External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Tue Jan 7 18:00:52 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-07 18:00:52 +00:00
parent 565b0c59a6
commit 4c0631f8ff
41 changed files with 3230 additions and 6327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
waf_patterns/apache/enforcement.conf
View File

@@ -1,115 +1,82 @@
# Apache ModSecurity rules for ENFORCEMENT
SecRuleEngine On
SecRule REQUEST_URI "@lt 1" "id:1210,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1211,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_methods}" "id:1212,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1213,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1214,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1215,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1216,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1217,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1218,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1346,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1347,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$" "id:1348,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$" "id:1349,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^d+$" "id:1350,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1351,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0?$" "id:1352,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1353,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@eq 0" "id:1354,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" "id:1355,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@streq POST" "id:1356,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1357,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1358,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@eq 0" "id:1359,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@eq 0" "id:1360,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (d+)-(d+)" "id:1361,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt %{tx.1}" "id:1362,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b" "id:1363,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx x25" "id:1364,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1365,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)application/x-www-form-urlencoded" "id:1366,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx x25" "id:1367,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1368,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1369,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUtf8Encoding" "id:1370,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx %u[fF]{2}[0-9a-fA-F]{2}" "id:1371,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 1-255" "id:1372,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1373,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1374,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1375,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1376,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@pm AppleWebKit Android Business Enterprise Entreprise" "id:1377,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1378,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1379,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1380,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^$" "id:1381,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0$" "id:1382,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1383,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)" "id:1384,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1385,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.max_num_args}" "id:1386,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1387,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.arg_name_length}" "id:1388,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1389,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.arg_length}" "id:1390,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1391,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.total_arg_length}" "id:1392,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1393,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)multipart/form-data" "id:1394,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.max_file_size}" "id:1395,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 1" "id:1396,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt %{tx.combined_file_sizes}" "id:1397,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$" "id:1398,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^[^;s]+" "id:1399,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type}" "id:1400,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx charsets*=s*["']?([^;"'s]+)" "id:1401,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1402,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx charset.*?charset" "id:1403,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@within %{tx.allowed_http_versions}" "id:1404,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx .([^.]+)$" "id:1405,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_extensions}" "id:1406,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx .[^.~]+~(?:/.*|)$" "id:1407,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^.*$" "id:1408,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_headers_basic}" "id:1409,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt 50" "id:1410,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1411,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@streq JSON" "id:1412,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?i)x5cu[0-9a-f]{4}" "id:1413,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@contains #" "id:1414,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt 1" "id:1415,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1416,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1417,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1418,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@endsWith .pdf" "id:1419,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@endsWith .pdf" "id:1420,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}" "id:1421,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx %[0-9a-fA-F]{2}" "id:1422,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 9,10,13,32-126,128-255" "id:1423,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1424,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ['";=]" "id:1425,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^0$" "id:1426,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1427,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^.*$" "id:1428,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within %{tx.restricted_headers_extended}" "id:1429,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1430,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1431,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 32-36,38-126" "id:1432,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq 0" "id:1433,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:OPTIONS|CONNECT)$" "id:1434,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@pm AppleWebKit Android" "id:1435,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@ge 1" "id:1436,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^(?i)up" "id:1437,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt 0" "id:1438,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$" "id:1439,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)" "id:1440,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1441,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1442,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@endsWith .pdf" "id:1443,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1444,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122" "id:1445,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122" "id:1446,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx ^(?:?[01])?$" "id:1447,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]" "id:1448,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@pm\ AppleWebKit\ Android\ Business\ Enterprise\ Entreprise" "id:1024,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1020,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange\ 1\-255" "id:1019,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ %\{tx\.total_arg_length\}" "id:1039,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1032,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange\ 38,44\-46,48\-58,61,65\-90,95,97\-122" "id:1079,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\$" "id:1025,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ 50" "id:1053,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\.\(\[\^\.\]\+\)\$" "id:1048,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1013,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "charsets\*=s\*\["'\]\?\(\[\^;"'s\]\+\)" "id:1046,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1016,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ %\{tx\.max_file_size\}" "id:1041,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\(\?i\)x5cu\[0\-9a\-f\]\{4\}" "id:1055,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^\(\?:OPTIONS\|CONNECT\)\$" "id:1072,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^OPTIONS\$" "id:1026,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@streq\ JSON" "id:1054,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{63\}" "id:1061,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange\ 32,34,38,42\-59,61,65\-90,95,97\-122" "id:1080,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUrlEncoding" "id:1015,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ %\{tx\.arg_name_length\}" "id:1035,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^0\$" "id:1066,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@streq\ POST" "id:1007,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1008,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^0\$" "id:1029,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{6\}" "id:1058,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^\[w/\.\+\*\-\]\+\(\?:s\?;s\?\(\?:action\|boundary\|charset\|component\|start\(\?:\-info\)\?\|type\|version\)s\?=s\?\['"w\.\(\)\+,/:=\?<>@\#\*\-\]\+\)\*\$" "id:1044,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ 0" "id:1075,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ %\{tx\.max_num_args\}" "id:1033,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ %\{tx\.arg_length\}" "id:1037,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@endsWith\ \.pdf" "id:1059,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\(\?:\^\(\[d\.\]\+\|\[\[da\-f:\]\+\]\|\[da\-f:\]\+\)\(:\[d\]\+\)\?\$\)" "id:1031,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@pm\ AppleWebKit\ Android" "id:1073,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\$" "id:1022,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\.\[\^\.\~\]\+\~\(\?:/\.\*\|\)\$" "id:1050,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^\(\?:\(\?:max\-age=\[0\-9\]\+\|min\-fresh=\[0\-9\]\+\|no\-cache\|no\-store\|no\-transform\|only\-if\-cached\|max\-stale\(\?:=\[0\-9\]\+\)\?\)\(\?:s\*,s\*\|\$\)\)\{1,7\}\$" "id:1076,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^d\+\$" "id:1003,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange\ 9,10,13,32\-126,128\-255" "id:1063,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ 1" "id:1057,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "b\(\?:keep\-alive\|close\),s\?\(\?:keep\-alive\|close\)b" "id:1011,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@gt\ %\{tx\.combined_file_sizes\}" "id:1043,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "%u\[fF\]\{2\}\[0\-9a\-fA\-F\]\{2\}" "id:1018,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within\ %\{tx\.restricted_headers_extended\}" "id:1069,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^bytes=\(\?:\(\?:d\+\)\?\-\(\?:d\+\)\?s\*,\?s\*\)\{6\}" "id:1078,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@contains\ \#" "id:1056,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1034,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1074,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1067,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\(\?:\^\|\[\^x5c\]\)x5c\[cdeghijklmpqwxyz123456789\]" "id:1081,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1030,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within\ %\{tx\.restricted_extensions\}" "id:1049,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1036,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\.\*\$" "id:1068,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateByteRange\ 32\-36,38\-126" "id:1070,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@endsWith\ \.pdf" "id:1077,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\(\?:GET\|HEAD\)\$" "id:1004,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1038,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1071,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\[\^;s\]\+" "id:1045,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\['";=\]" "id:1065,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1064,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1009,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\(\?:GET\|HEAD\)\$" "id:1006,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1040,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^OPTIONS\$" "id:1023,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "x25" "id:1012,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@validateUtf8Encoding" "id:1017,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1042,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "x25" "id:1014,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "%\[0\-9a\-fA\-F\]\{2\}" "id:1062,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\(d\+\)\-\(d\+\)" "id:1010,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\$" "id:1028,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "!@rx\ \^0\?\$" "id:1005,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "charset\.\*\?charset" "id:1047,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\.\*\$" "id:1051,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@endsWith\ \.pdf" "id:1060,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@within\ %\{tx\.restricted_headers_basic\}" "id:1052,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "\^\$" "id:1021,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
SecRule REQUEST_URI "@eq\ 0" "id:1027,phase:1,deny,status:403,log,msg:'enforcement attack detected'"