External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Jan 5 00:29:17 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-05 00:29:17 +00:00
parent d142c0ebaa
commit 399ee7d20c
23 changed files with 2976 additions and 2976 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
waf_patterns/apache/iis.conf
View File

@@ -1,16 +1,16 @@
# Apache ModSecurity rules for IIS
SecRuleEngine On
SecRule REQUEST_URI "@lt 1" "id:1614,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1615,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx [a-z]:x5cinetpubb" "id:1616,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)" "id:1617,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@pmFromFile iis-errors.data" "id:1618,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "!@rx ^404$" "id:1619,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx bServer Error in.{0,50}?bApplicationb" "id:1620,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1621,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1622,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1623,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1624,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1625,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1626,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1553,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1554,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx [a-z]:x5cinetpubb" "id:1555,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)" "id:1556,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@pmFromFile iis-errors.data" "id:1557,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "!@rx ^404$" "id:1558,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx bServer Error in.{0,50}?bApplicationb" "id:1559,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1560,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1561,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1562,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1563,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1564,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1565,phase:1,deny,status:403,log,msg:'iis attack detected'"