "category": "SQLI", - "pattern": "@rx (?i)[" + "pattern": "@rx (?i)[\"'`][sv]*?b(?:x?or|div|like|between|and)b[sv]*?[\"'`]?[0-9]|x5cx(?:2[37]|3d)|^(?:.?[\"'`]$|[\"'x5c`]*?(?:[\"'0-9`]+|[^\"'`]+[\"'`])[sv]*?b(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)b[sv]*?[\"'0-9A-Z_-z][!&(-)+-.@])|[^sv0-9A-Z_a-z][0-9A-Z_a-z]+[sv]*?[-|][sv]*?[\"'`][sv]*?[0-9A-Z_a-z]|@(?:[0-9A-Z_a-z]+[sv]+(?:and|x?or|div|like|between)b[sv]*?[\"'0-9`]+|[-0-9A-Z_a-z]+[sv](?:and|x?or|div|like|between)b[sv]*?[^sv0-9A-Z_a-z])|[^sv0-:A-Z_a-z][sv]*?[0-9][^0-9A-Z_a-z]+[^sv0-9A-Z_a-z][sv]*?[\"'`].|[^0-9A-Z_a-z]information_schema|table_name[^0-9A-Z_a-z]" }, { "category": "SQLI", - "pattern": "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[" + "pattern": "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[\"'`]|[0-9=]+x)|[\"'`](?:[sv]*?(?:[0-9][sv]*?(?:--|#)|is[sv]*?(?:[0-9].+[\"'`]?[0-9A-Z_a-z]|[.0-9]+[sv]*?[^0-9A-Z_a-z].*?[\"'`]))|[%-&<->^]+[0-9][sv]*?(?:=|x?or|div|like|between|and)|(?:[^0-9A-Z_a-z]+[+-0-9A-Z_a-z]+[sv]*?=[sv]*?[0-9][^0-9A-Z_a-z]+||?[-0-9A-Z_a-z]{3,}[^sv,.0-9A-Z_a-z]+)[\"'`]|[sv]*(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)(?:array[sv]*[|[0-9A-Z_a-z]+(?:[sv]*!?~|[sv]+(?:not[sv]+)?similar[sv]+to[sv]+)|(?:tru|fals)eb))|bexcept[sv]+(?:selectb|values[sv]*?()" }, { "category": "SQLI", @@ -1593,23 +1589,23 @@ }, { "category": "SQLI", - "pattern": "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[" + "pattern": "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[\"'`][sv]+regexp[^0-9A-Z_a-z]|[^A-Z_a-z][sv]+asb[sv]*[\"'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:create[sv]+[0-9A-Z_a-z]+|(?:d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load|(?:renam|truncat)e|u(?:pdate|nion[sv]*(?:all|(?:sele|distin)ct))|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject)))b)" }, { "category": "SQLI", - "pattern": "@rx (?i)[" + "pattern": "@rx (?i)[\"'`](?:[sv]*?(?:(?:*.+(?:x?or|div|like|between|(?:an|i)d)[^0-9A-Z_a-z]*?[\"'`]|(?:x?or|div|like|between|and)[sv][^0-9]+[-0-9A-Z_a-z]+.*?)[0-9]|[^sv0-9?A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]+[sv]*?[\"'`]|[^sv0-9A-Z_a-z]+[sv]*?[^A-Z_a-z].*?(?:#|--))|.*?*[sv]*?[0-9])|^[\"'`]|[%(-+-<>][-0-9A-Z_a-z]+[^sv0-9A-Z_a-z]+[\"'`][^,]" }, { "category": "SQLI", - "pattern": "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[" + "pattern": "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[\"'][^=]{1,10}[ \"'<-?[]+))|ex(?:ecute(?:(|[sv]{1,5}[$.0-9A-Z_a-z]{1,5}[sv]{0,3})|ists[sv]*?([sv]*?selectb)|(?:create[sv]+?table.{0,20}?|like[^0-9A-Z_a-z]*?char[^0-9A-Z_a-z]*?)()|select.*?case|from.*?limit|order[sv]by|exists[sv](?:[sv]select|s(?:elect[^sv](?:if(?:null)?[sv](|top|concat)|ystem[sv]()|bhavingb[sv]+[0-9]{1,10}|'[^=]{1,10}')" }, { "category": "SQLI", - "pattern": "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[" + "pattern": "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[\"'][^=]{1,10}[\"'])[sv]?[<->]+|[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|xorb[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|'[sv]+x?or[sv]+.{1,20}[!+-<->]" }, { "category": "SQLI", - "pattern": "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[" + "pattern": "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[\"'][^=]{1,10}[\"']) ?[<->]+)" }, { "category": "SQLI", @@ -1625,19 +1621,7 @@ }, { "category": "SQLI", - "pattern": "!ARGS:foo" - }, - { - "category": "SQLI", - "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;" - }, - { - "category": "SQLI", - "pattern": "@rx [a-zA-Z0-9_-]{61,61}" - }, - { - "category": "SQLI", - "pattern": "@rx [a-zA-Z0-9_-]{91,91}" + "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>][^~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>]*?){12})" }, { "category": "SQLI", @@ -1657,11 +1641,11 @@ }, { "category": "SQLI", - "pattern": "@rx (?i)[" + "pattern": "@rx (?i)[\"'`][sv]*?(?:(?:is[sv]+not|not[sv]+(?:like|glob|(?:betwee|i)n|null|regexp|match)|mod|div|sounds[sv]+like)b|[%-&*-+-/<->^|])" }, { "category": "SQLI", - "pattern": "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^" + "pattern": "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^\"]*?(?:\"[^\"]*?\"[^\"]*?)*?\"|[^`]*?(?:`[^`]*?`[^`]*?)*?`)[sv]*([0-9A-Z_a-z]+)b" }, { "category": "SQLI", @@ -1669,7 +1653,7 @@ }, { "category": "SQLI", - "pattern": "@rx ^.*?x5c['" + "pattern": "@rx ^.*?x5c['\"`](?:.*?['\"`])?s*(?:and|or)b" }, { "category": "SQLI", @@ -1697,19 +1681,15 @@ }, { "category": "SQLI", - "pattern": "@rx [" + "pattern": "@rx [\"'`][sd]*?[^ws]W*?dW*?.*?[\"'`d]" }, { "category": "SQLI", - "pattern": "!REQUEST_COOKIES:foo_id" + "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>][^~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>]*?){8})" }, { "category": "SQLI", - "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;" - }, - { - "category": "SQLI", - "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;" + "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>][^~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>]*?){6})" }, { "category": "SQLI", @@ -1733,11 +1713,11 @@ }, { "category": "SQLI", - "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;" + "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>][^~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>]*?){3})" }, { "category": "SQLI", - "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;" + "pattern": "@rx ((?:[~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>][^~!@#$%^&*()-+={}[]|:;\"'\u00b4\u2019\u2018`<>]*?){2})" }, { "category": "FIXATION", @@ -2353,7 +2333,7 @@ }, { "category": "SHELLS", - "pattern": "@rx ^nn
nn
Input command :
n
" }, { "category": "SHELLS", @@ -2365,7 +2345,7 @@ }, { "category": "SHELLS", - "pattern": "@rx ^rnrnrnrnrnPhpSpy Ver [0-9]+" }, { "category": "SHELLS", @@ -2401,7 +2381,7 @@ }, { "category": "SHELLS", - "pattern": "@contains

webadmin.php

" }, { "category": "SHELLS", diff --git a/waf_patterns/apache/attack.conf b/waf_patterns/apache/attack.conf index 4d82107..19abb27 100644 --- a/waf_patterns/apache/attack.conf +++ b/waf_patterns/apache/attack.conf @@ -28,7 +28,7 @@ SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'attack att SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" SecRule REQUEST_URI "@rx [" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" SecRule REQUEST_URI "!@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" -SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" +SecRule REQUEST_URI "!@within |%{tx.allowed_request_content_type_charset}|" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" SecRule REQUEST_URI "@rx ^content-types*:s*(.*)$" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" -SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" +SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" SecRule REQUEST_URI "@rx content-transfer-encoding:(.*)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'" diff --git a/waf_patterns/apache/bots.conf b/waf_patterns/apache/bots.conf index 01e5f63..1e93c23 100644 --- a/waf_patterns/apache/bots.conf +++ b/waf_patterns/apache/bots.conf @@ -1,671 +1,3848 @@ -# Apache ModSecurity - Bad Bot Blocker SecRuleEngine On -SecRule REQUEST_HEADERS:User-Agent "@contains 01h4x.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains 360Spider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains 404checker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains 404enemy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains 80legs" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ADmantX" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AIBOT" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ALittle\ Client" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ASPSeek" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Abonti" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Aboundex" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Aboundexbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Acunetix" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AdsTxtCrawlerTP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AfD-Verbotsverfahren" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AhrefsBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AiHitBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Aipbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Alexibot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AllSubmitter" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Alligator" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AlphaBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Anarchie" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Anarchy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Anarchy99" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Ankit" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Anthill" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Apexoo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Aspiegel" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Asterias" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Atomseobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Attach" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AwarioBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AwarioRssBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains AwarioSmartBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BBBike" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BDCbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BDFetch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BLEXBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BackDoorBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BackStreet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BackWeb" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Backlink-Ceck" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BacklinkCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BacklinksExtendedBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Badass" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Bandit" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Barkrowler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BatchFTP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Battleztar\ Bazinga" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BetaBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Bigfoot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Bitacle" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BlackWidow" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Black\ Hole" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Blackboard" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Blow" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BlowFish" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Boardreader" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Bolt" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BotALot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Brandprotect" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Brandwatch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Buck" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Buddy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BuiltBotTough" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BuiltWith" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Bullseye" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BunnySlippers" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains BuzzSumo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Bytespider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CATExplorador" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CCBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CODE87" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CSHttp" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Calculon" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CazoodleBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Cegbfeieh" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CensysInspect" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ChatGPT-User" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CheTeam" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CheeseBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CherryPicker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ChinaClaw" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Chlooe" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Citoid" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Claritybot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ClaudeBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Cliqzbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Cloud\ mapping" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Cocolyzebot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Cogentbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Collector" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Copier" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CopyRightCheck" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Copyscape" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Cosmos" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Craftbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Crawling\ at\ Home\ Project" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CrazyWebCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Crescent" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CrunchBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Curious" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Custo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains CyotekWebCopy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DBLBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DIIbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DSearch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DTS\ Agent" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DataCha0s" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DatabaseDriverMysqli" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Demon" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Deusu" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Devil" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Digincore" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DigitalPebble" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Dirbuster" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Disco" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Discobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Discoverybot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Dispatch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DittoSpyder" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DnBCrawler-Analytics" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DnyzBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DomCopBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DomainAppender" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DomainCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DomainSigmaCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains DomainStatsBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Domains\ Project" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Dotbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Download\ Wonder" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Dragonfly" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Drip" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ECCP/1.0" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains EMail\ Siphon" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains EMail\ Wolf" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains EasyDL" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Ebingbong" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Ecxi" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains EirGrabber" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains EroCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Evil" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Exabot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Express\ WebPictures" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ExtLinksBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Extractor" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ExtractorPro" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Extreme\ Picture\ Finder" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains EyeNetIE" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Ezooms" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains FDM" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains FHscan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains FacebookBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains FemtosearchBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Fimap" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Firefox/7.0" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains FlashGet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Flunky" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Foobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Freeuploader" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains FrontPage" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Fuzz" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains FyberSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Fyrebot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains G-i-g-a-b-o-t" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GPTBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GT::WWW" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GalaxyBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Genieo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GermCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GetRight" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GetWeb" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Getintent" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Gigabot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Go!Zilla" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Go-Ahead-Got-It" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GoZilla" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Gotit" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GrabNet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Grabber" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Grafula" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GrapeFX" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GrapeshotCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains GridBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HEADMasterSEO" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HMView" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HTMLparser" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HTTP::Lite" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HTTrack" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Haansoft" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HaosouSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Harvest" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Havij" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Heritrix" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Hloader" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HonoluluBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Humanlinks" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains HybridBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains IDBTE4M" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains IDBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains IRLbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Iblog" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Id-search" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains IlseBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Image\ Fetch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Image\ Sucker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ImagesiftBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains IndeedBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Indy\ Library" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains InfoNaviRobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains InfoTekies" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Information\ Security\ Team\ InfraSec\ Scanner" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains InfraSec\ Scanner" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Intelliseek" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains InterGET" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains InternetMeasurement" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains InternetSeer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Internet\ Ninja" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Iria" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Iskanie" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains IstellaBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains JOC\ Web\ Spider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains JamesBOT" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Jbrofuzz" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains JennyBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains JetCar" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Jetty" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains JikeSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Joomla" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Jorgee" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains JustView" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Jyxobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Kenjin\ Spider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Keybot\ Translation-Search-Machine" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Keyword\ Density" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Kinza" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Kozmosbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LNSpiderguy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LWP::Simple" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Lanshanbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Larbin" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Leap" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LeechFTP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LeechGet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LexiBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Lftp" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LibWeb" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Libwhisker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LieBaoFast" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Lightspeedsystems" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Likse" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinkScan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinkWalker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Linkbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinkextractorPro" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinkpadBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinksManager" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinqiaMetadataDownloaderBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinqiaRSSBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains LinqiaScrapeBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Lipperhey" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Lipperhey\ Spider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Litemage_walker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Lmspider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Ltx71" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MFC_Tear_Sample" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MIDown\ tool" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MIIxpc" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MJ12bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MQQBrowser" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MSFrontPage" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MSIECrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MTRobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mag-Net" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Magnet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mail.RU_Bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Majestic-SEO" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Majestic12" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Majestic\ SEO" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MarkMonitor" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MarkWatch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mass\ Downloader" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Masscan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mata\ Hari" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MauiBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mb2345Browser" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MeanPath\ Bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Meanpathbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mediatoolkitbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MegaIndex.ru" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Metauri" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MicroMessenger" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Microsoft\ Data\ Access" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Microsoft\ URL\ Control" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Minefield" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mister\ PiX" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Moblie\ Safari" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mojeek" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mojolicious" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains MolokaiBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Morfeus\ Fucking\ Scanner" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mozlila" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Mr.4x3" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Msrabot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Musobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NICErsPRO" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NPbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Name\ Intelligence" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nameprotect" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Navroad" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NearSite" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Needle" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nessus" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NetAnts" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NetLyzer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NetMechanic" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NetSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NetZIP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Net\ Vampire" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Netcraft" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nettrack" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Netvibes" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NextGenSearchBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nibbler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Niki-bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nikto" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains NimbleCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nimbostratus" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Ninja" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nmap" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nuclei" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Nutch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Octopus" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Offline\ Explorer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Offline\ Navigator" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains OnCrawl" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains OpenLinkProfiler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains OpenVAS" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Openfind" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Openvas" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains OrangeBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains OrangeSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains OutclicksBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains OutfoxBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PECL::HTTP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PHPCrawl" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains POE-Component-Client-HTTP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PageAnalyzer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PageGrabber" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PageScorer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PageThing.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Page\ Analyzer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pandalytics" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Panscient" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Papa\ Foto" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pavuk" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PeoplePal" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Petalbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pi-Monster" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Picscout" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Picsearch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PictureFinder" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Piepmatz" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pimonster" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pixray" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PleaseCrawl" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pockey" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ProPowerBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ProWebWalker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Probethenet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Proximic" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Psbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pu_iN" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Pump" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PxBroker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains PyCurl" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains QueryN\ Metasearch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Quick-Crawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RSSingBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Rainbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RankActive" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RankActiveLinkBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RankFlex" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RankingBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RankingBot2" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Rankivabot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RankurBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Re-re" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ReGet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RealDownload" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Reaper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RebelMouse" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Recorder" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RedesScrapy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RepoMonkey" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Ripper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains RocketCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Rogerbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SBIder" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SEOkicks" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SEOkicks-Robot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SEOlyt" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SEOlyticsCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SEOprofiler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SEOstats" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SISTRIX" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SMTBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SalesIntelligent" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ScanAlert" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Scanbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ScoutJet" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Scrapy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Screaming" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ScreenerBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ScrepyBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Searchestate" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SearchmetricsBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Seekport" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SeekportBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SemanticJuice" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Semrush" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SemrushBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SentiBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SenutoBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SeoCherryBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SeoSiteCheckup" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SeobilityBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Seomoz" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Shodan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Siphon" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SiteCheckerBotCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SiteExplorer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SiteLockSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SiteSnagger" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SiteSucker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Site\ Sucker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sitebeam" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Siteimprove" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sitevigil" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SlySearch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SmartDownload" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Snake" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Snapbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Snoopy" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SocialRankIOBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sociscraper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sogou\ web\ spider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sosospider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sottopop" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SpaceBison" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Spammen" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SpankBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Spanner" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Spbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Spider_Bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Spider_Bot/3.0" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Spinn3r" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SputnikBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sqlmap" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sqlworm" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sqworm" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Steeler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Stripper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sucker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Sucuri" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SuperBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SuperHTTP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Surfbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains SurveyBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Suzuran" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Swiftbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Szukacz" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains T0PHackTeam" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains T8Abot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Teleport" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains TeleportPro" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Telesoft" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Telesphoreo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Telesphorep" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains TheNomad" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains The\ Intraformant" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Thumbor" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains TightTwatBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains TinyTestBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Titan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Toata" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Toweyabot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Tracemyfile" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Trendiction" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Trendictionbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains True_Robot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Turingos" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Turnitin" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains TurnitinBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains TwengaBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Twice" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Typhoeus" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains URLy.Warning" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains URLy\ Warning" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains UnisterBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Upflow" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains V-BOT" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains VB\ Project" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains VCI" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Vacuum" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Vagabondo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains VelenPublicWebCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains VeriCiteCrawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains VidibleScraper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Virusdie" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains VoidEYE" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Voil" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Voltron" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WASALive-Bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WBSearchBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WEBDAV" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WISENutbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WPScan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WWW-Collector-E" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WWW-Mechanize" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WWW::Mechanize" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WWWOFFLE" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Wallpapers" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Wallpapers/3.0" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WallpapersHD" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WeSEE" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebAuto" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebBandit" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebCollage" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebCopier" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebEnhancer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebFetch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebFuck" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebGo\ IS" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebImageCollector" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebLeacher" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebPix" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebReaper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebSauger" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebStripper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebSucker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebWhacker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebZIP" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Auto" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Collage" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Enhancer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Fetch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Fuck" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Pix" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Sauger" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Web\ Sucker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Webalta" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebmasterWorldForumBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Webshag" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebsiteExtractor" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WebsiteQuester" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Website\ Quester" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Webster" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Whack" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Whacker" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Whatweb" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Who.is\ Bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Widow" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WinHTTrack" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains WiseGuys\ Robot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Wonderbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Woobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Wotbox" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Wprecon" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Xaldon\ WebSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Xaldon_WebSpider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Xenu" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains YaK" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains YoudaoBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Zade" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Zauba" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Zermelo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Zeus" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains Zitebot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ZmEu" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ZoomBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ZoominfoBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ZumBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ZyBorg" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains adscanner" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains anthropic-ai" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains archive.org_bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains arquivo-web-crawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains arquivo.pt" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains autoemailspider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains awario.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains backlink-check" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains cah.io.community" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains check1.exe" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains clark-crawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains coccocbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains cognitiveseo" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains cohere-ai" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains com.plumanalytics" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains crawl.sogou.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains crawler.feedback" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains crawler4j" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains dataforseo.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains dataforseobot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains demandbase-bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains domainsproject.org" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains eCatch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains evc-batch" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains everyfeed-spider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains facebookscraper" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains gopher" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains heritrix" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains imagesift.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains instabid" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains internetVista\ monitor" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ips-agent" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains isitwp.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains iubenda-radar" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains linkdexbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains linkfluence" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains lwp-request" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains lwp-trivial" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains magpie-crawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains meanpathbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains mediawords" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains muhstik-scan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains netEstate\ NE\ Crawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains oBot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains omgili" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains openai" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains openai.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains page\ scorer" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains pcBrowser" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains plumanalytics" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains polaris\ version" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains probe-image-size" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ripz" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains s1z.ru" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains satoristudio.net" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains scalaj-http" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains scan.lol" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains seobility" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains seocompany.store" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains seoscanners" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains seostar" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains serpstatbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains sexsearcher" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains sitechecker.pro" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains siteripz" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains sogouspider" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains sp_auditbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains spyfu" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains sysscan" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains tAkeOut" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains trendiction.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains trendiction.de" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains ubermetrics-technologies.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains voyagerx.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains webgains-bot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains webmeup-crawler" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains webpros.com" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains webprosbot" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains x09Mozilla" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains x22Mozilla" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains xpymep1.exe" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains zauba.io" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:User-Agent "@contains zgrab" "id:3000,phase:1,deny,status:403,log,msg:'Bad Bot Blocked'" -SecRule REQUEST_HEADERS:X-Evil-Bit "@streq 1" "id:3001,phase:1,deny,status:403,log,msg:'Evil Bit Blocked'" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

Wow! This is one *huge* list. You could’ve charged people just for viewing this post and I’m sure most of us wouldn’t mind forking out some money just to take a peek at this ;)

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

That list is to huge! lol, I tried to find the fake ones but then I looked at the list!

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

Lol, now I get it. There’s 3 *fake* user-agents in the list. Is it…”dumb”, “fuck” & “human”?

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

@Lisa: I hope you don’t mean that I could have charged people to view the blacklist in like a “freakshow” kind of way. Like, “step right up and take a peek at the world’s most hideously long HTAccess Blacklist!” Weird carnival music playing in dark tents and that sort of thing..

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

@ Lisa
" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

hm…

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

@Andrew: Nope, those strings address names of “real” user agents, believe it or not.. :)

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

That list is insane!!!

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

I think looking at all of this it harks back to Louis earlier idea of a whitelist;

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

Hi, I think this is fantastic. I have one issue, my server gives a 500 error and the log shows :

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

Well, I got it working, needed to fix a few things and break it over two lines, here are the results, let me know if this will still work as I dont really know htaccess code that well:

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

Hi,

" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • About Perishable Press
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Perishable Press Archives
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Contact Perishable Press
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Welcome to Dungeon!
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Online Dev Tools
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Digging Into WordPress (eBook)
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • .htaccess made easy
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Wizard’s SQL Recipes (eBook)
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • WordPress on shared hosting (video tutorials)
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • BBQ Pro
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Blackhole Pro
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • USP Pro
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Code Snippets
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • The Tao of WordPress (eBook)
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Develop WordPress themes (eBook)
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains • 75 comments" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains © 2004–2024 Perishable Press • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Main Menu" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Yes Theme by " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Monzilla Media • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 6:29 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 6:35 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 6:53 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 7:51 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 8:56 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 9:19 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 10:00 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/30 8:30 pm " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/03/31 2:25 pm " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/04/04 4:14 am " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/04/04 3:16 pm " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains 2009/04/04 7:27 pm " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains RSS • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Policy • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Sitemap • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains John 3:16" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Around the site
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Favorite projects
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    WordPress help
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Banhammer" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains BBQ Pro: Block Bad Queries" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Simple Ajax Chat Pro" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Search
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Books
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Plugins
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Twitter
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • YouTube
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • LinkedIn
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Tumblr
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Facebook
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Instagram
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • WordPress
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains • Post Author " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
      " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Built w/ shapeSpace • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains BBQ Pro: The fastest firewall to protect your WordPress." "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains SAC Pro: Unlimited chats." "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Banhammer: Protect your WordPress site against threats." "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Find me on the social medias
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Jeff Starr " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Andrew " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains B. Moore " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Donace | The Nexus " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Jonathan Ellse " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Lisa " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains eezz " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
      " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
        " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Related Posts
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Perishable Press
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Web Dev + WordPress + Security
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .children { padding: 0; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-field label, .comment-field input, .comment-field textarea, .comment .comment-field textarea { display: block; width: 100%; text-align: left; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comments-closed img { display: none; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .form-submit .submit { margin: 0; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • more »
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • more »
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • CSS
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • .htaccess
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • HTML
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • JavaScript
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • PHP
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • Security
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • SEO
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • WordPress
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • apache
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • blacklist
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • code
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • design
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • hacks
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • links
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • markup
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • mod_rewrite
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • optimization
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • plugins
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • server
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • spam
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • tutorials
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • ux
    • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Here you will find posts about web development, WordPress, security, and more »" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains Updated " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .cancel-reply a { font-size: 11px; font-weight: normal; text-decoration: none; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .children { list-style: none; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment .avatar { display: block; width: 50px; height: 50px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment .cancel-reply { display: inline-block; padding: 0 0 0 10px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment .comment-policy, .cancel-reply { display: none; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment { margin: 20px 0; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-avatar { float: left; width: 60px; height: 60px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-content { float: right; line-height: 1.5; width: calc(100% - 70px); }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-feed { padding: 0 0 0 30px; background-image: url(/wp/wp-content/themes/yes/img/feed.png); background-repeat: no-repeat; background-position: left center; background-size: 20px 20px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-field input { box-sizing: border-box; width: 300px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-field label { box-sizing: border-box; width: 90px; text-align: right; font-size: 11px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-field textarea { box-sizing: border-box; width: calc(100% - 100px); height: 120px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-field { margin: 5px 0; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-info a, .comment-info a:hover { color: #999; text-decoration: none; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-info { padding: 0 0 0 10px; font-size: 11px; color: #999; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-moderation { font-style: italic; color: #669966; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comment-policy { margin: 0 0 30px 0; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comments h2 { line-height: initial; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comments pre, .comments blockquote { margin: 20px 0; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comments-closed img, .comments-closed span { display: inline-block; margin: 0 3px 0 0; vertical-align: middle; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comments-closed span { padding: 3px 0 0 0; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comments-closed { margin: 40px 0; text-align: center; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .comments-list { margin: 40px 0; padding: 0; list-style: none; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains .form-submit .submit { margin: 0 0 0 90px; }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    ♦ Posted by in .htaccess, Security
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Newsletter
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Perishable Press Newsletter
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Thoughts
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Topics
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Welcome
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Get news, updates, deals & tips via email.
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Email kept private. Easy unsubscribe anytime.
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Your email will remain private. Easy unsubscribe anytime.
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    I disabled AI in Google search results. It was making me lazy.
    Went out walking today and soaked up some sunshine. It felt good.
    I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
    Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
    All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
    99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
    RIP ICQ
    + More thoughts »
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots | Perishable Press" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains @media (max-width: 570px) {" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains }" "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    About the Author
    Jeff Starr = Creative thinker. Passionate about free and open Web.
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    1237
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    ← Next Post
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Previous Post →
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    apache blacklist firewall mod_rewrite nG spam tips tricks websites
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    Comments are closed for this post. Something to add? Let me know.
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

    4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots

    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

    75 responses to “4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots”

    " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
  • " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains
      " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains

      [ Image: Inverted Eclipse ] As discussed in my recent article, Eight Ways to Blacklist with Apache’s mod_rewrite, one method of stopping spammers, scrapers, email harvesters, and malicious bots is to blacklist their associated user agents. Apache enables us to target bad user agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any bot identifying itself as one of the blacklisted agents is immediately and quietly denied access. While this certainly isn’t the most effective method of securing your site against malicious behavior, it may certainly provide another layer of protection.

      " "id:3000,phase:1,deny,status:403" +SecRule REQUEST_HEADERS:User-Agent "@contains * + header User-Agent * * + header User-Agent *
      About the Author
      Jeff Starr = Creative thinker. Passionate about free and open Web.
      * + header User-Agent *
      * + header User-Agent *
      * + header User-Agent *
      * + header User-Agent *
      1237
      * + header User-Agent *
      ← Next Post
      * + header User-Agent *
      Previous Post →
      * + header User-Agent *
      * + header User-Agent *
      apache blacklist firewall mod_rewrite nG spam tips tricks websites
      * + header User-Agent *
      * + header User-Agent *
      * + header User-Agent *
      * + header User-Agent *
      * + header User-Agent *
      * + header User-Agent *
      * + header User-Agent *
      Comments are closed for this post. Something to add? Let me know.
      * + header User-Agent *
      * + header User-Agent * * + header User-Agent *

      4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots

      * + header User-Agent *

      75 responses to “4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots”

      * + header User-Agent * * + header User-Agent * * + header User-Agent *
    1. * + header User-Agent *
    2. * + header User-Agent *
    3. * + header User-Agent *
    4. * + header User-Agent *
    5. * + header User-Agent *
    6. * + header User-Agent *
    7. * + header User-Agent *
    8. * + header User-Agent *
    9. * + header User-Agent *
    10. * + header User-Agent *
    11. * + header User-Agent *
    12. * + header User-Agent *
        * + header User-Agent *

        [ Image: Inverted Eclipse ] As discussed in my recent article, Eight Ways to Blacklist with Apache’s mod_rewrite, one method of stopping spammers, scrapers, email harvesters, and malicious bots is to blacklist their associated user agents. Apache enables us to target bad user agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any bot identifying itself as one of the blacklisted agents is immediately and quietly denied access. While this certainly isn’t the most effective method of securing your site against malicious behavior, it may certainly provide another layer of protection.

        * + header User-Agent * +acl bad_bot hdr_sub(User-Agent) -i +acl bad_bot hdr_sub(User-Agent) -i
        About the Author
        Jeff Starr = Creative thinker. Passionate about free and open Web.
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        1237
        +acl bad_bot hdr_sub(User-Agent) -i
        ← Next Post
        +acl bad_bot hdr_sub(User-Agent) -i
        Previous Post →
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        apache blacklist firewall mod_rewrite nG spam tips tricks websites
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i
        Comments are closed for this post. Something to add? Let me know.
        +acl bad_bot hdr_sub(User-Agent) -i
        +acl bad_bot hdr_sub(User-Agent) -i +acl bad_bot hdr_sub(User-Agent) -i

        4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots

        +acl bad_bot hdr_sub(User-Agent) -i

        75 responses to “4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots”

        +acl bad_bot hdr_sub(User-Agent) -i +acl bad_bot hdr_sub(User-Agent) -i +acl bad_bot hdr_sub(User-Agent) -i
      1. +acl bad_bot hdr_sub(User-Agent) -i
      2. +acl bad_bot hdr_sub(User-Agent) -i
      3. +acl bad_bot hdr_sub(User-Agent) -i
      4. +acl bad_bot hdr_sub(User-Agent) -i
      5. +acl bad_bot hdr_sub(User-Agent) -i
      6. +acl bad_bot hdr_sub(User-Agent) -i
      7. +acl bad_bot hdr_sub(User-Agent) -i
      8. +acl bad_bot hdr_sub(User-Agent) -i
      9. +acl bad_bot hdr_sub(User-Agent) -i
      10. +acl bad_bot hdr_sub(User-Agent) -i
      11. +acl bad_bot hdr_sub(User-Agent) -i
      12. +acl bad_bot hdr_sub(User-Agent) -i
          +acl bad_bot hdr_sub(User-Agent) -i

          [ Image: Inverted Eclipse ] As discussed in my recent article, Eight Ways to Blacklist with Apache’s mod_rewrite, one method of stopping spammers, scrapers, email harvesters, and malicious bots is to blacklist their associated user agents. Apache enables us to target bad user agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any bot identifying itself as one of the blacklisted agents is immediately and quietly denied access. While this certainly isn’t the most effective method of securing your site against malicious behavior, it may certainly provide another layer of protection.

          +acl bad_bot hdr_sub(User-Agent) -i " 1; + "~* " 1; + "~*
          About the Author
          Jeff Starr = Creative thinker. Passionate about free and open Web.
          " 1; + "~*
          " 1; + "~*
          " 1; + "~*
          " 1; + "~*
          1237
          " 1; + "~*
          ← Next Post
          " 1; + "~*
          Previous Post →
          " 1; + "~*
          " 1; + "~*
          apache blacklist firewall mod_rewrite nG spam tips tricks websites
          " 1; + "~*
          " 1; + "~*
          " 1; + "~*
          " 1; + "~*
          " 1; + "~*
          " 1; + "~*
          " 1; + "~*
          Comments are closed for this post. Something to add? Let me know.
          " 1; + "~*
          " 1; + "~* " 1; + "~*

          4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots

          " 1; + "~*

          75 responses to “4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots”

          " 1; + "~* " 1; + "~* " 1; + "~*
        1. " 1; + "~*
        2. " 1; + "~*
        3. " 1; + "~*
        4. " 1; + "~*
        5. " 1; + "~*
        6. " 1; + "~*
        7. " 1; + "~*
        8. " 1; + "~*
        9. " 1; + "~*
        10. " 1; + "~*
        11. " 1; + "~*
        12. " 1; + "~*
            " 1; + "~*

            [ Image: Inverted Eclipse ] As discussed in my recent article, Eight Ways to Blacklist with Apache’s mod_rewrite, one method of stopping spammers, scrapers, email harvesters, and malicious bots is to blacklist their associated user agents. Apache enables us to target bad user agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any bot identifying itself as one of the blacklisted agents is immediately and quietly denied access. While this certainly isn’t the most effective method of securing your site against malicious behavior, it may certainly provide another layer of protection.

            " 1; + "~* ", + " ", + "
            About the Author
            Jeff Starr = Creative thinker. Passionate about free and open Web.
            ", + "
            ", + "
            ", + "
            ", + "
            1237
            ", + "
            ← Next Post
            ", + "
            Previous Post →
            ", + "
            ", + "
            apache blacklist firewall mod_rewrite nG spam tips tricks websites
            ", + "
            ", + "
            ", + "
            ", + "
            ", + "
            ", + "
            ", + "
            Comments are closed for this post. Something to add? Let me know.
            ", + "
            ", + " ", + "

            4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots

            ", + "

            75 responses to “4G Series: The Ultimate User-Agent Blacklist, Featuring Over 1200 Bad Bots”

            ", + " ", + " ", + "
          1. ", + "
          2. ", + "
          3. ", + "
          4. ", + "
          5. ", + "
          6. ", + "
          7. ", + "
          8. ", + "
          9. ", + "
          10. ", + "
          11. ", + "
          12. ", + "
              ", + "

              [ Image: Inverted Eclipse ] As discussed in my recent article, Eight Ways to Blacklist with Apache’s mod_rewrite, one method of stopping spammers, scrapers, email harvesters, and malicious bots is to blacklist their associated user agents. Apache enables us to target bad user agents by testing the user-agent string against a predefined blacklist of unwanted visitors. Any bot identifying itself as one of the blacklisted agents is immediately and quietly denied access. While this certainly isn’t the most effective method of securing your site against malicious behavior, it may certainly provide another layer of protection.

              ", + "