External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Tue Jan 7 18:00:52 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-07 18:00:52 +00:00
parent 565b0c59a6
commit 4c0631f8ff
41 changed files with 3230 additions and 6327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
waf_patterns/apache/iis.conf
View File

@@ -1,16 +1,7 @@
# Apache ModSecurity rules for IIS
SecRuleEngine On
SecRule REQUEST_URI "@lt 1" "id:1533,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1534,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx [a-z]:x5cinetpubb" "id:1535,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)" "id:1536,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@pmFromFile iis-errors.data" "id:1537,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "!@rx ^404$" "id:1538,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@rx bServer Error in.{0,50}?bApplicationb" "id:1539,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1540,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1541,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1542,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1543,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1544,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1545,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "bServer\ Error\ in\.\{0,50\}\?bApplicationb" "id:1346,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "!@rx\ \^404\$" "id:1345,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "\[a\-z\]:x5cinetpubb" "id:1343,phase:1,deny,status:403,log,msg:'iis attack detected'"
SecRule REQUEST_URI "\(\?:Microsoft\ OLE\ DB\ Provider\ for\ SQL\ Server\(\?:</font>\.\{1,20\}\?error\ '800\(\?:04005\|40e31\)'\.\{1,40\}\?Timeout\ expired\|\ \(0x80040e31\)<br>Timeout\ expired<br>\)\|<h1>internal\ server\ error</h1>\.\*\?<h2>part\ of\ the\ server\ has\ crashed\ or\ it\ has\ a\ configuration\ error\.</h2>\|cannot\ connect\ to\ the\ server:\ timed\ out\)" "id:1344,phase:1,deny,status:403,log,msg:'iis attack detected'"