External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Sun Jan 5 00:29:17 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-05 00:29:17 +00:00
parent d142c0ebaa
commit 399ee7d20c
23 changed files with 2976 additions and 2976 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
waf_patterns/apache/java.conf
View File

@@ -1,37 +1,37 @@
# Apache ModSecurity rules for JAVA
SecRuleEngine On
SecRule REQUEST_URI "@lt 1" "id:1232,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1233,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx java.lang.(?:runtime|processbuilder)" "id:1234,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1235,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:unmarshaller|base64data|java.)" "id:1236,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1237,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1238,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-classes.data" "id:1239,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx .*.(?:jsp|jspx).*$" "id:1240,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1241,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1242,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1243,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1244,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx xacxedx00x05" "id:1245,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:rO0ABQ|KztAAU|Cs7QAF)" "id:1246,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1247,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx javab.+(?:runtime|processbuilder)" "id:1248,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)" "id:1249,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1250,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1251,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)" "id:1252,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1253,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1254,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)" "id:1255,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1432,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1433,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-code-leakages.data" "id:1434,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-errors.data" "id:1435,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1436,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1437,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1438,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1439,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1440,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1441,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1097,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1098,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-code-leakages.data" "id:1099,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-errors.data" "id:1100,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1101,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1102,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1103,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1104,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1105,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1106,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1276,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1277,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx java.lang.(?:runtime|processbuilder)" "id:1278,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1279,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:unmarshaller|base64data|java.)" "id:1280,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1281,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1282,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@pmFromFile java-classes.data" "id:1283,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx .*.(?:jsp|jspx).*$" "id:1284,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1285,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1286,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1287,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1288,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx xacxedx00x05" "id:1289,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:rO0ABQ|KztAAU|Cs7QAF)" "id:1290,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1291,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx javab.+(?:runtime|processbuilder)" "id:1292,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)" "id:1293,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1294,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1295,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)" "id:1296,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1297,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1298,phase:1,deny,status:403,log,msg:'java attack detected'"
SecRule REQUEST_URI "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)" "id:1299,phase:1,deny,status:403,log,msg:'java attack detected'"