Update: [Mon Feb 3 00:26:12 UTC 2025]

2025-12-29 16:15:12 +00:00 · 2025-02-03 00:26:12 +00:00
parent b3d0e38516
commit 4e0dfb87e1
24 changed files with 2387 additions and 2387 deletions
--- a/waf_patterns/apache/iis.conf
+++ b/waf_patterns/apache/iis.conf
@@ -1,7 +1,7 @@
 # Apache ModSecurity rules for IIS
 SecRuleEngine On

-SecRule REQUEST_URI "bServer\ Error\ in\.\{0,50\}\?bApplicationb" "id:1232,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "\[a\-z\]:x5cinetpubb" "id:1229,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "!@rx\ \^404\$" "id:1231,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "\(\?:Microsoft\ OLE\ DB\ Provider\ for\ SQL\ Server\(\?:</font>\.\{1,20\}\?error\ '800\(\?:04005\|40e31\)'\.\{1,40\}\?Timeout\ expired\|\ \(0x80040e31\)<br>Timeout\ expired<br>\)\|<h1>internal\ server\ error</h1>\.\*\?<h2>part\ of\ the\ server\ has\ crashed\ or\ it\ has\ a\ configuration\ error\.</h2>\|cannot\ connect\ to\ the\ server:\ timed\ out\)" "id:1230,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "\[a\-z\]:x5cinetpubb" "id:1310,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "!@rx\ \^404\$" "id:1312,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "\(\?:Microsoft\ OLE\ DB\ Provider\ for\ SQL\ Server\(\?:</font>\.\{1,20\}\?error\ '800\(\?:04005\|40e31\)'\.\{1,40\}\?Timeout\ expired\|\ \(0x80040e31\)<br>Timeout\ expired<br>\)\|<h1>internal\ server\ error</h1>\.\*\?<h2>part\ of\ the\ server\ has\ crashed\ or\ it\ has\ a\ configuration\ error\.</h2>\|cannot\ connect\ to\ the\ server:\ timed\ out\)" "id:1311,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "bServer\ Error\ in\.\{0,50\}\?bApplicationb" "id:1313,phase:1,deny,status:403,log,msg:'iis attack detected'"