diff --git a/waf_patterns/apache/attack.conf b/waf_patterns/apache/attack.conf
index 19abb27..bc47775 100644
--- a/waf_patterns/apache/attack.conf
+++ b/waf_patterns/apache/attack.conf
@@ -1,34 +1,34 @@
 # Apache ModSecurity rules for ATTACK
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx (?:bhttp/d|<(?:html|meta)b)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [nr]" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [nr]" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [nr]" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx unix:[^|]*|" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [nr]" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@gt 0" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx ." "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@gt 1" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx TX:paramcounter_(.*)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx (][^]]+$|][^]]+[)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx [" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "!@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "!@within |%{tx.allowed_request_content_type_charset}|" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx ^content-types*:s*(.*)$" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
-SecRule REQUEST_URI "@rx content-transfer-encoding:(.*)" "id:1000,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1156,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1157,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d" "id:1158,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w" "id:1159,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx (?:bhttp/d|<(?:html|meta)b)" "id:1160,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx [nr]" "id:1161,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx [nr]" "id:1162,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:" "id:1163,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx [nr]" "id:1164,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)" "id:1165,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)" "id:1166,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx unix:[^|]*|" "id:1167,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1168,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1169,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx [nr]" "id:1170,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b" "id:1171,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1172,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1173,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@gt 0" "id:1174,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx ." "id:1175,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@gt 1" "id:1176,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx TX:paramcounter_(.*)" "id:1177,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx (][^]]+$|][^]]+[)" "id:1178,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1179,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1180,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx [" "id:1181,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "!@eq 0" "id:1182,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "!@within |%{tx.allowed_request_content_type_charset}|" "id:1183,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx ^content-types*:s*(.*)$" "id:1184,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1185,phase:1,deny,status:403,log,msg:'attack attack detected'"
+SecRule REQUEST_URI "@rx content-transfer-encoding:(.*)" "id:1186,phase:1,deny,status:403,log,msg:'attack attack detected'"
diff --git a/waf_patterns/apache/correlation.conf b/waf_patterns/apache/correlation.conf
index 4cee448..eead0f8 100644
--- a/waf_patterns/apache/correlation.conf
+++ b/waf_patterns/apache/correlation.conf
@@ -1,22 +1,22 @@
 # Apache ModSecurity rules for CORRELATION
 SecRuleEngine On
 
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@ge 5" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@gt 0" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1627,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@ge 5" "id:1628,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1629,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1630,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1631,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1632,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1633,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1634,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1635,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@gt 0" "id:1636,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1637,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1638,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1639,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1640,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1641,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1642,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1643,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1644,phase:1,deny,status:403,log,msg:'correlation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1645,phase:1,deny,status:403,log,msg:'correlation attack detected'"
diff --git a/waf_patterns/apache/detection.conf b/waf_patterns/apache/detection.conf
index 7b7074e..1108987 100644
--- a/waf_patterns/apache/detection.conf
+++ b/waf_patterns/apache/detection.conf
@@ -1,12 +1,12 @@
 # Apache ModSecurity rules for DETECTION
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@pmFromFile scanners-user-agents.data" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1044,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1045,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@pmFromFile scanners-user-agents.data" "id:1046,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1047,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1048,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1049,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1050,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1051,phase:1,deny,status:403,log,msg:'detection attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1052,phase:1,deny,status:403,log,msg:'detection attack detected'"
diff --git a/waf_patterns/apache/enforcement.conf b/waf_patterns/apache/enforcement.conf
index 938929d..8c6a54a 100644
--- a/waf_patterns/apache/enforcement.conf
+++ b/waf_patterns/apache/enforcement.conf
@@ -1,115 +1,115 @@
 # Apache ModSecurity rules for ENFORCEMENT
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@within %{tx.allowed_methods}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^d+$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^0?$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@streq POST" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx (d+)-(d+)" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt %{tx.1}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx x25" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateUrlEncoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^(?i)application/x-www-form-urlencoded" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx x25" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateUrlEncoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateUtf8Encoding" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx %u[fF]{2}[0-9a-fA-F]{2}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange 1-255" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@pm AppleWebKit Android Business Enterprise Entreprise" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^0$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt %{tx.max_num_args}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt %{tx.arg_name_length}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt %{tx.arg_length}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt %{tx.total_arg_length}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^(?i)multipart/form-data" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt %{tx.max_file_size}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt %{tx.combined_file_sizes}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^[^;s]+" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx charsets*=s*["']?([^;"'s]+)" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx charset.*?charset" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@within %{tx.allowed_http_versions}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx .([^.]+)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@within %{tx.restricted_extensions}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx .[^.~]+~(?:/.*|)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^.*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@within %{tx.restricted_headers_basic}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt 50" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@streq JSON" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx (?i)x5cu[0-9a-f]{4}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@contains #" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@endsWith .pdf" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@endsWith .pdf" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx %[0-9a-fA-F]{2}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange 9,10,13,32-126,128-255" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ['";=]" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^0$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^.*$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@within %{tx.restricted_headers_extended}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange 32-36,38-126" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^(?:OPTIONS|CONNECT)$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@pm AppleWebKit Android" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^(?i)up" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@gt 0" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@endsWith .pdf" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "!@rx ^(?:?[01])?$" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
-SecRule REQUEST_URI "@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]" "id:1000,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1035,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1036,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@within %{tx.allowed_methods}" "id:1037,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1038,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1039,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1040,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1041,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1042,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1043,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1053,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1054,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$" "id:1055,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$" "id:1056,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^d+$" "id:1057,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1058,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^0?$" "id:1059,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^(?:GET|HEAD)$" "id:1060,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@eq 0" "id:1061,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" "id:1062,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@streq POST" "id:1063,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1064,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1065,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@eq 0" "id:1066,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@eq 0" "id:1067,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx (d+)-(d+)" "id:1068,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt %{tx.1}" "id:1069,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b" "id:1070,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx x25" "id:1071,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateUrlEncoding" "id:1072,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^(?i)application/x-www-form-urlencoded" "id:1073,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx x25" "id:1074,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateUrlEncoding" "id:1075,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1076,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateUtf8Encoding" "id:1077,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx %u[fF]{2}[0-9a-fA-F]{2}" "id:1078,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange 1-255" "id:1079,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1080,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^$" "id:1081,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^$" "id:1082,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1083,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@pm AppleWebKit Android Business Enterprise Entreprise" "id:1084,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^$" "id:1085,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^OPTIONS$" "id:1086,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1087,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^$" "id:1088,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^0$" "id:1089,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1090,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)" "id:1091,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1092,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt %{tx.max_num_args}" "id:1093,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1094,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt %{tx.arg_name_length}" "id:1095,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1096,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt %{tx.arg_length}" "id:1097,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1098,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt %{tx.total_arg_length}" "id:1099,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1100,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^(?i)multipart/form-data" "id:1101,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt %{tx.max_file_size}" "id:1102,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1103,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt %{tx.combined_file_sizes}" "id:1104,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$" "id:1105,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^[^;s]+" "id:1106,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type}" "id:1107,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx charsets*=s*["']?([^;"'s]+)" "id:1108,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@within %{tx.allowed_request_content_type_charset}" "id:1109,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx charset.*?charset" "id:1110,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@within %{tx.allowed_http_versions}" "id:1111,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx .([^.]+)$" "id:1112,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@within %{tx.restricted_extensions}" "id:1113,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx .[^.~]+~(?:/.*|)$" "id:1114,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^.*$" "id:1115,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@within %{tx.restricted_headers_basic}" "id:1116,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt 50" "id:1117,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$" "id:1118,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@streq JSON" "id:1119,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx (?i)x5cu[0-9a-f]{4}" "id:1120,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@contains #" "id:1121,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt 1" "id:1122,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1123,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1124,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1125,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@endsWith .pdf" "id:1126,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@endsWith .pdf" "id:1127,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}" "id:1128,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx %[0-9a-fA-F]{2}" "id:1129,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange 9,10,13,32-126,128-255" "id:1130,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1131,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ['";=]" "id:1132,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^0$" "id:1133,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1134,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^.*$" "id:1135,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@within %{tx.restricted_headers_extended}" "id:1136,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1137,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1138,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange 32-36,38-126" "id:1139,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1140,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^(?:OPTIONS|CONNECT)$" "id:1141,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@pm AppleWebKit Android" "id:1142,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1143,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^(?i)up" "id:1144,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@gt 0" "id:1145,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$" "id:1146,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)" "id:1147,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1148,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1149,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@endsWith .pdf" "id:1150,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}" "id:1151,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122" "id:1152,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122" "id:1153,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "!@rx ^(?:?[01])?$" "id:1154,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
+SecRule REQUEST_URI "@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]" "id:1155,phase:1,deny,status:403,log,msg:'enforcement attack detected'"
diff --git a/waf_patterns/apache/evaluation.conf b/waf_patterns/apache/evaluation.conf
index a210434..06a2e4c 100644
--- a/waf_patterns/apache/evaluation.conf
+++ b/waf_patterns/apache/evaluation.conf
@@ -1,57 +1,57 @@
 # Apache ModSecurity rules for EVALUATION
 SecRuleEngine On
 
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1468,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1469,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1470,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1471,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1472,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1473,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1474,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1475,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1476,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1477,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1478,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1479,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1480,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1481,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1482,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1483,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1484,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1485,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.inbound_anomaly_score_threshold}" "id:1486,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1487,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1488,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1489,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1490,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1491,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1492,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1493,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1494,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1600,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1601,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1602,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1603,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1604,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1605,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1606,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1607,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1608,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 1" "id:1609,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1610,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 2" "id:1611,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1612,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 3" "id:1613,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1614,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge 4" "id:1615,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1616,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1617,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@ge %{tx.outbound_anomaly_score_threshold}" "id:1618,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1619,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1620,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1621,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1622,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1623,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1624,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1625,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1626,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
diff --git a/waf_patterns/apache/exceptions.conf b/waf_patterns/apache/exceptions.conf
index 5a4bc52..5976c2b 100644
--- a/waf_patterns/apache/exceptions.conf
+++ b/waf_patterns/apache/exceptions.conf
@@ -1,8 +1,8 @@
 # Apache ModSecurity rules for EXCEPTIONS
 SecRuleEngine On
 
-SecRule REQUEST_URI "@streq GET /" "id:1000,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
-SecRule REQUEST_URI "@ipMatch 127.0.0.1,::1" "id:1000,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
-SecRule REQUEST_URI "@ipMatch 127.0.0.1,::1" "id:1000,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
-SecRule REQUEST_URI "@endsWith (internal dummy connection)" "id:1000,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
-SecRule REQUEST_URI "@rx ^(?:GET /|OPTIONS *) HTTP/[12].[01]$" "id:1000,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
+SecRule REQUEST_URI "@streq GET /" "id:1030,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
+SecRule REQUEST_URI "@ipMatch 127.0.0.1,::1" "id:1031,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
+SecRule REQUEST_URI "@ipMatch 127.0.0.1,::1" "id:1032,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
+SecRule REQUEST_URI "@endsWith (internal dummy connection)" "id:1033,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
+SecRule REQUEST_URI "@rx ^(?:GET /|OPTIONS *) HTTP/[12].[01]$" "id:1034,phase:1,deny,status:403,log,msg:'exceptions attack detected'"
diff --git a/waf_patterns/apache/fixation.conf b/waf_patterns/apache/fixation.conf
index 13f7874..14ac959 100644
--- a/waf_patterns/apache/fixation.conf
+++ b/waf_patterns/apache/fixation.conf
@@ -1,17 +1,17 @@
 # Apache ModSecurity rules for FIXATION
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@rx ^(?:ht|f)tps?://(.*?)/" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "!@endsWith %{request_headers.host}" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1430,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1431,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)" "id:1432,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" "id:1433,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@rx ^(?:ht|f)tps?://(.*?)/" "id:1434,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "!@endsWith %{request_headers.host}" "id:1435,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" "id:1436,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1437,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1438,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1439,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1440,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1441,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1442,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1443,phase:1,deny,status:403,log,msg:'fixation attack detected'"
diff --git a/waf_patterns/apache/generic.conf b/waf_patterns/apache/generic.conf
index eceace3..d60f821 100644
--- a/waf_patterns/apache/generic.conf
+++ b/waf_patterns/apache/generic.conf
@@ -1,21 +1,21 @@
 # Apache ModSecurity rules for GENERIC
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)["'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[["'`](?:debug|error|info|trace|warn)["'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[["'`](?:(?:resolv|cach)e|main|extensions)["'`]])" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@pmFromFile ssrf.data" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx (?:__proto__|constructors*(?:.|[)s*prototype)" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx Process[sv]*.[sv]*spawn[sv]*(" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|"[^"]+"|'[^']+'|`[^`]+`)).*)" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx ^data:(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx [s*constructors*]" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@rx @{.*}" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1296,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1297,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)["'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[["'`](?:debug|error|info|trace|warn)["'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[["'`](?:(?:resolv|cach)e|main|extensions)["'`]])" "id:1298,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(" "id:1299,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@pmFromFile ssrf.data" "id:1300,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx (?:__proto__|constructors*(?:.|[)s*prototype)" "id:1301,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx Process[sv]*.[sv]*spawn[sv]*(" "id:1302,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|"[^"]+"|'[^']+'|`[^`]+`)).*)" "id:1303,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx ^data:(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*" "id:1304,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1305,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1306,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))" "id:1307,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx [s*constructors*]" "id:1308,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@rx @{.*}" "id:1309,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1310,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1311,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1312,phase:1,deny,status:403,log,msg:'generic attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1313,phase:1,deny,status:403,log,msg:'generic attack detected'"
diff --git a/waf_patterns/apache/iis.conf b/waf_patterns/apache/iis.conf
index 453e673..c5d5d45 100644
--- a/waf_patterns/apache/iis.conf
+++ b/waf_patterns/apache/iis.conf
@@ -1,16 +1,16 @@
 # Apache ModSecurity rules for IIS
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@rx [a-z]:x5cinetpubb" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@pmFromFile iis-errors.data" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "!@rx ^404$" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@rx bServer Error in.{0,50}?bApplicationb" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1553,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1554,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@rx [a-z]:x5cinetpubb" "id:1555,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)" "id:1556,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@pmFromFile iis-errors.data" "id:1557,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "!@rx ^404$" "id:1558,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@rx bServer Error in.{0,50}?bApplicationb" "id:1559,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1560,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1561,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1562,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1563,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1564,phase:1,deny,status:403,log,msg:'iis attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1565,phase:1,deny,status:403,log,msg:'iis attack detected'"
diff --git a/waf_patterns/apache/initialization.conf b/waf_patterns/apache/initialization.conf
index 97cde7d..46dd1e5 100644
--- a/waf_patterns/apache/initialization.conf
+++ b/waf_patterns/apache/initialization.conf
@@ -2,32 +2,32 @@
 SecRuleEngine On
 
 SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 0" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@rx ^.*$" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 1" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@eq 100" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@rx ^[a-f]*([0-9])[a-f]*([0-9])" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "!@lt %{tx.sampling_percentage}" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
-SecRule REQUEST_URI "@lt %{tx.blocking_paranoia_level}" "id:1000,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1001,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1002,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1003,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1004,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1005,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1006,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1007,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1008,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1009,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1010,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1011,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1012,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1013,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1014,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1015,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1016,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1017,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1018,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1019,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 0" "id:1020,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1021,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@rx ^.*$" "id:1022,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" "id:1023,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 1" "id:1024,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" "id:1025,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@eq 100" "id:1026,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@rx ^[a-f]*([0-9])[a-f]*([0-9])" "id:1027,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "!@lt %{tx.sampling_percentage}" "id:1028,phase:1,deny,status:403,log,msg:'initialization attack detected'"
+SecRule REQUEST_URI "@lt %{tx.blocking_paranoia_level}" "id:1029,phase:1,deny,status:403,log,msg:'initialization attack detected'"
diff --git a/waf_patterns/apache/java.conf b/waf_patterns/apache/java.conf
index ad70cdb..826bca1 100644
--- a/waf_patterns/apache/java.conf
+++ b/waf_patterns/apache/java.conf
@@ -1,37 +1,37 @@
 # Apache ModSecurity rules for JAVA
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx java.lang.(?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:unmarshaller|base64data|java.)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@pmFromFile java-classes.data" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx .*.(?:jsp|jspx).*$" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx xacxedx00x05" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:rO0ABQ|KztAAU|Cs7QAF)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx javab.+(?:runtime|processbuilder)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@pmFromFile java-code-leakages.data" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@pmFromFile java-errors.data" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1444,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1445,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx java.lang.(?:runtime|processbuilder)" "id:1446,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1447,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:unmarshaller|base64data|java.)" "id:1448,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1449,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:runtime|processbuilder)" "id:1450,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@pmFromFile java-classes.data" "id:1451,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx .*.(?:jsp|jspx).*$" "id:1452,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1453,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1454,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1455,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" "id:1456,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx xacxedx00x05" "id:1457,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:rO0ABQ|KztAAU|Cs7QAF)" "id:1458,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" "id:1459,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx javab.+(?:runtime|processbuilder)" "id:1460,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)" "id:1461,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1462,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1463,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)" "id:1464,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1465,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1466,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)" "id:1467,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1531,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1532,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@pmFromFile java-code-leakages.data" "id:1533,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@pmFromFile java-errors.data" "id:1534,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1535,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1536,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1537,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1538,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1539,phase:1,deny,status:403,log,msg:'java attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1540,phase:1,deny,status:403,log,msg:'java attack detected'"
diff --git a/waf_patterns/apache/leakages.conf b/waf_patterns/apache/leakages.conf
index 76458b8..e1f48c4 100644
--- a/waf_patterns/apache/leakages.conf
+++ b/waf_patterns/apache/leakages.conf
@@ -1,14 +1,14 @@
 # Apache ModSecurity rules for LEAKAGES
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@rx ^#!s?/" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@rx ^5d{2}$" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1495,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1496,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)" "id:1497,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@rx ^#!s?/" "id:1498,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1499,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1500,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@rx ^5d{2}$" "id:1501,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1502,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1503,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1504,phase:1,deny,status:403,log,msg:'leakages attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1505,phase:1,deny,status:403,log,msg:'leakages attack detected'"
diff --git a/waf_patterns/apache/lfi.conf b/waf_patterns/apache/lfi.conf
index 5715617..62f5db7 100644
--- a/waf_patterns/apache/lfi.conf
+++ b/waf_patterns/apache/lfi.conf
@@ -1,16 +1,16 @@
 # Apache ModSecurity rules for LFI
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@pmFromFile lfi-os-files.data" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@pmFromFile restricted-files.data" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@pmFromFile lfi-os-files.data" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1187,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1188,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))" "id:1189,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))" "id:1190,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@pmFromFile lfi-os-files.data" "id:1191,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@pmFromFile restricted-files.data" "id:1192,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1193,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1194,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@pmFromFile lfi-os-files.data" "id:1195,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1196,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1197,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1198,phase:1,deny,status:403,log,msg:'lfi attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1199,phase:1,deny,status:403,log,msg:'lfi attack detected'"
diff --git a/waf_patterns/apache/php.conf b/waf_patterns/apache/php.conf
index ec87cd2..941dee9 100644
--- a/waf_patterns/apache/php.conf
+++ b/waf_patterns/apache/php.conf
@@ -1,42 +1,42 @@
 # Apache ModSecurity rules for PHP
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-config-directives.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pm =" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-variables.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-function-names-933150.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?["']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:*.**/|/.*)|#.*[sv]|")*["']*)?[sv]*(.*)" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx [oOcC]:d+:".+?":d+:{.*}" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+));" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-function-names-933151.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pm (" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx .*.(?:phpd*|phtml)..*$" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pm ?>" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+))(?:;|$)?" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-errors.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@rx (?i)<?(?:=|php)?s+" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@pmFromFile php-errors-pl2.data" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1269,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1270,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])" "id:1271,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$" "id:1272,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pmFromFile php-config-directives.data" "id:1273,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pm =" "id:1274,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pmFromFile php-variables.data" "id:1275,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" "id:1276,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://" "id:1277,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pmFromFile php-function-names-933150.data" "id:1278,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?["']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:*.**/|/.*)|#.*[sv]|")*["']*)?[sv]*(.*)" "id:1279,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx [oOcC]:d+:".+?":d+:{.*}" "id:1280,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)" "id:1281,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+));" "id:1282,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1283,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1284,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pmFromFile php-function-names-933151.data" "id:1285,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pm (" "id:1286,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1287,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1288,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI" "id:1289,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)" "id:1290,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx .*.(?:phpd*|phtml)..*$" "id:1291,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pm ?>" "id:1292,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+))(?:;|$)?" "id:1293,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1294,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1295,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1541,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1542,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pmFromFile php-errors.data" "id:1543,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b" "id:1544,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@rx (?i)<?(?:=|php)?s+" "id:1545,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1546,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1547,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@pmFromFile php-errors-pl2.data" "id:1548,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1549,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1550,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1551,phase:1,deny,status:403,log,msg:'php attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1552,phase:1,deny,status:403,log,msg:'php attack detected'"
diff --git a/waf_patterns/apache/rce.conf b/waf_patterns/apache/rce.conf
index 438488d..386c969 100644
--- a/waf_patterns/apache/rce.conf
+++ b/waf_patterns/apache/rce.conf
@@ -1,57 +1,57 @@
 # Apache ModSecurity rules for RCE
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[&,<>|]|(?:[--.0-9A-Z_a-z]["'[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#*-0-9?-@_a-{]*)?x5c?)+[sv&,<>|]).*|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:4|[sv&),<>|].*))|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[sv&)<>|]|a(?:dd(?:group|user)|getty|l(?:ias|pine)[sv&)<>|]|nsible-playbook|pt(?:-get|itude[sv&)<>|])|r(?:ch[sv&)<>|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm|xel)|b(?:a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[sv&)<>|]|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[sv&)<>|]|on(?:tab)?)|s(?:plit|vtool)|u(?:psfilter|rl[sv&)<>|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[sv&)<>|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[sv&)<>|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r)))|f(?:acter|(?:etch|lock|unction)[sv&)<>|]|grep|i(?:le(?:[sv&)<>|]|test)|(?:n(?:d|ger)|sh)[sv&)<>|])|o(?:ld[sv&)<>|]|reach)|ping|tp(?:stats|who))|g(?:awk[sv&)<>|]|core|e(?:ni(?:e[sv&)<>|]|soimage)|tfacl[sv&)<>|])|hci|i(?:mp[sv&)<>|]|nsh)|r(?:ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[sv&)<>|]|onice|p(?:6?tables|config)|spell)|j(?:ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:ill(?:[sv&)<>|]|all)|nife[sv&)<>|]|sshell)|l(?:a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|dconfig|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[sv&)<>|]|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[sv&)<>q|]|x[sv&)<>|])|ke[sv&)<>|]|ster.passwd|wk)|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[sv&)<>|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[sv&)<>|]|sm|wk)|c(?:.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[sv&)<>|]|map|o(?:de[sv&)<>|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:f(?:la)?tex|ksh)|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[sv&)<>|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[sv&)<>|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[sv&)<>|]|shd)|wd.db|ython[^sv])|r(?:ak(?:e[sv&)<>|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[sv&)<>|]|stic)|l(?:ogin|wrap)|m(?:dir[sv&)<>|]|user)|nano|oute[sv&)<>|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|nap)[sv&)<>|]|c(?:hed|r(?:een|ipt)[sv&)<>|])|diff|e(?:(?:lf|rvice)[sv&)<>|]|ndmail|t(?:arch|env|facl[sv&)<>|]|sid))|ftp|h(?:.distrib|(?:adow|ells)[sv&)<>|]|u(?:f|tdown[sv&)<>|]))|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:(?:out)?[sv&)<>|]|datectl)|mux|ouch[sv&)<>|]|r(?:aceroute6?|off)|shark)|u(?:limit[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[sv&)<>|]|gr|mdiff|pw|rsh)|olatility[sv&)<>|])|w(?:a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@pmFromFile windows-powershell-commands.data" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:(?:a["^]*(?:c|s["^]*n["^]*p)|e["^]*(?:b["^]*p|p["^]*(?:a["^]*l|c["^]*s["^]*v|s["^]*n)|[tx]["^]*s["^]*n)|f["^]*(?:[cltw]|o["^]*r["^]*e["^]*a["^]*c["^]*h)|i["^]*(?:[cr]["^]*m|e["^]*x|h["^]*y|i|p["^]*(?:a["^]*l|c["^]*s["^]*v|m["^]*o|s["^]*n)|s["^]*e|w["^]*(?:m["^]*i|r))|m["^]*(?:a["^]*n|[dipv]|o["^]*u["^]*n["^]*t)|o["^]*g["^]*v|p["^]*(?:o["^]*p|u["^]*s["^]*h)["^]*d|t["^]*r["^]*c["^]*m|w["^]*j["^]*b)["^]*[sv,.-/;-<>].*|c["^]*(?:(?:(?:d|h["^]*d["^]*i["^]*r|v["^]*p["^]*a)["^]*|p["^]*(?:[ip]["^]*)?)[sv,.-/;-<>].*|l["^]*(?:(?:[cipv]|h["^]*y)["^]*[sv,.-/;-<>].*|s)|n["^]*s["^]*n)|d["^]*(?:(?:b["^]*p|e["^]*l|i["^]*(?:f["^]*f|r))["^]*[sv,.-/;-<>].*|n["^]*s["^]*n)|g["^]*(?:(?:(?:(?:a["^]*)?l|b["^]*p|d["^]*r|h["^]*y|(?:w["^]*m["^]*)?i|j["^]*b|[u-v])["^]*|c["^]*(?:[ims]["^]*)?|m["^]*(?:o["^]*)?|s["^]*(?:n["^]*(?:p["^]*)?|v["^]*))[sv,.-/;-<>].*|e["^]*r["^]*r|p["^]*(?:(?:s["^]*)?[sv,.-/;-<>].*|v))|l["^]*s|n["^]*(?:(?:a["^]*l|d["^]*r|[iv]|m["^]*o|s["^]*n)["^]*[sv,.-/;-<>].*|p["^]*s["^]*s["^]*c)|r["^]*(?:(?:(?:(?:b["^]*)?p|e["^]*n|(?:w["^]*m["^]*)?i|j["^]*b|n["^]*[ip])["^]*|d["^]*(?:r["^]*)?|m["^]*(?:(?:d["^]*i["^]*r|o)["^]*)?|s["^]*n["^]*(?:p["^]*)?|v["^]*(?:p["^]*a["^]*)?)[sv,.-/;-<>].*|c["^]*(?:j["^]*b["^]*[sv,.-/;-<>].*|s["^]*n)|u["^]*j["^]*b)|s["^]*(?:(?:(?:a["^]*(?:j["^]*b|l|p["^]*s|s["^]*v)|b["^]*p|[civ]|w["^]*m["^]*i)["^]*|l["^]*(?:s["^]*)?|p["^]*(?:(?:j["^]*b|p["^]*s|s["^]*v)["^]*)?)[sv,.-/;-<>].*|h["^]*c["^]*m|u["^]*j["^]*b))(?:.["^]*[0-9A-Z_a-z]+)?b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)[sv&)<>|]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:a(?:ddgroup|xel)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:g(?:passwd|rp)|pass|sh)|lang++|oproc|ron)|d(?:iff[sv&)<>|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[sv&)<>|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|erl5?|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[sv&)<>|])|tar(?:diff|grep)?|wd.db|ython[2-3])|r(?:(?:bas|ealpat)h|m(?:dir[sv&)<>|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h.distri|pwd.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[sv&)<>|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:c(?:at|mp)|diff|[e-f]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "!@rx [0-9]s*'s*[0-9]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx !-d" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@pmFromFile unix-shell.data" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ^(s*)s+{" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ^(s*)s+{" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ba["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?sb[sv]+[!-"%',0-9@-Z_a-z]+=[^sv]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@pmFromFile restricted-upload.data" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:c["^]*c["^]*c["^]*h["^]*e["^]*c["^]*k["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e|d["^]*(?:p["^]*l["^]*u["^]*s|v["^]*p["^]*a["^]*c["^]*k)|(?:g["^]*e["^]*n["^]*t["^]*e["^]*x["^]*e["^]*c["^]*u["^]*t["^]*o|s["^]*p["^]*n["^]*e["^]*t["^]*_["^]*c["^]*o["^]*m["^]*p["^]*i["^]*l["^]*e)["^]*r|p["^]*p["^]*(?:i["^]*n["^]*s["^]*t["^]*a["^]*l["^]*l["^]*e["^]*r|v["^]*l["^]*p)|t["^]*(?:[sv,.-/;-<>].*|b["^]*r["^]*o["^]*k["^]*e["^]*r))|b["^]*(?:a["^]*s["^]*h|g["^]*i["^]*n["^]*f["^]*o|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:d["^]*b|e["^]*r["^]*t["^]*(?:o["^]*c|r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|l["^]*_["^]*(?:i["^]*n["^]*v["^]*o["^]*c["^]*a["^]*t["^]*i["^]*o["^]*n|l["^]*o["^]*a["^]*d["^]*a["^]*s["^]*s["^]*e["^]*m["^]*b["^]*l["^]*y|m["^]*u["^]*t["^]*e["^]*x["^]*v["^]*e["^]*r["^]*i["^]*f["^]*i["^]*e["^]*r["^]*s)|m["^]*(?:d(?:["^]*(?:k["^]*e["^]*y|l["^]*3["^]*2))?|s["^]*t["^]*p)|o["^]*(?:m["^]*s["^]*v["^]*c["^]*s|n["^]*(?:f["^]*i["^]*g["^]*s["^]*e["^]*c["^]*u["^]*r["^]*i["^]*t["^]*y["^]*p["^]*o["^]*l["^]*i["^]*c["^]*y|h["^]*o["^]*s["^]*t|t["^]*r["^]*o["^]*l)|r["^]*e["^]*g["^]*e["^]*n)|r["^]*e["^]*a["^]*t["^]*e["^]*d["^]*u["^]*m["^]*p|s["^]*(?:c(?:["^]*r["^]*i["^]*p["^]*t)?|i)|u["^]*s["^]*t["^]*o["^]*m["^]*s["^]*h["^]*e["^]*l["^]*l["^]*h["^]*o["^]*s["^]*t)|d["^]*(?:a["^]*t["^]*a["^]*s["^]*v["^]*c["^]*u["^]*t["^]*i["^]*l|e["^]*(?:f["^]*a["^]*u["^]*l["^]*t["^]*p["^]*a["^]*c["^]*k|s["^]*k(?:["^]*t["^]*o["^]*p["^]*i["^]*m["^]*g["^]*d["^]*o["^]*w["^]*n["^]*l["^]*d["^]*r)?|v["^]*(?:i["^]*c["^]*e["^]*c["^]*r["^]*e["^]*d["^]*e["^]*n["^]*t["^]*i["^]*a["^]*l["^]*d["^]*e["^]*p["^]*l["^]*o["^]*y["^]*m["^]*e["^]*n["^]*t|t["^]*o["^]*o["^]*l["^]*s["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r))|f["^]*s["^]*(?:h["^]*i["^]*m|v["^]*c)|i["^]*(?:a["^]*n["^]*t["^]*z|s["^]*k["^]*s["^]*h["^]*a["^]*d["^]*o["^]*w)|n["^]*(?:s["^]*c["^]*m["^]*d|x)|o["^]*t["^]*n["^]*e["^]*t|u["^]*m["^]*p["^]*6["^]*4|x["^]*c["^]*a["^]*p)|e["^]*(?:s["^]*e["^]*n["^]*t["^]*u["^]*t["^]*l|v["^]*e["^]*n["^]*t["^]*v["^]*w["^]*r|x["^]*(?:c["^]*e["^]*l|p["^]*(?:a["^]*n["^]*d|l["^]*o["^]*r["^]*e["^]*r)|t["^]*(?:e["^]*x["^]*p["^]*o["^]*r["^]*t|r["^]*a["^]*c["^]*3["^]*2)))|f["^]*(?:i["^]*n["^]*(?:d["^]*s["^]*t|g["^]*e)["^]*r|l["^]*t["^]*m["^]*c|o["^]*r["^]*f["^]*i["^]*l["^]*e["^]*s|s["^]*(?:i(?:["^]*a["^]*n["^]*y["^]*c["^]*p["^]*u)?|u["^]*t["^]*i["^]*l)|t["^]*p)|g["^]*(?:f["^]*x["^]*d["^]*o["^]*w["^]*n["^]*l["^]*o["^]*a["^]*d["^]*w["^]*r["^]*a["^]*p["^]*p["^]*e["^]*r|p["^]*s["^]*c["^]*r["^]*i["^]*p["^]*t)|h["^]*h|i["^]*(?:e["^]*(?:4["^]*u["^]*i["^]*n["^]*i["^]*t|a["^]*d["^]*v["^]*p["^]*a["^]*c["^]*k|e["^]*x["^]*e["^]*c|f["^]*r["^]*a["^]*m["^]*e)|l["^]*a["^]*s["^]*m|m["^]*e["^]*w["^]*d["^]*b["^]*l["^]*d|n["^]*(?:f["^]*d["^]*e["^]*f["^]*a["^]*u["^]*l["^]*t["^]*i["^]*n["^]*s["^]*t["^]*a["^]*l|s["^]*t["^]*a["^]*l["^]*l["^]*u["^]*t["^]*i)["^]*l)|j["^]*s["^]*c|l["^]*(?:a["^]*u["^]*n["^]*c["^]*h["^]*-["^]*v["^]*s["^]*d["^]*e["^]*v["^]*s["^]*h["^]*e["^]*l["^]*l|d["^]*i["^]*f["^]*d["^]*e)|m["^]*(?:a["^]*(?:k["^]*e["^]*c["^]*a["^]*b|n["^]*a["^]*g["^]*e["^]*-["^]*b["^]*d["^]*e|v["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t)|f["^]*t["^]*r["^]*a["^]*c["^]*e|i["^]*c["^]*r["^]*o["^]*s["^]*o["^]*f["^]*t|m["^]*c|p["^]*c["^]*m["^]*d["^]*r["^]*u["^]*n|s["^]*(?:(?:b["^]*u["^]*i["^]*l|o["^]*h["^]*t["^]*m["^]*e)["^]*d|c["^]*o["^]*n["^]*f["^]*i["^]*g|d["^]*(?:e["^]*p["^]*l["^]*o["^]*y|t)|h["^]*t["^]*(?:a|m["^]*l)|i["^]*e["^]*x["^]*e["^]*c|p["^]*u["^]*b|x["^]*s["^]*l))|n["^]*(?:e["^]*t["^]*s["^]*h|t["^]*d["^]*s["^]*u["^]*t["^]*i["^]*l)|o["^]*(?:d["^]*b["^]*c["^]*c["^]*o["^]*n["^]*f|f["^]*f["^]*l["^]*i["^]*n["^]*e["^]*s["^]*c["^]*a["^]*n["^]*n["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l|n["^]*e["^]*d["^]*r["^]*i["^]*v["^]*e["^]*s["^]*t["^]*a["^]*n["^]*d["^]*a["^]*l["^]*o["^]*n["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t["^]*e["^]*r|p["^]*e["^]*n["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e)|p["^]*(?:c["^]*(?:a["^]*l["^]*u["^]*a|w["^]*(?:r["^]*u["^]*n|u["^]*t["^]*l))|(?:e["^]*s["^]*t["^]*e|s)["^]*r|(?:k["^]*t["^]*m["^]*o|u["^]*b["^]*p["^]*r)["^]*n|n["^]*p["^]*u["^]*t["^]*i["^]*l|o["^]*w["^]*e["^]*r["^]*p["^]*n["^]*t|r["^]*(?:e["^]*s["^]*e["^]*n["^]*t["^]*a["^]*t["^]*i["^]*o["^]*n["^]*h["^]*o["^]*s["^]*t|i["^]*n["^]*t(?:["^]*b["^]*r["^]*m)?|o["^]*(?:c["^]*d["^]*u["^]*m["^]*p|t["^]*o["^]*c["^]*o["^]*l["^]*h["^]*a["^]*n["^]*d["^]*l["^]*e["^]*r)))|r["^]*(?:a["^]*s["^]*a["^]*u["^]*t["^]*o["^]*u|c["^]*s["^]*i|(?:d["^]*r["^]*l["^]*e["^]*a["^]*k["^]*d["^]*i["^]*a|p["^]*c["^]*p["^]*i["^]*n)["^]*g|e["^]*(?:g(?:["^]*(?:a["^]*s["^]*m|e["^]*d["^]*i["^]*t|i["^]*(?:n["^]*i|s["^]*t["^]*e["^]*r["^]*-["^]*c["^]*i["^]*m["^]*p["^]*r["^]*o["^]*v["^]*i["^]*d["^]*e["^]*r)|s["^]*v["^]*(?:c["^]*s|r["^]*3["^]*2)))?|(?:m["^]*o["^]*t|p["^]*l["^]*a["^]*c)["^]*e)|u["^]*n["^]*(?:d["^]*l["^]*l["^]*3["^]*2|(?:e["^]*x["^]*e|s["^]*c["^]*r["^]*i["^]*p["^]*t)["^]*h["^]*e["^]*l["^]*p["^]*e["^]*r|o["^]*n["^]*c["^]*e))|s["^]*(?:c["^]*(?:[sv,.-/;-<>].*|h["^]*t["^]*a["^]*s["^]*k["^]*s|r["^]*i["^]*p["^]*t["^]*r["^]*u["^]*n["^]*n["^]*e["^]*r)|e["^]*t["^]*(?:r["^]*e["^]*s|t["^]*i["^]*n["^]*g["^]*s["^]*y["^]*n["^]*c["^]*h["^]*o["^]*s["^]*t|u["^]*p["^]*a["^]*p["^]*i)|h["^]*(?:d["^]*o["^]*c["^]*v["^]*w|e["^]*l["^]*l["^]*3["^]*2)|q["^]*(?:l["^]*(?:d["^]*u["^]*m["^]*p["^]*e["^]*r|(?:t["^]*o["^]*o["^]*l["^]*s["^]*)?p["^]*s)|u["^]*i["^]*r["^]*r["^]*e["^]*l)|s["^]*h|t["^]*o["^]*r["^]*d["^]*i["^]*a["^]*g|y["^]*(?:n["^]*c["^]*a["^]*p["^]*p["^]*v["^]*p["^]*u["^]*b["^]*l["^]*i["^]*s["^]*h["^]*i["^]*n["^]*g["^]*s["^]*e["^]*r["^]*v["^]*e["^]*r|s["^]*s["^]*e["^]*t["^]*u["^]*p))|t["^]*(?:e["^]*[sv,.-/;-<>].*|r["^]*a["^]*c["^]*k["^]*e["^]*r|t["^]*(?:d["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t|t["^]*r["^]*a["^]*c["^]*e["^]*r))|u["^]*(?:n["^]*r["^]*e["^]*g["^]*m["^]*p["^]*2|p["^]*d["^]*a["^]*t["^]*e|r["^]*l|t["^]*i["^]*l["^]*i["^]*t["^]*y["^]*f["^]*u["^]*n["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s)|v["^]*(?:b["^]*c|e["^]*r["^]*c["^]*l["^]*s["^]*i["^]*d|i["^]*s["^]*u["^]*a["^]*l["^]*u["^]*i["^]*a["^]*v["^]*e["^]*r["^]*i["^]*f["^]*y["^]*n["^]*a["^]*t["^]*i["^]*v["^]*e|s["^]*(?:i["^]*i["^]*s["^]*e["^]*x["^]*e["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h|j["^]*i["^]*t["^]*d["^]*e["^]*b["^]*u["^]*g["^]*g)["^]*e["^]*r)|w["^]*(?:a["^]*b|(?:f|m["^]*i)["^]*c|i["^]*n["^]*(?:g["^]*e["^]*t|r["^]*m|w["^]*o["^]*r["^]*d)|l["^]*r["^]*m["^]*d["^]*r|o["^]*r["^]*k["^]*f["^]*o["^]*l["^]*d["^]*e["^]*r["^]*s|s["^]*(?:(?:c["^]*r["^]*i["^]*p|r["^]*e["^]*s["^]*e)["^]*t|l)|t["^]*[sv,.-/;-<>].*|u["^]*a["^]*u["^]*c["^]*l["^]*t)|x["^]*w["^]*i["^]*z["^]*a["^]*r["^]*d|z["^]*i["^]*p["^]*f["^]*l["^]*d["^]*r)(?:.["^]*[0-9A-Z_a-z]+)?b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:s["^]*s["^]*o["^]*c|t["^]*(?:m["^]*a["^]*d["^]*m|t["^]*r["^]*i["^]*b)|u["^]*(?:d["^]*i["^]*t["^]*p["^]*o["^]*l|t["^]*o["^]*(?:c["^]*(?:h["^]*k|o["^]*n["^]*v)|(?:f["^]*m|m["^]*o["^]*u["^]*n)["^]*t)))|b["^]*(?:c["^]*d["^]*(?:b["^]*o["^]*o|e["^]*d["^]*i)["^]*t|(?:d["^]*e["^]*h["^]*d|o["^]*o["^]*t)["^]*c["^]*f["^]*g|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:a["^]*c["^]*l["^]*s|e["^]*r["^]*t["^]*(?:r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|h["^]*(?:c["^]*p|d["^]*i["^]*r|g["^]*(?:l["^]*o["^]*g["^]*o["^]*n|p["^]*o["^]*r["^]*t|u["^]*s["^]*r)|k["^]*(?:d["^]*s["^]*k|n["^]*t["^]*f["^]*s))|l["^]*e["^]*a["^]*n["^]*m["^]*g["^]*r|m["^]*(?:d(?:["^]*k["^]*e["^]*y)?|s["^]*t["^]*p)|s["^]*c["^]*r["^]*i["^]*p["^]*t)|d["^]*(?:c["^]*(?:d["^]*i["^]*a["^]*g|g["^]*p["^]*o["^]*f["^]*i["^]*x)|e["^]*(?:f["^]*r["^]*a["^]*g|l)|f["^]*s["^]*(?:d["^]*i["^]*a|r["^]*m["^]*i)["^]*g|i["^]*(?:a["^]*n["^]*t["^]*z|r|s["^]*(?:k["^]*(?:c["^]*o["^]*(?:m["^]*p|p["^]*y)|p["^]*(?:a["^]*r["^]*t|e["^]*r["^]*f)|r["^]*a["^]*i["^]*d|s["^]*h["^]*a["^]*d["^]*o["^]*w)|p["^]*d["^]*i["^]*a["^]*g))|n["^]*s["^]*c["^]*m["^]*d|(?:o["^]*s["^]*k["^]*e|r["^]*i["^]*v["^]*e["^]*r["^]*q["^]*u["^]*e["^]*r)["^]*y)|e["^]*(?:n["^]*d["^]*l["^]*o["^]*c["^]*a["^]*l|v["^]*e["^]*n["^]*t["^]*c["^]*r["^]*e["^]*a["^]*t["^]*e)|E["^]*v["^]*n["^]*t["^]*c["^]*m["^]*d|f["^]*(?:c|i["^]*(?:l["^]*e["^]*s["^]*y["^]*s["^]*t["^]*e["^]*m["^]*s|n["^]*d["^]*s["^]*t["^]*r)|l["^]*a["^]*t["^]*t["^]*e["^]*m["^]*p|o["^]*r(?:["^]*f["^]*i["^]*l["^]*e["^]*s)?|r["^]*e["^]*e["^]*d["^]*i["^]*s["^]*k|s["^]*u["^]*t["^]*i["^]*l|(?:t["^]*y["^]*p|v["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t)["^]*e)|g["^]*(?:e["^]*t["^]*(?:m["^]*a["^]*c|t["^]*y["^]*p["^]*e)|o["^]*t["^]*o|p["^]*(?:f["^]*i["^]*x["^]*u["^]*p|(?:r["^]*e["^]*s["^]*u["^]*l["^]*)?t|u["^]*p["^]*d["^]*a["^]*t["^]*e)|r["^]*a["^]*f["^]*t["^]*a["^]*b["^]*l)|h["^]*(?:e["^]*l["^]*p["^]*c["^]*t["^]*r|o["^]*s["^]*t["^]*n["^]*a["^]*m["^]*e)|i["^]*(?:c["^]*a["^]*c["^]*l["^]*s|f|p["^]*(?:c["^]*o["^]*n["^]*f["^]*i["^]*g|x["^]*r["^]*o["^]*u["^]*t["^]*e)|r["^]*f["^]*t["^]*p)|j["^]*e["^]*t["^]*p["^]*a["^]*c["^]*k|k["^]*(?:l["^]*i["^]*s["^]*t|s["^]*e["^]*t["^]*u["^]*p|t["^]*(?:m["^]*u["^]*t["^]*i["^]*l|p["^]*a["^]*s["^]*s))|l["^]*(?:o["^]*(?:d["^]*c["^]*t["^]*r|g["^]*(?:m["^]*a["^]*n|o["^]*f["^]*f))|p["^]*[q-r])|m["^]*(?:a["^]*(?:c["^]*f["^]*i["^]*l["^]*e|k["^]*e["^]*c["^]*a["^]*b|p["^]*a["^]*d["^]*m["^]*i["^]*n)|k["^]*(?:d["^]*i["^]*r|l["^]*i["^]*n["^]*k)|m["^]*c|o["^]*u["^]*n["^]*t["^]*v["^]*o["^]*l|q["^]*(?:b["^]*k["^]*u["^]*p|(?:t["^]*g["^]*)?s["^]*v["^]*c)|s["^]*(?:d["^]*t|i["^]*(?:e["^]*x["^]*e["^]*c|n["^]*f["^]*o["^]*3["^]*2)|t["^]*s["^]*c))|n["^]*(?:b["^]*t["^]*s["^]*t["^]*a["^]*t|e["^]*t["^]*(?:c["^]*f["^]*g|d["^]*o["^]*m|s["^]*(?:h|t["^]*a["^]*t))|f["^]*s["^]*(?:a["^]*d["^]*m["^]*i["^]*n|s["^]*(?:h["^]*a["^]*r["^]*e|t["^]*a["^]*t))|l["^]*(?:b["^]*m["^]*g["^]*r|t["^]*e["^]*s["^]*t)|s["^]*l["^]*o["^]*o["^]*k["^]*u["^]*p|t["^]*(?:b["^]*a["^]*c["^]*k["^]*u["^]*p|c["^]*m["^]*d["^]*p["^]*r["^]*o["^]*m["^]*p["^]*t|f["^]*r["^]*s["^]*u["^]*t["^]*l))|o["^]*(?:f["^]*f["^]*l["^]*i["^]*n["^]*e|p["^]*e["^]*n["^]*f["^]*i["^]*l["^]*e["^]*s)|p["^]*(?:a["^]*(?:g["^]*e["^]*f["^]*i["^]*l["^]*e["^]*c["^]*o["^]*n["^]*f["^]*i|t["^]*h["^]*p["^]*i["^]*n)["^]*g|(?:b["^]*a["^]*d["^]*m["^]*i|k["^]*t["^]*m["^]*o)["^]*n|e["^]*(?:n["^]*t["^]*n["^]*t|r["^]*f["^]*m["^]*o["^]*n)|n["^]*p["^]*u["^]*(?:n["^]*a["^]*t["^]*t["^]*e["^]*n["^]*d|t["^]*i["^]*l)|o["^]*(?:p["^]*d|w["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l)|r["^]*n["^]*(?:c["^]*n["^]*f["^]*g|(?:d["^]*r["^]*v|m["^]*n["^]*g)["^]*r|j["^]*o["^]*b["^]*s|p["^]*o["^]*r["^]*t|q["^]*c["^]*t["^]*l)|u["^]*(?:b["^]*p["^]*r["^]*n|s["^]*h["^]*(?:d|p["^]*r["^]*i["^]*n["^]*t["^]*e["^]*r["^]*c["^]*o["^]*n["^]*n["^]*e["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s))|w["^]*(?:l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r|s["^]*h))|q["^]*(?:a["^]*p["^]*p["^]*s["^]*r["^]*v|p["^]*r["^]*o["^]*c["^]*e["^]*s["^]*s|u["^]*s["^]*e["^]*r|w["^]*i["^]*n["^]*s["^]*t["^]*a)|r["^]*(?:d(?:["^]*p["^]*s["^]*i["^]*g["^]*n)?|e["^]*(?:f["^]*s["^]*u["^]*t["^]*i["^]*l|g(?:["^]*(?:i["^]*n["^]*i|s["^]*v["^]*r["^]*3["^]*2))?|l["^]*o["^]*g|(?:(?:p["^]*a["^]*d["^]*m["^]*i|s["^]*c["^]*a)["^]*)?n|x["^]*e["^]*c)|i["^]*s["^]*e["^]*t["^]*u["^]*p|m["^]*d["^]*i["^]*r|o["^]*b["^]*o["^]*c["^]*o["^]*p["^]*y|p["^]*c["^]*(?:i["^]*n["^]*f["^]*o|p["^]*i["^]*n["^]*g)|s["^]*h|u["^]*n["^]*d["^]*l["^]*l["^]*3["^]*2|w["^]*i["^]*n["^]*s["^]*t["^]*a)|s["^]*(?:a["^]*n|c["^]*(?:h["^]*t["^]*a["^]*s["^]*k["^]*s|w["^]*c["^]*m["^]*d)|e["^]*(?:c["^]*e["^]*d["^]*i["^]*t|r["^]*v["^]*e["^]*r["^]*(?:(?:c["^]*e["^]*i["^]*p|w["^]*e["^]*r)["^]*o["^]*p["^]*t["^]*i["^]*n|m["^]*a["^]*n["^]*a["^]*g["^]*e["^]*r["^]*c["^]*m["^]*d)|t["^]*x)|f["^]*c|(?:h["^]*o["^]*w["^]*m["^]*o["^]*u["^]*n|u["^]*b["^]*s)["^]*t|x["^]*s["^]*t["^]*r["^]*a["^]*c["^]*e|y["^]*s["^]*(?:o["^]*c["^]*m["^]*g["^]*r|t["^]*e["^]*m["^]*i["^]*n["^]*f["^]*o))|t["^]*(?:a["^]*(?:k["^]*e["^]*o["^]*w["^]*n|p["^]*i["^]*c["^]*f["^]*g|s["^]*k["^]*(?:k["^]*i["^]*l["^]*l|l["^]*i["^]*s["^]*t))|(?:c["^]*m["^]*s["^]*e["^]*t["^]*u|f["^]*t)["^]*p|(?:(?:e["^]*l["^]*n["^]*e|i["^]*m["^]*e["^]*o["^]*u)["^]*|r["^]*a["^]*c["^]*e["^]*r["^]*(?:p["^]*)?)t|l["^]*n["^]*t["^]*a["^]*d["^]*m["^]*n|p["^]*m["^]*(?:t["^]*o["^]*o["^]*l|v["^]*s["^]*c["^]*m["^]*g["^]*r)|s["^]*(?:(?:d["^]*i["^]*s["^]*)?c["^]*o["^]*n|e["^]*c["^]*i["^]*m["^]*p|k["^]*i["^]*l["^]*l|p["^]*r["^]*o["^]*f)|y["^]*p["^]*e["^]*p["^]*e["^]*r["^]*f|z["^]*u["^]*t["^]*i["^]*l)|u["^]*n["^]*(?:e["^]*x["^]*p["^]*o["^]*s["^]*e|i["^]*q["^]*u["^]*e["^]*i["^]*d|l["^]*o["^]*d["^]*c["^]*t["^]*r)|v["^]*(?:o["^]*l|s["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|w["^]*(?:a["^]*i["^]*t["^]*f["^]*o["^]*r|b["^]*a["^]*d["^]*m["^]*i["^]*n|(?:d["^]*s|e["^]*(?:c|v["^]*t))["^]*u["^]*t["^]*i["^]*l|h["^]*(?:e["^]*r["^]*e|o["^]*a["^]*m["^]*i)|i["^]*n["^]*(?:n["^]*t(?:["^]*3["^]*2)?|r["^]*s)|m["^]*i["^]*c|s["^]*c["^]*r["^]*i["^]*p["^]*t)|x["^]*c["^]*o["^]*p["^]*y)(?:.["^]*[0-9A-Z_a-z]+)?b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*.[sv].*b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?:$(?:((?:(.*)|.*))|{.*})|[<>](.*)|[!?.+])" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx /" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx s" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx /" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx s" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx /" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx s" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i).|(?:[sv]*|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|G["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?E["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?T|a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:b|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?t|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[jp])?|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ks])|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[8-9]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?9|[au]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|c|(?:m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dfu]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[gr])|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[bdx]|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|q["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[c-dgi]|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[chr]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|o|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dp]|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b)|j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|q)|k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)?|[nps]|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|v)|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[cl]|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|o["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[at]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?x|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|f|(?:k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?g|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cp]|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?y)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dv]|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dt]|[g-hu]|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cr]|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l|[co]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ex]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|l)|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|c)|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|z)|y["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)[-0-9_a-z]+(?:["'[-]]+|$+[!#*-0-9?-@x5c_a-{]+|``|[$<>]())[sv]*[-0-9_a-z]+" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "!@rx [0-9]s*'s*[0-9]" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx ;[sv]*.[sv]*["']?(?:a(?:rchive|uth)|b(?:a(?:ckup|il)|inary)|c(?:d|h(?:anges|eck)|lone|onnection)|d(?:atabases|b(?:config|info)|ump)|e(?:cho|qp|x(?:cel|it|p(?:ert|lain)))|f(?:ilectrl|ullschema)|he(?:aders|lp)|i(?:mpo(?:rt|ster)|ndexes|otrace)|l(?:i(?:mi|n)t|o(?:ad|g))|(?:mod|n(?:onc|ullvalu)|unmodul)e|o(?:nce|pen|utput)|p(?:arameter|r(?:int|o(?:gress|mpt)))|quit|re(?:ad|cover|store)|s(?:ave|c(?:anstats|hema)|e(?:lftest|parator|ssion)|h(?:a3sum|ell|ow)?|tats|ystem)|t(?:ables|estc(?:ase|trl)|ime(?:out|r)|race)|vfs(?:info|list|name)|width)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:["-#%-&*--9A-Zx5c_a-z]+)?(?: ([ x5ca-z]+))?(?: "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [+-][0-9]{4}"?)? {[0-9]{1,20}+?}|UTHENTICATE [-0-9_a-z]{1,20}rn)|L(?:SUB (?:["-#*.-9A-Z_a-z~]+)? (?:["%-&*.-9A-Zx5c_a-z]+)?|ISTRIGHTS (?:["%-&*--9A-Zx5c_a-z]+)?)|S(?:TATUS (?:["%-&*--9A-Zx5c_a-z]+)? ((?:U(?:NSEEN|IDNEXT)|MESSAGES|UIDVALIDITY|RECENT| )+)|ETACL (?:["%-&*--9A-Zx5c_a-z]+)? [+-][ac-eik-lpr-tw-x]+?)|UID (?:COPY|FETCH|STORE) (?:[*,0-:]+)?|(?:(?:DELETE|GET)ACL|MYRIGHTS) (?:["%-&*--9A-Zx5c_a-z]+)?)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|an|io|ulimit)|s(?:h|plit|vtool)|u(?:(?:t|rl)[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|inks|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[^sv])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash|nap)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:3m|c|a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:c|a(?:ll|tch)[sv&)<>|]|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@pmFromFile unix-shell.data" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))b" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) ["-#%-&*--9A-Zx5c_a-z]+|APABILITY|HECK|LOSE)|DELETE ["-#%-&*--.0-9A-Zx5c_a-z]+|EX(?:AMINE ["-#%-&*--.0-9A-Zx5c_a-z]+|PUNGE)|FETCH [*,0-:]+|L(?:IST ["-#*--9A-Zx5c_a-z~]+? ["-#%-&*--9A-Zx5c_a-z]+|OG(?:IN [--.0-9@_a-z]{1,40} .*?|OUT))|RENAME ["-#%-&*--9A-Zx5c_a-z]+? ["-#%-&*--9A-Zx5c_a-z]+|S(?:E(?:LECT ["-#%-&*--9A-Zx5c_a-z]+|ARCH(?: CHARSET [--.0-9A-Z_a-z]{1,40})? (?:(KEYWORD x5c)?(?:A(?:LL|NSWERED)|BCC|D(?:ELETED|RAFT)|(?:FLAGGE|OL)D|RECENT|SEEN|UN(?:(?:ANSWER|FLAGG)ED|D(?:ELETED|RAFT)|SEEN)|NEW)|(?:BODY|CC|FROM|HEADER .{1,100}|NOT|OR .{1,255}|T(?:EXT|O)) .{1,255}|LARGER [0-9]{1,20}|[*,0-:]+|(?:BEFORE|ON|S(?:ENT(?:(?:BEFOR|SINC)E|ON)|INCE)) "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4}"?|S(?:MALLER [0-9]{1,20}|UBJECT .{1,255})|U(?:ID [*,0-:]+?|NKEYWORD x5c(Seen|(?:Answer|Flagg)ed|D(?:eleted|raft)|Recent))))|T(?:ORE [*,0-:]+? [+-]?FLAGS(?:.SILENT)? (?:(x5c[a-z]{1,20}))?|ARTTLS)|UBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+)|UN(?:SUBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+|AUTHENTICATE)|NOOP)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@rx !(?:d|!)" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1215,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1216,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[&,<>|]|(?:[--.0-9A-Z_a-z]["'[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#*-0-9?-@_a-{]*)?x5c?)+[sv&,<>|]).*|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:4|[sv&),<>|].*))|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)b" "id:1217,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[sv&)<>|]|a(?:dd(?:group|user)|getty|l(?:ias|pine)[sv&)<>|]|nsible-playbook|pt(?:-get|itude[sv&)<>|])|r(?:ch[sv&)<>|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm|xel)|b(?:a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[sv&)<>|]|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[sv&)<>|]|on(?:tab)?)|s(?:plit|vtool)|u(?:psfilter|rl[sv&)<>|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[sv&)<>|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[sv&)<>|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r)))|f(?:acter|(?:etch|lock|unction)[sv&)<>|]|grep|i(?:le(?:[sv&)<>|]|test)|(?:n(?:d|ger)|sh)[sv&)<>|])|o(?:ld[sv&)<>|]|reach)|ping|tp(?:stats|who))|g(?:awk[sv&)<>|]|core|e(?:ni(?:e[sv&)<>|]|soimage)|tfacl[sv&)<>|])|hci|i(?:mp[sv&)<>|]|nsh)|r(?:ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[sv&)<>|]|onice|p(?:6?tables|config)|spell)|j(?:ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:ill(?:[sv&)<>|]|all)|nife[sv&)<>|]|sshell)|l(?:a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|dconfig|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[sv&)<>|]|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[sv&)<>q|]|x[sv&)<>|])|ke[sv&)<>|]|ster.passwd|wk)|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[sv&)<>|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[sv&)<>|]|sm|wk)|c(?:.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[sv&)<>|]|map|o(?:de[sv&)<>|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:f(?:la)?tex|ksh)|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[sv&)<>|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[sv&)<>|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[sv&)<>|]|shd)|wd.db|ython[^sv])|r(?:ak(?:e[sv&)<>|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[sv&)<>|]|stic)|l(?:ogin|wrap)|m(?:dir[sv&)<>|]|user)|nano|oute[sv&)<>|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|nap)[sv&)<>|]|c(?:hed|r(?:een|ipt)[sv&)<>|])|diff|e(?:(?:lf|rvice)[sv&)<>|]|ndmail|t(?:arch|env|facl[sv&)<>|]|sid))|ftp|h(?:.distrib|(?:adow|ells)[sv&)<>|]|u(?:f|tdown[sv&)<>|]))|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:(?:out)?[sv&)<>|]|datectl)|mux|ouch[sv&)<>|]|r(?:aceroute6?|off)|shark)|u(?:limit[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[sv&)<>|]|gr|mdiff|pw|rsh)|olatility[sv&)<>|])|w(?:a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))" "id:1218,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@pmFromFile windows-powershell-commands.data" "id:1219,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:(?:a["^]*(?:c|s["^]*n["^]*p)|e["^]*(?:b["^]*p|p["^]*(?:a["^]*l|c["^]*s["^]*v|s["^]*n)|[tx]["^]*s["^]*n)|f["^]*(?:[cltw]|o["^]*r["^]*e["^]*a["^]*c["^]*h)|i["^]*(?:[cr]["^]*m|e["^]*x|h["^]*y|i|p["^]*(?:a["^]*l|c["^]*s["^]*v|m["^]*o|s["^]*n)|s["^]*e|w["^]*(?:m["^]*i|r))|m["^]*(?:a["^]*n|[dipv]|o["^]*u["^]*n["^]*t)|o["^]*g["^]*v|p["^]*(?:o["^]*p|u["^]*s["^]*h)["^]*d|t["^]*r["^]*c["^]*m|w["^]*j["^]*b)["^]*[sv,.-/;-<>].*|c["^]*(?:(?:(?:d|h["^]*d["^]*i["^]*r|v["^]*p["^]*a)["^]*|p["^]*(?:[ip]["^]*)?)[sv,.-/;-<>].*|l["^]*(?:(?:[cipv]|h["^]*y)["^]*[sv,.-/;-<>].*|s)|n["^]*s["^]*n)|d["^]*(?:(?:b["^]*p|e["^]*l|i["^]*(?:f["^]*f|r))["^]*[sv,.-/;-<>].*|n["^]*s["^]*n)|g["^]*(?:(?:(?:(?:a["^]*)?l|b["^]*p|d["^]*r|h["^]*y|(?:w["^]*m["^]*)?i|j["^]*b|[u-v])["^]*|c["^]*(?:[ims]["^]*)?|m["^]*(?:o["^]*)?|s["^]*(?:n["^]*(?:p["^]*)?|v["^]*))[sv,.-/;-<>].*|e["^]*r["^]*r|p["^]*(?:(?:s["^]*)?[sv,.-/;-<>].*|v))|l["^]*s|n["^]*(?:(?:a["^]*l|d["^]*r|[iv]|m["^]*o|s["^]*n)["^]*[sv,.-/;-<>].*|p["^]*s["^]*s["^]*c)|r["^]*(?:(?:(?:(?:b["^]*)?p|e["^]*n|(?:w["^]*m["^]*)?i|j["^]*b|n["^]*[ip])["^]*|d["^]*(?:r["^]*)?|m["^]*(?:(?:d["^]*i["^]*r|o)["^]*)?|s["^]*n["^]*(?:p["^]*)?|v["^]*(?:p["^]*a["^]*)?)[sv,.-/;-<>].*|c["^]*(?:j["^]*b["^]*[sv,.-/;-<>].*|s["^]*n)|u["^]*j["^]*b)|s["^]*(?:(?:(?:a["^]*(?:j["^]*b|l|p["^]*s|s["^]*v)|b["^]*p|[civ]|w["^]*m["^]*i)["^]*|l["^]*(?:s["^]*)?|p["^]*(?:(?:j["^]*b|p["^]*s|s["^]*v)["^]*)?)[sv,.-/;-<>].*|h["^]*c["^]*m|u["^]*j["^]*b))(?:.["^]*[0-9A-Z_a-z]+)?b" "id:1220,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]" "id:1221,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))" "id:1222,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)[sv&)<>|]" "id:1223,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:a(?:ddgroup|xel)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:g(?:passwd|rp)|pass|sh)|lang++|oproc|ron)|d(?:iff[sv&)<>|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[sv&)<>|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|erl5?|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[sv&)<>|])|tar(?:diff|grep)?|wd.db|ython[2-3])|r(?:(?:bas|ealpat)h|m(?:dir[sv&)<>|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h.distri|pwd.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[sv&)<>|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:c(?:at|mp)|diff|[e-f]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))" "id:1224,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "!@rx [0-9]s*'s*[0-9]" "id:1225,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx !-d" "id:1226,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@pmFromFile unix-shell.data" "id:1227,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ^(s*)s+{" "id:1228,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ^(s*)s+{" "id:1229,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ba["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?sb[sv]+[!-"%',0-9@-Z_a-z]+=[^sv]" "id:1230,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@pmFromFile restricted-upload.data" "id:1231,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:c["^]*c["^]*c["^]*h["^]*e["^]*c["^]*k["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e|d["^]*(?:p["^]*l["^]*u["^]*s|v["^]*p["^]*a["^]*c["^]*k)|(?:g["^]*e["^]*n["^]*t["^]*e["^]*x["^]*e["^]*c["^]*u["^]*t["^]*o|s["^]*p["^]*n["^]*e["^]*t["^]*_["^]*c["^]*o["^]*m["^]*p["^]*i["^]*l["^]*e)["^]*r|p["^]*p["^]*(?:i["^]*n["^]*s["^]*t["^]*a["^]*l["^]*l["^]*e["^]*r|v["^]*l["^]*p)|t["^]*(?:[sv,.-/;-<>].*|b["^]*r["^]*o["^]*k["^]*e["^]*r))|b["^]*(?:a["^]*s["^]*h|g["^]*i["^]*n["^]*f["^]*o|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:d["^]*b|e["^]*r["^]*t["^]*(?:o["^]*c|r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|l["^]*_["^]*(?:i["^]*n["^]*v["^]*o["^]*c["^]*a["^]*t["^]*i["^]*o["^]*n|l["^]*o["^]*a["^]*d["^]*a["^]*s["^]*s["^]*e["^]*m["^]*b["^]*l["^]*y|m["^]*u["^]*t["^]*e["^]*x["^]*v["^]*e["^]*r["^]*i["^]*f["^]*i["^]*e["^]*r["^]*s)|m["^]*(?:d(?:["^]*(?:k["^]*e["^]*y|l["^]*3["^]*2))?|s["^]*t["^]*p)|o["^]*(?:m["^]*s["^]*v["^]*c["^]*s|n["^]*(?:f["^]*i["^]*g["^]*s["^]*e["^]*c["^]*u["^]*r["^]*i["^]*t["^]*y["^]*p["^]*o["^]*l["^]*i["^]*c["^]*y|h["^]*o["^]*s["^]*t|t["^]*r["^]*o["^]*l)|r["^]*e["^]*g["^]*e["^]*n)|r["^]*e["^]*a["^]*t["^]*e["^]*d["^]*u["^]*m["^]*p|s["^]*(?:c(?:["^]*r["^]*i["^]*p["^]*t)?|i)|u["^]*s["^]*t["^]*o["^]*m["^]*s["^]*h["^]*e["^]*l["^]*l["^]*h["^]*o["^]*s["^]*t)|d["^]*(?:a["^]*t["^]*a["^]*s["^]*v["^]*c["^]*u["^]*t["^]*i["^]*l|e["^]*(?:f["^]*a["^]*u["^]*l["^]*t["^]*p["^]*a["^]*c["^]*k|s["^]*k(?:["^]*t["^]*o["^]*p["^]*i["^]*m["^]*g["^]*d["^]*o["^]*w["^]*n["^]*l["^]*d["^]*r)?|v["^]*(?:i["^]*c["^]*e["^]*c["^]*r["^]*e["^]*d["^]*e["^]*n["^]*t["^]*i["^]*a["^]*l["^]*d["^]*e["^]*p["^]*l["^]*o["^]*y["^]*m["^]*e["^]*n["^]*t|t["^]*o["^]*o["^]*l["^]*s["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r))|f["^]*s["^]*(?:h["^]*i["^]*m|v["^]*c)|i["^]*(?:a["^]*n["^]*t["^]*z|s["^]*k["^]*s["^]*h["^]*a["^]*d["^]*o["^]*w)|n["^]*(?:s["^]*c["^]*m["^]*d|x)|o["^]*t["^]*n["^]*e["^]*t|u["^]*m["^]*p["^]*6["^]*4|x["^]*c["^]*a["^]*p)|e["^]*(?:s["^]*e["^]*n["^]*t["^]*u["^]*t["^]*l|v["^]*e["^]*n["^]*t["^]*v["^]*w["^]*r|x["^]*(?:c["^]*e["^]*l|p["^]*(?:a["^]*n["^]*d|l["^]*o["^]*r["^]*e["^]*r)|t["^]*(?:e["^]*x["^]*p["^]*o["^]*r["^]*t|r["^]*a["^]*c["^]*3["^]*2)))|f["^]*(?:i["^]*n["^]*(?:d["^]*s["^]*t|g["^]*e)["^]*r|l["^]*t["^]*m["^]*c|o["^]*r["^]*f["^]*i["^]*l["^]*e["^]*s|s["^]*(?:i(?:["^]*a["^]*n["^]*y["^]*c["^]*p["^]*u)?|u["^]*t["^]*i["^]*l)|t["^]*p)|g["^]*(?:f["^]*x["^]*d["^]*o["^]*w["^]*n["^]*l["^]*o["^]*a["^]*d["^]*w["^]*r["^]*a["^]*p["^]*p["^]*e["^]*r|p["^]*s["^]*c["^]*r["^]*i["^]*p["^]*t)|h["^]*h|i["^]*(?:e["^]*(?:4["^]*u["^]*i["^]*n["^]*i["^]*t|a["^]*d["^]*v["^]*p["^]*a["^]*c["^]*k|e["^]*x["^]*e["^]*c|f["^]*r["^]*a["^]*m["^]*e)|l["^]*a["^]*s["^]*m|m["^]*e["^]*w["^]*d["^]*b["^]*l["^]*d|n["^]*(?:f["^]*d["^]*e["^]*f["^]*a["^]*u["^]*l["^]*t["^]*i["^]*n["^]*s["^]*t["^]*a["^]*l|s["^]*t["^]*a["^]*l["^]*l["^]*u["^]*t["^]*i)["^]*l)|j["^]*s["^]*c|l["^]*(?:a["^]*u["^]*n["^]*c["^]*h["^]*-["^]*v["^]*s["^]*d["^]*e["^]*v["^]*s["^]*h["^]*e["^]*l["^]*l|d["^]*i["^]*f["^]*d["^]*e)|m["^]*(?:a["^]*(?:k["^]*e["^]*c["^]*a["^]*b|n["^]*a["^]*g["^]*e["^]*-["^]*b["^]*d["^]*e|v["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t)|f["^]*t["^]*r["^]*a["^]*c["^]*e|i["^]*c["^]*r["^]*o["^]*s["^]*o["^]*f["^]*t|m["^]*c|p["^]*c["^]*m["^]*d["^]*r["^]*u["^]*n|s["^]*(?:(?:b["^]*u["^]*i["^]*l|o["^]*h["^]*t["^]*m["^]*e)["^]*d|c["^]*o["^]*n["^]*f["^]*i["^]*g|d["^]*(?:e["^]*p["^]*l["^]*o["^]*y|t)|h["^]*t["^]*(?:a|m["^]*l)|i["^]*e["^]*x["^]*e["^]*c|p["^]*u["^]*b|x["^]*s["^]*l))|n["^]*(?:e["^]*t["^]*s["^]*h|t["^]*d["^]*s["^]*u["^]*t["^]*i["^]*l)|o["^]*(?:d["^]*b["^]*c["^]*c["^]*o["^]*n["^]*f|f["^]*f["^]*l["^]*i["^]*n["^]*e["^]*s["^]*c["^]*a["^]*n["^]*n["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l|n["^]*e["^]*d["^]*r["^]*i["^]*v["^]*e["^]*s["^]*t["^]*a["^]*n["^]*d["^]*a["^]*l["^]*o["^]*n["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t["^]*e["^]*r|p["^]*e["^]*n["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e)|p["^]*(?:c["^]*(?:a["^]*l["^]*u["^]*a|w["^]*(?:r["^]*u["^]*n|u["^]*t["^]*l))|(?:e["^]*s["^]*t["^]*e|s)["^]*r|(?:k["^]*t["^]*m["^]*o|u["^]*b["^]*p["^]*r)["^]*n|n["^]*p["^]*u["^]*t["^]*i["^]*l|o["^]*w["^]*e["^]*r["^]*p["^]*n["^]*t|r["^]*(?:e["^]*s["^]*e["^]*n["^]*t["^]*a["^]*t["^]*i["^]*o["^]*n["^]*h["^]*o["^]*s["^]*t|i["^]*n["^]*t(?:["^]*b["^]*r["^]*m)?|o["^]*(?:c["^]*d["^]*u["^]*m["^]*p|t["^]*o["^]*c["^]*o["^]*l["^]*h["^]*a["^]*n["^]*d["^]*l["^]*e["^]*r)))|r["^]*(?:a["^]*s["^]*a["^]*u["^]*t["^]*o["^]*u|c["^]*s["^]*i|(?:d["^]*r["^]*l["^]*e["^]*a["^]*k["^]*d["^]*i["^]*a|p["^]*c["^]*p["^]*i["^]*n)["^]*g|e["^]*(?:g(?:["^]*(?:a["^]*s["^]*m|e["^]*d["^]*i["^]*t|i["^]*(?:n["^]*i|s["^]*t["^]*e["^]*r["^]*-["^]*c["^]*i["^]*m["^]*p["^]*r["^]*o["^]*v["^]*i["^]*d["^]*e["^]*r)|s["^]*v["^]*(?:c["^]*s|r["^]*3["^]*2)))?|(?:m["^]*o["^]*t|p["^]*l["^]*a["^]*c)["^]*e)|u["^]*n["^]*(?:d["^]*l["^]*l["^]*3["^]*2|(?:e["^]*x["^]*e|s["^]*c["^]*r["^]*i["^]*p["^]*t)["^]*h["^]*e["^]*l["^]*p["^]*e["^]*r|o["^]*n["^]*c["^]*e))|s["^]*(?:c["^]*(?:[sv,.-/;-<>].*|h["^]*t["^]*a["^]*s["^]*k["^]*s|r["^]*i["^]*p["^]*t["^]*r["^]*u["^]*n["^]*n["^]*e["^]*r)|e["^]*t["^]*(?:r["^]*e["^]*s|t["^]*i["^]*n["^]*g["^]*s["^]*y["^]*n["^]*c["^]*h["^]*o["^]*s["^]*t|u["^]*p["^]*a["^]*p["^]*i)|h["^]*(?:d["^]*o["^]*c["^]*v["^]*w|e["^]*l["^]*l["^]*3["^]*2)|q["^]*(?:l["^]*(?:d["^]*u["^]*m["^]*p["^]*e["^]*r|(?:t["^]*o["^]*o["^]*l["^]*s["^]*)?p["^]*s)|u["^]*i["^]*r["^]*r["^]*e["^]*l)|s["^]*h|t["^]*o["^]*r["^]*d["^]*i["^]*a["^]*g|y["^]*(?:n["^]*c["^]*a["^]*p["^]*p["^]*v["^]*p["^]*u["^]*b["^]*l["^]*i["^]*s["^]*h["^]*i["^]*n["^]*g["^]*s["^]*e["^]*r["^]*v["^]*e["^]*r|s["^]*s["^]*e["^]*t["^]*u["^]*p))|t["^]*(?:e["^]*[sv,.-/;-<>].*|r["^]*a["^]*c["^]*k["^]*e["^]*r|t["^]*(?:d["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t|t["^]*r["^]*a["^]*c["^]*e["^]*r))|u["^]*(?:n["^]*r["^]*e["^]*g["^]*m["^]*p["^]*2|p["^]*d["^]*a["^]*t["^]*e|r["^]*l|t["^]*i["^]*l["^]*i["^]*t["^]*y["^]*f["^]*u["^]*n["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s)|v["^]*(?:b["^]*c|e["^]*r["^]*c["^]*l["^]*s["^]*i["^]*d|i["^]*s["^]*u["^]*a["^]*l["^]*u["^]*i["^]*a["^]*v["^]*e["^]*r["^]*i["^]*f["^]*y["^]*n["^]*a["^]*t["^]*i["^]*v["^]*e|s["^]*(?:i["^]*i["^]*s["^]*e["^]*x["^]*e["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h|j["^]*i["^]*t["^]*d["^]*e["^]*b["^]*u["^]*g["^]*g)["^]*e["^]*r)|w["^]*(?:a["^]*b|(?:f|m["^]*i)["^]*c|i["^]*n["^]*(?:g["^]*e["^]*t|r["^]*m|w["^]*o["^]*r["^]*d)|l["^]*r["^]*m["^]*d["^]*r|o["^]*r["^]*k["^]*f["^]*o["^]*l["^]*d["^]*e["^]*r["^]*s|s["^]*(?:(?:c["^]*r["^]*i["^]*p|r["^]*e["^]*s["^]*e)["^]*t|l)|t["^]*[sv,.-/;-<>].*|u["^]*a["^]*u["^]*c["^]*l["^]*t)|x["^]*w["^]*i["^]*z["^]*a["^]*r["^]*d|z["^]*i["^]*p["^]*f["^]*l["^]*d["^]*r)(?:.["^]*[0-9A-Z_a-z]+)?b" "id:1232,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:s["^]*s["^]*o["^]*c|t["^]*(?:m["^]*a["^]*d["^]*m|t["^]*r["^]*i["^]*b)|u["^]*(?:d["^]*i["^]*t["^]*p["^]*o["^]*l|t["^]*o["^]*(?:c["^]*(?:h["^]*k|o["^]*n["^]*v)|(?:f["^]*m|m["^]*o["^]*u["^]*n)["^]*t)))|b["^]*(?:c["^]*d["^]*(?:b["^]*o["^]*o|e["^]*d["^]*i)["^]*t|(?:d["^]*e["^]*h["^]*d|o["^]*o["^]*t)["^]*c["^]*f["^]*g|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:a["^]*c["^]*l["^]*s|e["^]*r["^]*t["^]*(?:r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|h["^]*(?:c["^]*p|d["^]*i["^]*r|g["^]*(?:l["^]*o["^]*g["^]*o["^]*n|p["^]*o["^]*r["^]*t|u["^]*s["^]*r)|k["^]*(?:d["^]*s["^]*k|n["^]*t["^]*f["^]*s))|l["^]*e["^]*a["^]*n["^]*m["^]*g["^]*r|m["^]*(?:d(?:["^]*k["^]*e["^]*y)?|s["^]*t["^]*p)|s["^]*c["^]*r["^]*i["^]*p["^]*t)|d["^]*(?:c["^]*(?:d["^]*i["^]*a["^]*g|g["^]*p["^]*o["^]*f["^]*i["^]*x)|e["^]*(?:f["^]*r["^]*a["^]*g|l)|f["^]*s["^]*(?:d["^]*i["^]*a|r["^]*m["^]*i)["^]*g|i["^]*(?:a["^]*n["^]*t["^]*z|r|s["^]*(?:k["^]*(?:c["^]*o["^]*(?:m["^]*p|p["^]*y)|p["^]*(?:a["^]*r["^]*t|e["^]*r["^]*f)|r["^]*a["^]*i["^]*d|s["^]*h["^]*a["^]*d["^]*o["^]*w)|p["^]*d["^]*i["^]*a["^]*g))|n["^]*s["^]*c["^]*m["^]*d|(?:o["^]*s["^]*k["^]*e|r["^]*i["^]*v["^]*e["^]*r["^]*q["^]*u["^]*e["^]*r)["^]*y)|e["^]*(?:n["^]*d["^]*l["^]*o["^]*c["^]*a["^]*l|v["^]*e["^]*n["^]*t["^]*c["^]*r["^]*e["^]*a["^]*t["^]*e)|E["^]*v["^]*n["^]*t["^]*c["^]*m["^]*d|f["^]*(?:c|i["^]*(?:l["^]*e["^]*s["^]*y["^]*s["^]*t["^]*e["^]*m["^]*s|n["^]*d["^]*s["^]*t["^]*r)|l["^]*a["^]*t["^]*t["^]*e["^]*m["^]*p|o["^]*r(?:["^]*f["^]*i["^]*l["^]*e["^]*s)?|r["^]*e["^]*e["^]*d["^]*i["^]*s["^]*k|s["^]*u["^]*t["^]*i["^]*l|(?:t["^]*y["^]*p|v["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t)["^]*e)|g["^]*(?:e["^]*t["^]*(?:m["^]*a["^]*c|t["^]*y["^]*p["^]*e)|o["^]*t["^]*o|p["^]*(?:f["^]*i["^]*x["^]*u["^]*p|(?:r["^]*e["^]*s["^]*u["^]*l["^]*)?t|u["^]*p["^]*d["^]*a["^]*t["^]*e)|r["^]*a["^]*f["^]*t["^]*a["^]*b["^]*l)|h["^]*(?:e["^]*l["^]*p["^]*c["^]*t["^]*r|o["^]*s["^]*t["^]*n["^]*a["^]*m["^]*e)|i["^]*(?:c["^]*a["^]*c["^]*l["^]*s|f|p["^]*(?:c["^]*o["^]*n["^]*f["^]*i["^]*g|x["^]*r["^]*o["^]*u["^]*t["^]*e)|r["^]*f["^]*t["^]*p)|j["^]*e["^]*t["^]*p["^]*a["^]*c["^]*k|k["^]*(?:l["^]*i["^]*s["^]*t|s["^]*e["^]*t["^]*u["^]*p|t["^]*(?:m["^]*u["^]*t["^]*i["^]*l|p["^]*a["^]*s["^]*s))|l["^]*(?:o["^]*(?:d["^]*c["^]*t["^]*r|g["^]*(?:m["^]*a["^]*n|o["^]*f["^]*f))|p["^]*[q-r])|m["^]*(?:a["^]*(?:c["^]*f["^]*i["^]*l["^]*e|k["^]*e["^]*c["^]*a["^]*b|p["^]*a["^]*d["^]*m["^]*i["^]*n)|k["^]*(?:d["^]*i["^]*r|l["^]*i["^]*n["^]*k)|m["^]*c|o["^]*u["^]*n["^]*t["^]*v["^]*o["^]*l|q["^]*(?:b["^]*k["^]*u["^]*p|(?:t["^]*g["^]*)?s["^]*v["^]*c)|s["^]*(?:d["^]*t|i["^]*(?:e["^]*x["^]*e["^]*c|n["^]*f["^]*o["^]*3["^]*2)|t["^]*s["^]*c))|n["^]*(?:b["^]*t["^]*s["^]*t["^]*a["^]*t|e["^]*t["^]*(?:c["^]*f["^]*g|d["^]*o["^]*m|s["^]*(?:h|t["^]*a["^]*t))|f["^]*s["^]*(?:a["^]*d["^]*m["^]*i["^]*n|s["^]*(?:h["^]*a["^]*r["^]*e|t["^]*a["^]*t))|l["^]*(?:b["^]*m["^]*g["^]*r|t["^]*e["^]*s["^]*t)|s["^]*l["^]*o["^]*o["^]*k["^]*u["^]*p|t["^]*(?:b["^]*a["^]*c["^]*k["^]*u["^]*p|c["^]*m["^]*d["^]*p["^]*r["^]*o["^]*m["^]*p["^]*t|f["^]*r["^]*s["^]*u["^]*t["^]*l))|o["^]*(?:f["^]*f["^]*l["^]*i["^]*n["^]*e|p["^]*e["^]*n["^]*f["^]*i["^]*l["^]*e["^]*s)|p["^]*(?:a["^]*(?:g["^]*e["^]*f["^]*i["^]*l["^]*e["^]*c["^]*o["^]*n["^]*f["^]*i|t["^]*h["^]*p["^]*i["^]*n)["^]*g|(?:b["^]*a["^]*d["^]*m["^]*i|k["^]*t["^]*m["^]*o)["^]*n|e["^]*(?:n["^]*t["^]*n["^]*t|r["^]*f["^]*m["^]*o["^]*n)|n["^]*p["^]*u["^]*(?:n["^]*a["^]*t["^]*t["^]*e["^]*n["^]*d|t["^]*i["^]*l)|o["^]*(?:p["^]*d|w["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l)|r["^]*n["^]*(?:c["^]*n["^]*f["^]*g|(?:d["^]*r["^]*v|m["^]*n["^]*g)["^]*r|j["^]*o["^]*b["^]*s|p["^]*o["^]*r["^]*t|q["^]*c["^]*t["^]*l)|u["^]*(?:b["^]*p["^]*r["^]*n|s["^]*h["^]*(?:d|p["^]*r["^]*i["^]*n["^]*t["^]*e["^]*r["^]*c["^]*o["^]*n["^]*n["^]*e["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s))|w["^]*(?:l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r|s["^]*h))|q["^]*(?:a["^]*p["^]*p["^]*s["^]*r["^]*v|p["^]*r["^]*o["^]*c["^]*e["^]*s["^]*s|u["^]*s["^]*e["^]*r|w["^]*i["^]*n["^]*s["^]*t["^]*a)|r["^]*(?:d(?:["^]*p["^]*s["^]*i["^]*g["^]*n)?|e["^]*(?:f["^]*s["^]*u["^]*t["^]*i["^]*l|g(?:["^]*(?:i["^]*n["^]*i|s["^]*v["^]*r["^]*3["^]*2))?|l["^]*o["^]*g|(?:(?:p["^]*a["^]*d["^]*m["^]*i|s["^]*c["^]*a)["^]*)?n|x["^]*e["^]*c)|i["^]*s["^]*e["^]*t["^]*u["^]*p|m["^]*d["^]*i["^]*r|o["^]*b["^]*o["^]*c["^]*o["^]*p["^]*y|p["^]*c["^]*(?:i["^]*n["^]*f["^]*o|p["^]*i["^]*n["^]*g)|s["^]*h|u["^]*n["^]*d["^]*l["^]*l["^]*3["^]*2|w["^]*i["^]*n["^]*s["^]*t["^]*a)|s["^]*(?:a["^]*n|c["^]*(?:h["^]*t["^]*a["^]*s["^]*k["^]*s|w["^]*c["^]*m["^]*d)|e["^]*(?:c["^]*e["^]*d["^]*i["^]*t|r["^]*v["^]*e["^]*r["^]*(?:(?:c["^]*e["^]*i["^]*p|w["^]*e["^]*r)["^]*o["^]*p["^]*t["^]*i["^]*n|m["^]*a["^]*n["^]*a["^]*g["^]*e["^]*r["^]*c["^]*m["^]*d)|t["^]*x)|f["^]*c|(?:h["^]*o["^]*w["^]*m["^]*o["^]*u["^]*n|u["^]*b["^]*s)["^]*t|x["^]*s["^]*t["^]*r["^]*a["^]*c["^]*e|y["^]*s["^]*(?:o["^]*c["^]*m["^]*g["^]*r|t["^]*e["^]*m["^]*i["^]*n["^]*f["^]*o))|t["^]*(?:a["^]*(?:k["^]*e["^]*o["^]*w["^]*n|p["^]*i["^]*c["^]*f["^]*g|s["^]*k["^]*(?:k["^]*i["^]*l["^]*l|l["^]*i["^]*s["^]*t))|(?:c["^]*m["^]*s["^]*e["^]*t["^]*u|f["^]*t)["^]*p|(?:(?:e["^]*l["^]*n["^]*e|i["^]*m["^]*e["^]*o["^]*u)["^]*|r["^]*a["^]*c["^]*e["^]*r["^]*(?:p["^]*)?)t|l["^]*n["^]*t["^]*a["^]*d["^]*m["^]*n|p["^]*m["^]*(?:t["^]*o["^]*o["^]*l|v["^]*s["^]*c["^]*m["^]*g["^]*r)|s["^]*(?:(?:d["^]*i["^]*s["^]*)?c["^]*o["^]*n|e["^]*c["^]*i["^]*m["^]*p|k["^]*i["^]*l["^]*l|p["^]*r["^]*o["^]*f)|y["^]*p["^]*e["^]*p["^]*e["^]*r["^]*f|z["^]*u["^]*t["^]*i["^]*l)|u["^]*n["^]*(?:e["^]*x["^]*p["^]*o["^]*s["^]*e|i["^]*q["^]*u["^]*e["^]*i["^]*d|l["^]*o["^]*d["^]*c["^]*t["^]*r)|v["^]*(?:o["^]*l|s["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|w["^]*(?:a["^]*i["^]*t["^]*f["^]*o["^]*r|b["^]*a["^]*d["^]*m["^]*i["^]*n|(?:d["^]*s|e["^]*(?:c|v["^]*t))["^]*u["^]*t["^]*i["^]*l|h["^]*(?:e["^]*r["^]*e|o["^]*a["^]*m["^]*i)|i["^]*n["^]*(?:n["^]*t(?:["^]*3["^]*2)?|r["^]*s)|m["^]*i["^]*c|s["^]*c["^]*r["^]*i["^]*p["^]*t)|x["^]*c["^]*o["^]*p["^]*y)(?:.["^]*[0-9A-Z_a-z]+)?b" "id:1233,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1234,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1235,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*.[sv].*b" "id:1236,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?:$(?:((?:(.*)|.*))|{.*})|[<>](.*)|[!?.+])" "id:1237,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]" "id:1238,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx /" "id:1239,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx s" "id:1240,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))" "id:1241,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx /" "id:1242,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx s" "id:1243,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])" "id:1244,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx /" "id:1245,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx s" "id:1246,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i).|(?:[sv]*|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|G["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?E["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?T|a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:b|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?t|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[jp])?|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ks])|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[8-9]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?9|[au]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|c|(?:m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dfu]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[gr])|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[bdx]|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|q["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[c-dgi]|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[chr]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|o|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dp]|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b)|j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|q)|k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)?|[nps]|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|v)|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[cl]|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|o["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[at]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?x|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|f|(?:k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?g|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cp]|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?y)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dv]|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dt]|[g-hu]|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cr]|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l|[co]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ex]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|l)|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|c)|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|z)|y["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h))" "id:1247,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)[-0-9_a-z]+(?:["'[-]]+|$+[!#*-0-9?-@x5c_a-{]+|``|[$<>]())[sv]*[-0-9_a-z]+" "id:1248,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "!@rx [0-9]s*'s*[0-9]" "id:1249,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx ;[sv]*.[sv]*["']?(?:a(?:rchive|uth)|b(?:a(?:ckup|il)|inary)|c(?:d|h(?:anges|eck)|lone|onnection)|d(?:atabases|b(?:config|info)|ump)|e(?:cho|qp|x(?:cel|it|p(?:ert|lain)))|f(?:ilectrl|ullschema)|he(?:aders|lp)|i(?:mpo(?:rt|ster)|ndexes|otrace)|l(?:i(?:mi|n)t|o(?:ad|g))|(?:mod|n(?:onc|ullvalu)|unmodul)e|o(?:nce|pen|utput)|p(?:arameter|r(?:int|o(?:gress|mpt)))|quit|re(?:ad|cover|store)|s(?:ave|c(?:anstats|hema)|e(?:lftest|parator|ssion)|h(?:a3sum|ell|ow)?|tats|ystem)|t(?:ables|estc(?:ase|trl)|ime(?:out|r)|race)|vfs(?:info|list|name)|width)" "id:1250,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)" "id:1251,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:["-#%-&*--9A-Zx5c_a-z]+)?(?: ([ x5ca-z]+))?(?: "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [+-][0-9]{4}"?)? {[0-9]{1,20}+?}|UTHENTICATE [-0-9_a-z]{1,20}rn)|L(?:SUB (?:["-#*.-9A-Z_a-z~]+)? (?:["%-&*.-9A-Zx5c_a-z]+)?|ISTRIGHTS (?:["%-&*--9A-Zx5c_a-z]+)?)|S(?:TATUS (?:["%-&*--9A-Zx5c_a-z]+)? ((?:U(?:NSEEN|IDNEXT)|MESSAGES|UIDVALIDITY|RECENT| )+)|ETACL (?:["%-&*--9A-Zx5c_a-z]+)? [+-][ac-eik-lpr-tw-x]+?)|UID (?:COPY|FETCH|STORE) (?:[*,0-:]+)?|(?:(?:DELETE|GET)ACL|MYRIGHTS) (?:["%-&*--9A-Zx5c_a-z]+)?)" "id:1252,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))" "id:1253,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|an|io|ulimit)|s(?:h|plit|vtool)|u(?:(?:t|rl)[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|inks|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[^sv])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash|nap)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:3m|c|a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))" "id:1254,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:c|a(?:ll|tch)[sv&)<>|]|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))" "id:1255,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@pmFromFile unix-shell.data" "id:1256,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1257,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1258,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))b" "id:1259,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))b" "id:1260,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))" "id:1261,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)" "id:1262,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)" "id:1263,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) ["-#%-&*--9A-Zx5c_a-z]+|APABILITY|HECK|LOSE)|DELETE ["-#%-&*--.0-9A-Zx5c_a-z]+|EX(?:AMINE ["-#%-&*--.0-9A-Zx5c_a-z]+|PUNGE)|FETCH [*,0-:]+|L(?:IST ["-#*--9A-Zx5c_a-z~]+? ["-#%-&*--9A-Zx5c_a-z]+|OG(?:IN [--.0-9@_a-z]{1,40} .*?|OUT))|RENAME ["-#%-&*--9A-Zx5c_a-z]+? ["-#%-&*--9A-Zx5c_a-z]+|S(?:E(?:LECT ["-#%-&*--9A-Zx5c_a-z]+|ARCH(?: CHARSET [--.0-9A-Z_a-z]{1,40})? (?:(KEYWORD x5c)?(?:A(?:LL|NSWERED)|BCC|D(?:ELETED|RAFT)|(?:FLAGGE|OL)D|RECENT|SEEN|UN(?:(?:ANSWER|FLAGG)ED|D(?:ELETED|RAFT)|SEEN)|NEW)|(?:BODY|CC|FROM|HEADER .{1,100}|NOT|OR .{1,255}|T(?:EXT|O)) .{1,255}|LARGER [0-9]{1,20}|[*,0-:]+|(?:BEFORE|ON|S(?:ENT(?:(?:BEFOR|SINC)E|ON)|INCE)) "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4}"?|S(?:MALLER [0-9]{1,20}|UBJECT .{1,255})|U(?:ID [*,0-:]+?|NKEYWORD x5c(Seen|(?:Answer|Flagg)ed|D(?:eleted|raft)|Recent))))|T(?:ORE [*,0-:]+? [+-]?FLAGS(?:.SILENT)? (?:(x5c[a-z]{1,20}))?|ARTTLS)|UBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+)|UN(?:SUBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+|AUTHENTICATE)|NOOP)" "id:1264,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)" "id:1265,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@rx !(?:d|!)" "id:1266,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1267,phase:1,deny,status:403,log,msg:'rce attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1268,phase:1,deny,status:403,log,msg:'rce attack detected'"
diff --git a/waf_patterns/apache/rfi.conf b/waf_patterns/apache/rfi.conf
index 4028c5e..e35ec64 100644
--- a/waf_patterns/apache/rfi.conf
+++ b/waf_patterns/apache/rfi.conf
@@ -1,18 +1,18 @@
 # Apache ModSecurity rules for RFI
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@rx ^(?i:file|ftps?|https?).*??+$" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "!@endsWith .%{request_headers.host}" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "!@endsWith .%{request_headers.host}" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1200,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1201,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})" "id:1202,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://" "id:1203,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@rx ^(?i:file|ftps?|https?).*??+$" "id:1204,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1205,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1206,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)" "id:1207,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "!@endsWith .%{request_headers.host}" "id:1208,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)" "id:1209,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "!@endsWith .%{request_headers.host}" "id:1210,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1211,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1212,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1213,phase:1,deny,status:403,log,msg:'rfi attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1214,phase:1,deny,status:403,log,msg:'rfi attack detected'"
diff --git a/waf_patterns/apache/shells.conf b/waf_patterns/apache/shells.conf
index d726852..67f3101 100644
--- a/waf_patterns/apache/shells.conf
+++ b/waf_patterns/apache/shells.conf
@@ -1,37 +1,37 @@
 # Apache ModSecurity rules for SHELLS
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@pmFromFile web-shells-php.data" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>Mini Shell</title>.*Developed By LameHacker" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>Symlink_Sa [0-9.]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>CasuS [0-9.]+ by MafiABoY</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>lama's'hell v. [0-9.]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html>n<head>n<div align="left"><font size="1">Input command :</font></div>n<form name="cmd" method="POST" enctype="multipart/form-data">" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html>n<head>n<title>Ru24PostWebShell -" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html>rn<head>rn<meta http-equiv="Content-Type" content="text/html; charset=gb2312">rn<title>PhpSpy Ver [0-9]+</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@contains <title>punkholicshell</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@contains <h1 style="margin-bottom: 0">webadmin.php</h1>" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1566,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1567,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@pmFromFile web-shells-php.data" "id:1568,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)" "id:1569,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>" "id:1570,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>" "id:1571,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <title>Mini Shell</title>.*Developed By LameHacker" "id:1572,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>" "id:1573,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <title>Symlink_Sa [0-9.]+</title>" "id:1574,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <title>CasuS [0-9.]+ by MafiABoY</title>" "id:1575,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+" "id:1576,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$" "id:1577,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -" "id:1578,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>" "id:1579,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <title>lama's'hell v. [0-9.]+</title>" "id:1580,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -" "id:1581,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->" "id:1582,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html>n<head>n<div align="left"><font size="1">Input command :</font></div>n<form name="cmd" method="POST" enctype="multipart/form-data">" "id:1583,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html>n<head>n<title>Ru24PostWebShell -" "id:1584,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>" "id:1585,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html>rn<head>rn<meta http-equiv="Content-Type" content="text/html; charset=gb2312">rn<title>PhpSpy Ver [0-9]+</title>" "id:1586,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+" "id:1587,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@contains <title>punkholicshell</title>" "id:1588,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>" "id:1589,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=" "id:1590,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>" "id:1591,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>" "id:1592,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1593,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1594,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@contains <h1 style="margin-bottom: 0">webadmin.php</h1>" "id:1595,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1596,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1597,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1598,phase:1,deny,status:403,log,msg:'shells attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1599,phase:1,deny,status:403,log,msg:'shells attack detected'"
diff --git a/waf_patterns/apache/sql.conf b/waf_patterns/apache/sql.conf
index 83a7e8f..3017468 100644
--- a/waf_patterns/apache/sql.conf
+++ b/waf_patterns/apache/sql.conf
@@ -1,28 +1,28 @@
 # Apache ModSecurity rules for SQL
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "!@pmFromFile sql-errors.data" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)Dynamic SQL Error" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)Exception (?:condition )?d+. Transaction rollback." "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)org.hsqldb.jdbc" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1506,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1507,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "!@pmFromFile sql-errors.data" "id:1508,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])" "id:1509,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)" "id:1510,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()" "id:1511,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)" "id:1512,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)Dynamic SQL Error" "id:1513,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)Exception (?:condition )?d+. Transaction rollback." "id:1514,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)org.hsqldb.jdbc" "id:1515,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)" "id:1516,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)" "id:1517,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)" "id:1518,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" "id:1519,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)" "id:1520,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):" "id:1521,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er" "id:1522,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)" "id:1523,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)" "id:1524,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1525,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1526,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1527,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1528,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1529,phase:1,deny,status:403,log,msg:'sql attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1530,phase:1,deny,status:403,log,msg:'sql attack detected'"
diff --git a/waf_patterns/apache/sqli.conf b/waf_patterns/apache/sqli.conf
index ba43c0a..a877e37 100644
--- a/waf_patterns/apache/sqli.conf
+++ b/waf_patterns/apache/sqli.conf
@@ -1,76 +1,76 @@
 # Apache ModSecurity rules for SQLI
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@detectSQLi" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)["'`](?:[sv]*![sv]*["'0-9A-Z_-z]|;?[sv]*(?:having|select|unionb[sv]*(?:all|(?:distin|sele)ct))b[sv]*[^sv])|b(?:(?:(?:c(?:onnection_id|urrent_user)|database|schema|user)[sv]*?|select.*?[0-9A-Z_a-z]?user)(|exec(?:ute)?[sv]+master.|from[^0-9A-Z_a-z]+information_schema[^0-9A-Z_a-z]|into[sv+]+(?:dump|out)file[sv]*?["'`]|union(?:[sv]select[sv]@|[sv(0-9A-Z_a-z]*?select))|[sv]*?exec(?:ute)?.*?[^0-9A-Z_a-z]xp_cmdshell|[^0-9A-Z_a-z]iif[sv]*?(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|["'`](?:;*?[sv]*?waitfor[sv]+(?:time|delay)[sv]+["'`]|;.*?:[sv]*?goto)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i:merge.*?usings*?(|executes*?immediates*?["'`]|matchs*?[w(),+-]+s*?againsts*?()" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)union.*?select.*?from" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?["'`]+[sv]?[0-9]|;[sv]*?shutdown[sv]*?(?:[#;{]|/*|--)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|["'0-9A-Z_-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:(?:(?:(?:cre|trunc)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]+[0-9A-Z_a-z]+|u(?:pdate[sv]+[0-9A-Z_a-z]+|nion[sv]*(?:all|(?:sele|distin)ct)b)|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject))b)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i:/*[!+](?:[ws=_-()]+)?*/)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ^(?:[^']*'|[^"]*"|[^`]*`)[sv]*;" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)1.e[(-),]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ["'`][[{].*[]}]["'`].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)["'`][[{].*[]}]["'`]|json_extract.*(.*)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?:^s*["'`;]+|["'`]+s*$)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[sv]*()|r(?:egexp|like)[sv]+binary|not[sv]+between[sv]+(?:0[sv]+and|(?:'[^']*'|"[^"]*")[sv]+and[sv]+(?:'[^']*'|"[^"]*"))|is[sv]+null|like[sv]+(?:null|[0-9A-Z_a-z]+[sv]+escapeb)|(?:^|[^0-9A-Z_a-z])in[sv+]*([sv"0-9]+[^(-)]*)|[!<->]{1,2}[sv]*allb" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:=|<=>|(?:sounds[sv]+)?like|glob|r(?:like|egexp))[sv"'-)`]*?b([0-9A-Z_a-z]+)b" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@streq %{TX.2}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:![<->]|<[=->]?|>=?|^|is[sv]+not|not[sv]+(?:like|r(?:like|egexp)))[sv"'-)`]*?b([0-9A-Z_a-z]+)b" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "!@streq %{TX.2}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:/*)+["'`]+[sv]?(?:--|[#{]|/*)?|["'`](?:[sv]*(?:(?:x?or|and|div|like|between)[sv-0-9A-Z_a-z]+[(-)+--<->][sv]*["'0-9`]|[!=|](?:[sv -!+-0-9=]+.*?["'-(`].*?|[sv -!0-9=]+.*?[0-9]+)$|(?:like|print)[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|;)|(?:[<>~]+|[sv]*[^sv0-9A-Z_a-z]?=[sv]*|[^0-9A-Z_a-z]*?[+=]+[^0-9A-Z_a-z]*?)["'`])|[0-9]["'`][sv]+["'`][sv]+[0-9]|^admin[sv]*?["'`]|[sv"'-(`][sv]*?glob[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|[sv]is[sv]*?0[^0-9A-Z_a-z]|where[sv][sv,-.0-9A-Z_a-z]+[sv]=" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i),.*?["')0-9`-f]["'`](?:["'`].*?["'`]|(?:r?n)?z|[^"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]*?([sv]*?space[sv]*?(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?["'-)=`]|[0-9](?:[sv]*?(?:and|between|div|like|x?or)[sv]*?[0-9]+[sv]*?[+-]|[sv]+group[sv]+by.+()|/[0-9A-Z_a-z]+;?[sv]+(?:and|between|div|having|like|x?or|select)[^0-9A-Z_a-z]|(?:[#;]|--)[sv]*?(?:alter|drop|(?:insert|update)[sv]*?[0-9A-Z_a-z]{2,})|@.+=[sv]*?([sv]*?select|[^0-9A-Z_a-z]SET[sv]*?@[0-9A-Z_a-z]+" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)["'`][sv]*?(?:(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)[sv]+[sv0-9A-Z_a-z]+=[sv]*?[0-9A-Z_a-z]+[sv]*?having[sv]+|like[^0-9A-Z_a-z]*?["'0-9`])|[0-9A-Z_a-z][sv]+like[sv]+["'`]|like[sv]*?["'`]%|select[sv]+?[sv"'-),-.0-9A-[]_-z]+from[sv]+" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|["'`][sv]*?(?:[#{]|--)|/*![sv]?[0-9]+|b(?:(?:binary|cha?r)[sv]*?([sv]*?[0-9]|(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between|r(?:egexp|like))[sv]+[0-9A-Z_a-z]+()|(?:|||&&)[sv]*?[0-9A-Z_a-z]+(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z]["'`][sv]*?(?:(?:[+-=@|]+[sv]+?)+|[+-=@|]+)[(0-9]|@@[0-9A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]|[^0-9A-Z_a-z]!+["'`][0-9A-Z_a-z]|["'`](?:;[sv]*?(?:if|while|begin)|[sv0-9]+=[sv]*?[0-9])|[sv(]+case[0-9]*?[^0-9A-Z_a-z].+[tw]hen[sv(]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)["'`][sv]*?b(?:x?or|div|like|between|and)b[sv]*?["'`]?[0-9]|x5cx(?:2[37]|3d)|^(?:.?["'`]$|["'x5c`]*?(?:["'0-9`]+|[^"'`]+["'`])[sv]*?b(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)b[sv]*?["'0-9A-Z_-z][!&(-)+-.@])|[^sv0-9A-Z_a-z][0-9A-Z_a-z]+[sv]*?[-|][sv]*?["'`][sv]*?[0-9A-Z_a-z]|@(?:[0-9A-Z_a-z]+[sv]+(?:and|x?or|div|like|between)b[sv]*?["'0-9`]+|[-0-9A-Z_a-z]+[sv](?:and|x?or|div|like|between)b[sv]*?[^sv0-9A-Z_a-z])|[^sv0-:A-Z_a-z][sv]*?[0-9][^0-9A-Z_a-z]+[^sv0-9A-Z_a-z][sv]*?["'`].|[^0-9A-Z_a-z]information_schema|table_name[^0-9A-Z_a-z]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?["'`]|[0-9=]+x)|["'`](?:[sv]*?(?:[0-9][sv]*?(?:--|#)|is[sv]*?(?:[0-9].+["'`]?[0-9A-Z_a-z]|[.0-9]+[sv]*?[^0-9A-Z_a-z].*?["'`]))|[%-&<->^]+[0-9][sv]*?(?:=|x?or|div|like|between|and)|(?:[^0-9A-Z_a-z]+[+-0-9A-Z_a-z]+[sv]*?=[sv]*?[0-9][^0-9A-Z_a-z]+||?[-0-9A-Z_a-z]{3,}[^sv,.0-9A-Z_a-z]+)["'`]|[sv]*(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)(?:array[sv]*[|[0-9A-Z_a-z]+(?:[sv]*!?~|[sv]+(?:not[sv]+)?similar[sv]+to[sv]+)|(?:tru|fals)eb))|bexcept[sv]+(?:selectb|values[sv]*?()" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i:^[Wd]+s*?(?:alter|union)b)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|[^A-Z_a-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:create[sv]+[0-9A-Z_a-z]+|(?:d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load|(?:renam|truncat)e|u(?:pdate|nion[sv]*(?:all|(?:sele|distin)ct))|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject)))b)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)["'`](?:[sv]*?(?:(?:*.+(?:x?or|div|like|between|(?:an|i)d)[^0-9A-Z_a-z]*?["'`]|(?:x?or|div|like|between|and)[sv][^0-9]+[-0-9A-Z_a-z]+.*?)[0-9]|[^sv0-9?A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]+[sv]*?["'`]|[^sv0-9A-Z_a-z]+[sv]*?[^A-Z_a-z].*?(?:#|--))|.*?*[sv]*?[0-9])|^["'`]|[%(-+-<>][-0-9A-Z_a-z]+[^sv0-9A-Z_a-z]+["'`][^,]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["'][^=]{1,10}[ "'<-?[]+))|ex(?:ecute(?:(|[sv]{1,5}[$.0-9A-Z_a-z]{1,5}[sv]{0,3})|ists[sv]*?([sv]*?selectb)|(?:create[sv]+?table.{0,20}?|like[^0-9A-Z_a-z]*?char[^0-9A-Z_a-z]*?)()|select.*?case|from.*?limit|order[sv]by|exists[sv](?:[sv]select|s(?:elect[^sv](?:if(?:null)?[sv](|top|concat)|ystem[sv]()|bhavingb[sv]+[0-9]{1,10}|'[^=]{1,10}')" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|["'][^=]{1,10}["'])[sv]?[<->]+|[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|xorb[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|'[sv]+x?or[sv]+.{1,20}[!+-<->]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["'][^=]{1,10}["']) ?[<->]+)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){12})" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i:b0x[a-fd]{3,})" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)["'`][sv]*?(?:(?:is[sv]+not|not[sv]+(?:like|glob|(?:betwee|i)n|null|regexp|match)|mod|div|sounds[sv]+like)b|[%-&*-+-/<->^|])" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^"]*?(?:"[^"]*?"[^"]*?)*?"|[^`]*?(?:`[^`]*?`[^`]*?)*?`)[sv]*([0-9A-Z_a-z]+)b" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ^(?:and|or)$" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ^.*?x5c['"`](?:.*?['"`])?s*(?:and|or)b" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@detectSQLi" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?i)W+d*?s*?bhavingbs*?[^s-]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ["'`][sd]*?[^ws]W*?dW*?.*?["'`d]" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){8})" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){6})" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx W{4}" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx (?:'(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)')" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ';" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){3})" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
-SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){2})" "id:1000,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1357,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1358,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@detectSQLi" "id:1359,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))" "id:1360,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1361,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))" "id:1362,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+" "id:1363,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)["'`](?:[sv]*![sv]*["'0-9A-Z_-z]|;?[sv]*(?:having|select|unionb[sv]*(?:all|(?:distin|sele)ct))b[sv]*[^sv])|b(?:(?:(?:c(?:onnection_id|urrent_user)|database|schema|user)[sv]*?|select.*?[0-9A-Z_a-z]?user)(|exec(?:ute)?[sv]+master.|from[^0-9A-Z_a-z]+information_schema[^0-9A-Z_a-z]|into[sv+]+(?:dump|out)file[sv]*?["'`]|union(?:[sv]select[sv]@|[sv(0-9A-Z_a-z]*?select))|[sv]*?exec(?:ute)?.*?[^0-9A-Z_a-z]xp_cmdshell|[^0-9A-Z_a-z]iif[sv]*?(" "id:1364,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$" "id:1365,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]" "id:1366,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|["'`](?:;*?[sv]*?waitfor[sv]+(?:time|delay)[sv]+["'`]|;.*?:[sv]*?goto)" "id:1367,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i:merge.*?usings*?(|executes*?immediates*?["'`]|matchs*?[w(),+-]+s*?againsts*?()" "id:1368,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)union.*?select.*?from" "id:1369,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?["'`]+[sv]?[0-9]|;[sv]*?shutdown[sv]*?(?:[#;{]|/*|--)" "id:1370,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?" "id:1371,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1372,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}" "id:1373,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|["'0-9A-Z_-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:(?:(?:(?:cre|trunc)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]+[0-9A-Z_a-z]+|u(?:pdate[sv]+[0-9A-Z_a-z]+|nion[sv]*(?:all|(?:sele|distin)ct)b)|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject))b)" "id:1374,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i:/*[!+](?:[ws=_-()]+)?*/)" "id:1375,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ^(?:[^']*'|[^"]*"|[^`]*`)[sv]*;" "id:1376,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)1.e[(-),]" "id:1377,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ["'`][[{].*[]}]["'`].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)["'`][[{].*[]}]["'`]|json_extract.*(.*)" "id:1378,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1379,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1380,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?:^s*["'`;]+|["'`]+s*$)" "id:1381,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[sv]*()|r(?:egexp|like)[sv]+binary|not[sv]+between[sv]+(?:0[sv]+and|(?:'[^']*'|"[^"]*")[sv]+and[sv]+(?:'[^']*'|"[^"]*"))|is[sv]+null|like[sv]+(?:null|[0-9A-Z_a-z]+[sv]+escapeb)|(?:^|[^0-9A-Z_a-z])in[sv+]*([sv"0-9]+[^(-)]*)|[!<->]{1,2}[sv]*allb" "id:1382,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:=|<=>|(?:sounds[sv]+)?like|glob|r(?:like|egexp))[sv"'-)`]*?b([0-9A-Z_a-z]+)b" "id:1383,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@streq %{TX.2}" "id:1384,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:![<->]|<[=->]?|>=?|^|is[sv]+not|not[sv]+(?:like|r(?:like|egexp)))[sv"'-)`]*?b([0-9A-Z_a-z]+)b" "id:1385,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "!@streq %{TX.2}" "id:1386,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*(" "id:1387,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:/*)+["'`]+[sv]?(?:--|[#{]|/*)?|["'`](?:[sv]*(?:(?:x?or|and|div|like|between)[sv-0-9A-Z_a-z]+[(-)+--<->][sv]*["'0-9`]|[!=|](?:[sv -!+-0-9=]+.*?["'-(`].*?|[sv -!0-9=]+.*?[0-9]+)$|(?:like|print)[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|;)|(?:[<>~]+|[sv]*[^sv0-9A-Z_a-z]?=[sv]*|[^0-9A-Z_a-z]*?[+=]+[^0-9A-Z_a-z]*?)["'`])|[0-9]["'`][sv]+["'`][sv]+[0-9]|^admin[sv]*?["'`]|[sv"'-(`][sv]*?glob[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|[sv]is[sv]*?0[^0-9A-Z_a-z]|where[sv][sv,-.0-9A-Z_a-z]+[sv]=" "id:1388,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i),.*?["')0-9`-f]["'`](?:["'`].*?["'`]|(?:r?n)?z|[^"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]*?([sv]*?space[sv]*?(" "id:1389,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?["'-)=`]|[0-9](?:[sv]*?(?:and|between|div|like|x?or)[sv]*?[0-9]+[sv]*?[+-]|[sv]+group[sv]+by.+()|/[0-9A-Z_a-z]+;?[sv]+(?:and|between|div|having|like|x?or|select)[^0-9A-Z_a-z]|(?:[#;]|--)[sv]*?(?:alter|drop|(?:insert|update)[sv]*?[0-9A-Z_a-z]{2,})|@.+=[sv]*?([sv]*?select|[^0-9A-Z_a-z]SET[sv]*?@[0-9A-Z_a-z]+" "id:1390,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)["'`][sv]*?(?:(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)[sv]+[sv0-9A-Z_a-z]+=[sv]*?[0-9A-Z_a-z]+[sv]*?having[sv]+|like[^0-9A-Z_a-z]*?["'0-9`])|[0-9A-Z_a-z][sv]+like[sv]+["'`]|like[sv]*?["'`]%|select[sv]+?[sv"'-),-.0-9A-[]_-z]+from[sv]+" "id:1391,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|["'`][sv]*?(?:[#{]|--)|/*![sv]?[0-9]+|b(?:(?:binary|cha?r)[sv]*?([sv]*?[0-9]|(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between|r(?:egexp|like))[sv]+[0-9A-Z_a-z]+()|(?:|||&&)[sv]*?[0-9A-Z_a-z]+(" "id:1392,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z]["'`][sv]*?(?:(?:[+-=@|]+[sv]+?)+|[+-=@|]+)[(0-9]|@@[0-9A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]|[^0-9A-Z_a-z]!+["'`][0-9A-Z_a-z]|["'`](?:;[sv]*?(?:if|while|begin)|[sv0-9]+=[sv]*?[0-9])|[sv(]+case[0-9]*?[^0-9A-Z_a-z].+[tw]hen[sv(]" "id:1393,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)["'`][sv]*?b(?:x?or|div|like|between|and)b[sv]*?["'`]?[0-9]|x5cx(?:2[37]|3d)|^(?:.?["'`]$|["'x5c`]*?(?:["'0-9`]+|[^"'`]+["'`])[sv]*?b(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)b[sv]*?["'0-9A-Z_-z][!&(-)+-.@])|[^sv0-9A-Z_a-z][0-9A-Z_a-z]+[sv]*?[-|][sv]*?["'`][sv]*?[0-9A-Z_a-z]|@(?:[0-9A-Z_a-z]+[sv]+(?:and|x?or|div|like|between)b[sv]*?["'0-9`]+|[-0-9A-Z_a-z]+[sv](?:and|x?or|div|like|between)b[sv]*?[^sv0-9A-Z_a-z])|[^sv0-:A-Z_a-z][sv]*?[0-9][^0-9A-Z_a-z]+[^sv0-9A-Z_a-z][sv]*?["'`].|[^0-9A-Z_a-z]information_schema|table_name[^0-9A-Z_a-z]" "id:1394,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?["'`]|[0-9=]+x)|["'`](?:[sv]*?(?:[0-9][sv]*?(?:--|#)|is[sv]*?(?:[0-9].+["'`]?[0-9A-Z_a-z]|[.0-9]+[sv]*?[^0-9A-Z_a-z].*?["'`]))|[%-&<->^]+[0-9][sv]*?(?:=|x?or|div|like|between|and)|(?:[^0-9A-Z_a-z]+[+-0-9A-Z_a-z]+[sv]*?=[sv]*?[0-9][^0-9A-Z_a-z]+||?[-0-9A-Z_a-z]{3,}[^sv,.0-9A-Z_a-z]+)["'`]|[sv]*(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)(?:array[sv]*[|[0-9A-Z_a-z]+(?:[sv]*!?~|[sv]+(?:not[sv]+)?similar[sv]+to[sv]+)|(?:tru|fals)eb))|bexcept[sv]+(?:selectb|values[sv]*?()" "id:1395,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i:^[Wd]+s*?(?:alter|union)b)" "id:1396,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|[^A-Z_a-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:create[sv]+[0-9A-Z_a-z]+|(?:d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load|(?:renam|truncat)e|u(?:pdate|nion[sv]*(?:all|(?:sele|distin)ct))|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject)))b)" "id:1397,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)["'`](?:[sv]*?(?:(?:*.+(?:x?or|div|like|between|(?:an|i)d)[^0-9A-Z_a-z]*?["'`]|(?:x?or|div|like|between|and)[sv][^0-9]+[-0-9A-Z_a-z]+.*?)[0-9]|[^sv0-9?A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]+[sv]*?["'`]|[^sv0-9A-Z_a-z]+[sv]*?[^A-Z_a-z].*?(?:#|--))|.*?*[sv]*?[0-9])|^["'`]|[%(-+-<>][-0-9A-Z_a-z]+[^sv0-9A-Z_a-z]+["'`][^,]" "id:1398,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["'][^=]{1,10}[ "'<-?[]+))|ex(?:ecute(?:(|[sv]{1,5}[$.0-9A-Z_a-z]{1,5}[sv]{0,3})|ists[sv]*?([sv]*?selectb)|(?:create[sv]+?table.{0,20}?|like[^0-9A-Z_a-z]*?char[^0-9A-Z_a-z]*?)()|select.*?case|from.*?limit|order[sv]by|exists[sv](?:[sv]select|s(?:elect[^sv](?:if(?:null)?[sv](|top|concat)|ystem[sv]()|bhavingb[sv]+[0-9]{1,10}|'[^=]{1,10}')" "id:1399,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|["'][^=]{1,10}["'])[sv]?[<->]+|[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|xorb[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|'[sv]+x?or[sv]+.{1,20}[!+-<->]" "id:1400,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["'][^=]{1,10}["']) ?[<->]+)" "id:1401,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(" "id:1402,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)" "id:1403,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'" "id:1404,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){12})" "id:1405,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00" "id:1406,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$" "id:1407,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i:b0x[a-fd]{3,})" "id:1408,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)" "id:1409,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)["'`][sv]*?(?:(?:is[sv]+not|not[sv]+(?:like|glob|(?:betwee|i)n|null|regexp|match)|mod|div|sounds[sv]+like)b|[%-&*-+-/<->^|])" "id:1410,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^"]*?(?:"[^"]*?"[^"]*?)*?"|[^`]*?(?:`[^`]*?`[^`]*?)*?`)[sv]*([0-9A-Z_a-z]+)b" "id:1411,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ^(?:and|or)$" "id:1412,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ^.*?x5c['"`](?:.*?['"`])?s*(?:and|or)b" "id:1413,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@detectSQLi" "id:1414,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(" "id:1415,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" "id:1416,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1417,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1418,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?i)W+d*?s*?bhavingbs*?[^s-]" "id:1419,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ["'`][sd]*?[^ws]W*?dW*?.*?["'`d]" "id:1420,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){8})" "id:1421,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){6})" "id:1422,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx W{4}" "id:1423,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx (?:'(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)')" "id:1424,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ';" "id:1425,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1426,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1427,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){3})" "id:1428,phase:1,deny,status:403,log,msg:'sqli attack detected'"
+SecRule REQUEST_URI "@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){2})" "id:1429,phase:1,deny,status:403,log,msg:'sqli attack detected'"
diff --git a/waf_patterns/apache/xss.conf b/waf_patterns/apache/xss.conf
index f1108e2..ac70118 100644
--- a/waf_patterns/apache/xss.conf
+++ b/waf_patterns/apache/xss.conf
@@ -1,46 +1,46 @@
 # Apache ModSecurity rules for XSS
 SecRuleEngine On
 
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@lt 1" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@detectXSS" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<script[^>]*>[sS]*?" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv"'<>]*:)?[^0-9<>A-Z_a-z]*[^0-9A-Z_a-z]*?(?:s[^0-9A-Z_a-z]*?(?:c[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?t|t[^0-9A-Z_a-z]*?y[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e|v[^0-9A-Z_a-z]*?g|e[^0-9A-Z_a-z]*?t[^0-9>A-Z_a-z])|f[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?m|m[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?q[^0-9A-Z_a-z]*?u[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?e|e[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?a[^0-9>A-Z_a-z])|(?:l[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?k|o[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?j[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?c[^0-9A-Z_a-z]*?t|e[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?d|a[^0-9A-Z_a-z]*?(?:p[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?t|u[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?o|n[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?e)|p[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m|i?[^0-9A-Z_a-z]*?f[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?e|b[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?s[^0-9A-Z_a-z]*?e|o[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?y|i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?s)|i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a?[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?e?|v[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?o)[^0-9>A-Z_a-z])|(?:<[0-9A-Z_a-z].*[sv/]|["'](?:.*[sv/])?)(?:background|formaction|lowsrc|on(?:a(?:bort|ctivate|d(?:apteradded|dtrack)|fter(?:print|(?:scriptexecu|upda)te)|lerting|n(?:imation(?:cancel|end|iteration|start)|tennastatechange)|ppcommand|u(?:dio(?:end|process|start)|xclick))|b(?:e(?:fore(?:(?:(?:(?:de)?activa|scriptexecu)t|toggl)e|c(?:opy|ut)|editfocus|input|p(?:aste|rint)|u(?:nload|pdate))|gin(?:Event)?)|l(?:ocked|ur)|oun(?:ce|dary)|roadcast|usy)|c(?:a(?:(?:ch|llschang)ed|nplay(?:through)?|rdstatechange)|(?:ell|fstate)change|h(?:a(?:rging(?:time)?cha)?nge|ecking)|l(?:ick|ose)|o(?:m(?:mand(?:update)?|p(?:lete|osition(?:end|start|update)))|n(?:nect(?:ed|ing)|t(?:extmenu|rolselect))|py)|u(?:echange|t))|d(?:ata(?:(?:availabl|chang)e|error|setc(?:hanged|omplete))|blclick|e(?:activate|livery(?:error|success)|vice(?:found|light|(?:mo|orienta)tion|proximity))|i(?:aling|s(?:abled|c(?:hargingtimechange|onnect(?:ed|ing))))|o(?:m(?:a(?:ctivate|ttrmodified)|(?:characterdata|subtree)modified|focus(?:in|out)|mousescroll|node(?:inserted(?:intodocument)?|removed(?:fromdocument)?))|wnloading)|r(?:ag(?:drop|e(?:n(?:d|ter)|xit)|(?:gestur|leav)e|over|start)|op)|urationchange)|e(?:mptied|n(?:abled|d(?:ed|Event)?|ter)|rror(?:update)?|xit)|f(?:ailed|i(?:lterchange|nish)|o(?:cus(?:in|out)?|rm(?:change|input))|ullscreenchange)|g(?:amepad(?:axismove|button(?:down|up)|(?:dis)?connected)|et)|h(?:ashchange|e(?:adphoneschange|l[dp])|olding)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|put|valid))|key(?:down|press|up)|l(?:evelchange|o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|y)|m(?:ark|essage|o(?:use(?:down|enter|(?:lea|mo)ve|o(?:ut|ver)|up|wheel)|ve(?:end|start)?|z(?:a(?:fterpaint|udioavailable)|(?:beforeresiz|orientationchang|t(?:apgestur|imechang))e|(?:edgeui(?:c(?:ancel|omplet)|start)e|network(?:down|up)loa)d|fullscreen(?:change|error)|m(?:agnifygesture(?:start|update)?|ouse(?:hittest|pixelscroll))|p(?:ointerlock(?:change|error)|resstapgesture)|rotategesture(?:start|update)?|s(?:crolledareachanged|wipegesture(?:end|start|update)?))))|no(?:match|update)|o(?:(?:bsolet|(?:ff|n)lin)e|pen|verflow(?:changed)?)|p(?:a(?:ge(?:hide|show)|int|(?:st|us)e)|lay(?:ing)?|o(?:inter(?:down|enter|(?:(?:lea|mo)v|rawupdat)e|o(?:ut|ver)|up)|p(?:state|up(?:hid(?:den|ing)|show(?:ing|n))))|ro(?:gress|pertychange))|r(?:atechange|e(?:adystatechange|ceived|movetrack|peat(?:Event)?|quest|s(?:et|ize|u(?:lt|m(?:e|ing)))|trieving)|ow(?:e(?:nter|xit)|s(?:delete|inserted)))|s(?:croll(?:end)?|e(?:arch|ek(?:complete|ed|ing)|lect(?:ionchange|start)?|n(?:ding|t)|t)|how|(?:ound|peech)(?:end|start)|t(?:a(?:lled|rt|t(?:echange|uschanged))|k(?:comma|sessione)nd|op)|u(?:bmit|ccess|spend)|vg(?:abort|error|(?:un)?load|resize|scroll|zoom))|t(?:ext|ime(?:out|update)|o(?:ggle|uch(?:cancel|en(?:d|ter)|(?:lea|mo)ve|start))|ransition(?:cancel|end|run|start))|u(?:n(?:derflow|handledrejection|load)|p(?:dateready|gradeneeded)|s(?:erproximity|sdreceived))|v(?:ersion|o(?:ic|lum)e)change|w(?:a(?:it|rn)ing|ebkit(?:animation(?:end|iteration|start)|transitionend)|heel)|zoom)|ping|s(?:rc|tyle))[x08-nf-r ]*?=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:["']|W*?uW*?rW*?l[sS]*?()|[^-]*?-W*?mW*?oW*?zW*?-W*?bW*?iW*?nW*?dW*?iW*?nW*?g[^:]*?:W*?uW*?rW*?l[sS]*?(" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)(?:v|&#(?:0*8|x0*5)[36];)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*6[26]|x0*(?:98|42));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<EMBED[s/+].*?(?:src|type).*?=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx <[?]?import[s/+S]*?implementation[s/+]*?=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*["'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i:<META[s/+].*?charset[s/+]*=)" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<LINK[s/+].*?href[s/+]*=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<BASE[s/+].*?href[s/+]*=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<APPLET[s/+>]" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx ![!+ ][]" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa)[sv]*(" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@lt 2" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@detectXSS" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)[s"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@contains -->" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i:["'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx (?i)["'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?=" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@rx {{.*?}}" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@lt 3" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
-SecRule REQUEST_URI "@lt 4" "id:1000,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1314,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 1" "id:1315,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122" "id:1316,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@detectXSS" "id:1317,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<script[^>]*>[sS]*?" "id:1318,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b" "id:1319,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript" "id:1320,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv"'<>]*:)?[^0-9<>A-Z_a-z]*[^0-9A-Z_a-z]*?(?:s[^0-9A-Z_a-z]*?(?:c[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?t|t[^0-9A-Z_a-z]*?y[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e|v[^0-9A-Z_a-z]*?g|e[^0-9A-Z_a-z]*?t[^0-9>A-Z_a-z])|f[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?m|m[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?q[^0-9A-Z_a-z]*?u[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?e|e[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?a[^0-9>A-Z_a-z])|(?:l[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?k|o[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?j[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?c[^0-9A-Z_a-z]*?t|e[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?d|a[^0-9A-Z_a-z]*?(?:p[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?t|u[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?o|n[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?e)|p[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m|i?[^0-9A-Z_a-z]*?f[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?e|b[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?s[^0-9A-Z_a-z]*?e|o[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?y|i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?s)|i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a?[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?e?|v[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?o)[^0-9>A-Z_a-z])|(?:<[0-9A-Z_a-z].*[sv/]|["'](?:.*[sv/])?)(?:background|formaction|lowsrc|on(?:a(?:bort|ctivate|d(?:apteradded|dtrack)|fter(?:print|(?:scriptexecu|upda)te)|lerting|n(?:imation(?:cancel|end|iteration|start)|tennastatechange)|ppcommand|u(?:dio(?:end|process|start)|xclick))|b(?:e(?:fore(?:(?:(?:(?:de)?activa|scriptexecu)t|toggl)e|c(?:opy|ut)|editfocus|input|p(?:aste|rint)|u(?:nload|pdate))|gin(?:Event)?)|l(?:ocked|ur)|oun(?:ce|dary)|roadcast|usy)|c(?:a(?:(?:ch|llschang)ed|nplay(?:through)?|rdstatechange)|(?:ell|fstate)change|h(?:a(?:rging(?:time)?cha)?nge|ecking)|l(?:ick|ose)|o(?:m(?:mand(?:update)?|p(?:lete|osition(?:end|start|update)))|n(?:nect(?:ed|ing)|t(?:extmenu|rolselect))|py)|u(?:echange|t))|d(?:ata(?:(?:availabl|chang)e|error|setc(?:hanged|omplete))|blclick|e(?:activate|livery(?:error|success)|vice(?:found|light|(?:mo|orienta)tion|proximity))|i(?:aling|s(?:abled|c(?:hargingtimechange|onnect(?:ed|ing))))|o(?:m(?:a(?:ctivate|ttrmodified)|(?:characterdata|subtree)modified|focus(?:in|out)|mousescroll|node(?:inserted(?:intodocument)?|removed(?:fromdocument)?))|wnloading)|r(?:ag(?:drop|e(?:n(?:d|ter)|xit)|(?:gestur|leav)e|over|start)|op)|urationchange)|e(?:mptied|n(?:abled|d(?:ed|Event)?|ter)|rror(?:update)?|xit)|f(?:ailed|i(?:lterchange|nish)|o(?:cus(?:in|out)?|rm(?:change|input))|ullscreenchange)|g(?:amepad(?:axismove|button(?:down|up)|(?:dis)?connected)|et)|h(?:ashchange|e(?:adphoneschange|l[dp])|olding)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|put|valid))|key(?:down|press|up)|l(?:evelchange|o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|y)|m(?:ark|essage|o(?:use(?:down|enter|(?:lea|mo)ve|o(?:ut|ver)|up|wheel)|ve(?:end|start)?|z(?:a(?:fterpaint|udioavailable)|(?:beforeresiz|orientationchang|t(?:apgestur|imechang))e|(?:edgeui(?:c(?:ancel|omplet)|start)e|network(?:down|up)loa)d|fullscreen(?:change|error)|m(?:agnifygesture(?:start|update)?|ouse(?:hittest|pixelscroll))|p(?:ointerlock(?:change|error)|resstapgesture)|rotategesture(?:start|update)?|s(?:crolledareachanged|wipegesture(?:end|start|update)?))))|no(?:match|update)|o(?:(?:bsolet|(?:ff|n)lin)e|pen|verflow(?:changed)?)|p(?:a(?:ge(?:hide|show)|int|(?:st|us)e)|lay(?:ing)?|o(?:inter(?:down|enter|(?:(?:lea|mo)v|rawupdat)e|o(?:ut|ver)|up)|p(?:state|up(?:hid(?:den|ing)|show(?:ing|n))))|ro(?:gress|pertychange))|r(?:atechange|e(?:adystatechange|ceived|movetrack|peat(?:Event)?|quest|s(?:et|ize|u(?:lt|m(?:e|ing)))|trieving)|ow(?:e(?:nter|xit)|s(?:delete|inserted)))|s(?:croll(?:end)?|e(?:arch|ek(?:complete|ed|ing)|lect(?:ionchange|start)?|n(?:ding|t)|t)|how|(?:ound|peech)(?:end|start)|t(?:a(?:lled|rt|t(?:echange|uschanged))|k(?:comma|sessione)nd|op)|u(?:bmit|ccess|spend)|vg(?:abort|error|(?:un)?load|resize|scroll|zoom))|t(?:ext|ime(?:out|update)|o(?:ggle|uch(?:cancel|en(?:d|ter)|(?:lea|mo)ve|start))|ransition(?:cancel|end|run|start))|u(?:n(?:derflow|handledrejection|load)|p(?:dateready|gradeneeded)|s(?:erproximity|sdreceived))|v(?:ersion|o(?:ic|lum)e)change|w(?:a(?:it|rn)ing|ebkit(?:animation(?:end|iteration|start)|transitionend)|heel)|zoom)|ping|s(?:rc|tyle))[x08-nf-r ]*?=" "id:1321,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:["']|W*?uW*?rW*?l[sS]*?()|[^-]*?-W*?mW*?oW*?zW*?-W*?bW*?iW*?nW*?dW*?iW*?nW*?g[^:]*?:W*?uW*?rW*?l[sS]*?(" "id:1322,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[" "id:1323,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))" "id:1324,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)" "id:1325,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1326,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)(?:v|&#(?:0*8|x0*5)[36];)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*6[26]|x0*(?:98|42));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." "id:1327,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<EMBED[s/+].*?(?:src|type).*?=" "id:1328,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx <[?]?import[s/+S]*?implementation[s/+]*?=" "id:1329,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*["'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))" "id:1330,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i:<META[s/+].*?charset[s/+]*=)" "id:1331,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<LINK[s/+].*?href[s/+]*=" "id:1332,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<BASE[s/+].*?href[s/+]*=" "id:1333,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<APPLET[s/+>]" "id:1334,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=" "id:1335,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe" "id:1336,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)" "id:1337,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-" "id:1338,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx ![!+ ][]" "id:1339,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)" "id:1340,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa)[sv]*(" "id:1341,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`" "id:1342,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1343,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 2" "id:1344,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@detectXSS" "id:1345,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)[s"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]" "id:1346,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=" "id:1347,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@contains -->" "id:1348,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W" "id:1349,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i:["'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)" "id:1350,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx (?i)["'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?=" "id:1351,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@rx {{.*?}}" "id:1352,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1353,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 3" "id:1354,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1355,phase:1,deny,status:403,log,msg:'xss attack detected'"
+SecRule REQUEST_URI "@lt 4" "id:1356,phase:1,deny,status:403,log,msg:'xss attack detected'"
diff --git a/waf_patterns/haproxy/waf.acl b/waf_patterns/haproxy/waf.acl
index f7f11f7..80aea7f 100644
--- a/waf_patterns/haproxy/waf.acl
+++ b/waf_patterns/haproxy/waf.acl
@@ -1,1293 +1,1940 @@
 # HAProxy WAF ACL rules
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @rx ^.*$
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i !@rx (?:URLENCODED|MULTIPART|XML|JSON)
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i !@rx (?:URLENCODED|MULTIPART|XML|JSON)
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @eq 100
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @rx ^[a-f]*([0-9])[a-f]*([0-9])
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i !@lt %{tx.sampling_percentage}
 http-request deny if block_INITIALIZATION
+
 acl block_INITIALIZATION hdr_sub(User-Agent) -i @lt %{tx.blocking_paranoia_level}
 http-request deny if block_INITIALIZATION
+
 acl block_EXCEPTIONS hdr_sub(User-Agent) -i @streq GET /
 http-request deny if block_EXCEPTIONS
+
 acl block_EXCEPTIONS hdr_sub(User-Agent) -i @ipMatch 127.0.0.1,::1
 http-request deny if block_EXCEPTIONS
+
 acl block_EXCEPTIONS hdr_sub(User-Agent) -i @ipMatch 127.0.0.1,::1
 http-request deny if block_EXCEPTIONS
+
 acl block_EXCEPTIONS hdr_sub(User-Agent) -i @endsWith (internal dummy connection)
 http-request deny if block_EXCEPTIONS
+
 acl block_EXCEPTIONS hdr_sub(User-Agent) -i @rx ^(?:GET /|OPTIONS *) HTTP/[12].[01]$
 http-request deny if block_EXCEPTIONS
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@within %{tx.allowed_methods}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_ENFORCEMENT
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @pmFromFile scanners-user-agents.data
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_DETECTION
+
 acl block_DETECTION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_DETECTION
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^d+$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^(?:GET|HEAD)$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^0?$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^(?:GET|HEAD)$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @streq POST
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx (d+)-(d+)
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt %{tx.1}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx b(?:keep-alive|close),s?(?:keep-alive|close)b
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx x25
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateUrlEncoding
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^(?i)application/x-www-form-urlencoded
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx x25
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateUrlEncoding
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateUtf8Encoding
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx %u[fF]{2}[0-9a-fA-F]{2}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateByteRange 1-255
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^OPTIONS$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@pm AppleWebKit Android Business Enterprise Entreprise
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^OPTIONS$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^0$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt %{tx.max_num_args}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt %{tx.arg_name_length}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt %{tx.arg_length}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt %{tx.total_arg_length}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^(?i)multipart/form-data
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt %{tx.max_file_size}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt %{tx.combined_file_sizes}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^[^;s]+
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@within %{tx.allowed_request_content_type}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx charsets*=s*["']?([^;"'s]+)
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@within %{tx.allowed_request_content_type_charset}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx charset.*?charset
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@within %{tx.allowed_http_versions}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx .([^.]+)$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @within %{tx.restricted_extensions}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx .[^.~]+~(?:/.*|)$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^.*$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @within %{tx.restricted_headers_basic}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt 50
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@streq JSON
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx (?i)x5cu[0-9a-f]{4}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @contains #
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@endsWith .pdf
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @endsWith .pdf
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx %[0-9a-fA-F]{2}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateByteRange 9,10,13,32-126,128-255
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ['";=]
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^0$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^.*$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @within %{tx.restricted_headers_extended}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateByteRange 32-36,38-126
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^(?:OPTIONS|CONNECT)$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@pm AppleWebKit Android
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^(?i)up
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @gt 0
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @endsWith .pdf
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateByteRange 38,44-46,48-58,61,65-90,95,97-122
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @validateByteRange 32,34,38,42-59,61,65-90,95,97-122
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i !@rx ^(?:?[01])?$
 http-request deny if block_ENFORCEMENT
+
 acl block_ENFORCEMENT hdr_sub(User-Agent) -i @rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]
 http-request deny if block_ENFORCEMENT
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx (?:bhttp/d|<(?:html|meta)b)
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [nr]
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [nr]
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [nr]
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx unix:[^|]*|
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [nr]
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @gt 0
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx .
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @gt 1
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx TX:paramcounter_(.*)
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx (][^]]+$|][^]]+[)
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx [
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i !@eq 0
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i !@within |%{tx.allowed_request_content_type_charset}|
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx ^content-types*:s*(.*)$
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i !@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$
 http-request deny if block_ATTACK
+
 acl block_ATTACK hdr_sub(User-Agent) -i @rx content-transfer-encoding:(.*)
 http-request deny if block_ATTACK
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @pmFromFile lfi-os-files.data
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @pmFromFile restricted-files.data
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @pmFromFile lfi-os-files.data
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_LFI
+
 acl block_LFI hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_LFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @rx ^(?i:file|ftps?|https?).*??+$
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i !@endsWith .%{request_headers.host}
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i !@endsWith .%{request_headers.host}
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_RFI
+
 acl block_RFI hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_RFI
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[&,<>|]|(?:[--.0-9A-Z_a-z]["'[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#*-0-9?-@_a-{]*)?x5c?)+[sv&,<>|]).*|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:4|[sv&),<>|].*))|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)b
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[sv&)<>|]|a(?:dd(?:group|user)|getty|l(?:ias|pine)[sv&)<>|]|nsible-playbook|pt(?:-get|itude[sv&)<>|])|r(?:ch[sv&)<>|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm|xel)|b(?:a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[sv&)<>|]|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[sv&)<>|]|on(?:tab)?)|s(?:plit|vtool)|u(?:psfilter|rl[sv&)<>|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[sv&)<>|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[sv&)<>|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r)))|f(?:acter|(?:etch|lock|unction)[sv&)<>|]|grep|i(?:le(?:[sv&)<>|]|test)|(?:n(?:d|ger)|sh)[sv&)<>|])|o(?:ld[sv&)<>|]|reach)|ping|tp(?:stats|who))|g(?:awk[sv&)<>|]|core|e(?:ni(?:e[sv&)<>|]|soimage)|tfacl[sv&)<>|])|hci|i(?:mp[sv&)<>|]|nsh)|r(?:ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[sv&)<>|]|onice|p(?:6?tables|config)|spell)|j(?:ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:ill(?:[sv&)<>|]|all)|nife[sv&)<>|]|sshell)|l(?:a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|dconfig|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[sv&)<>|]|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[sv&)<>q|]|x[sv&)<>|])|ke[sv&)<>|]|ster.passwd|wk)|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[sv&)<>|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[sv&)<>|]|sm|wk)|c(?:.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[sv&)<>|]|map|o(?:de[sv&)<>|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:f(?:la)?tex|ksh)|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[sv&)<>|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[sv&)<>|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[sv&)<>|]|shd)|wd.db|ython[^sv])|r(?:ak(?:e[sv&)<>|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[sv&)<>|]|stic)|l(?:ogin|wrap)|m(?:dir[sv&)<>|]|user)|nano|oute[sv&)<>|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|nap)[sv&)<>|]|c(?:hed|r(?:een|ipt)[sv&)<>|])|diff|e(?:(?:lf|rvice)[sv&)<>|]|ndmail|t(?:arch|env|facl[sv&)<>|]|sid))|ftp|h(?:.distrib|(?:adow|ells)[sv&)<>|]|u(?:f|tdown[sv&)<>|]))|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:(?:out)?[sv&)<>|]|datectl)|mux|ouch[sv&)<>|]|r(?:aceroute6?|off)|shark)|u(?:limit[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[sv&)<>|]|gr|mdiff|pw|rsh)|olatility[sv&)<>|])|w(?:a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @pmFromFile windows-powershell-commands.data
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:(?:a["^]*(?:c|s["^]*n["^]*p)|e["^]*(?:b["^]*p|p["^]*(?:a["^]*l|c["^]*s["^]*v|s["^]*n)|[tx]["^]*s["^]*n)|f["^]*(?:[cltw]|o["^]*r["^]*e["^]*a["^]*c["^]*h)|i["^]*(?:[cr]["^]*m|e["^]*x|h["^]*y|i|p["^]*(?:a["^]*l|c["^]*s["^]*v|m["^]*o|s["^]*n)|s["^]*e|w["^]*(?:m["^]*i|r))|m["^]*(?:a["^]*n|[dipv]|o["^]*u["^]*n["^]*t)|o["^]*g["^]*v|p["^]*(?:o["^]*p|u["^]*s["^]*h)["^]*d|t["^]*r["^]*c["^]*m|w["^]*j["^]*b)["^]*[sv,.-/;-<>].*|c["^]*(?:(?:(?:d|h["^]*d["^]*i["^]*r|v["^]*p["^]*a)["^]*|p["^]*(?:[ip]["^]*)?)[sv,.-/;-<>].*|l["^]*(?:(?:[cipv]|h["^]*y)["^]*[sv,.-/;-<>].*|s)|n["^]*s["^]*n)|d["^]*(?:(?:b["^]*p|e["^]*l|i["^]*(?:f["^]*f|r))["^]*[sv,.-/;-<>].*|n["^]*s["^]*n)|g["^]*(?:(?:(?:(?:a["^]*)?l|b["^]*p|d["^]*r|h["^]*y|(?:w["^]*m["^]*)?i|j["^]*b|[u-v])["^]*|c["^]*(?:[ims]["^]*)?|m["^]*(?:o["^]*)?|s["^]*(?:n["^]*(?:p["^]*)?|v["^]*))[sv,.-/;-<>].*|e["^]*r["^]*r|p["^]*(?:(?:s["^]*)?[sv,.-/;-<>].*|v))|l["^]*s|n["^]*(?:(?:a["^]*l|d["^]*r|[iv]|m["^]*o|s["^]*n)["^]*[sv,.-/;-<>].*|p["^]*s["^]*s["^]*c)|r["^]*(?:(?:(?:(?:b["^]*)?p|e["^]*n|(?:w["^]*m["^]*)?i|j["^]*b|n["^]*[ip])["^]*|d["^]*(?:r["^]*)?|m["^]*(?:(?:d["^]*i["^]*r|o)["^]*)?|s["^]*n["^]*(?:p["^]*)?|v["^]*(?:p["^]*a["^]*)?)[sv,.-/;-<>].*|c["^]*(?:j["^]*b["^]*[sv,.-/;-<>].*|s["^]*n)|u["^]*j["^]*b)|s["^]*(?:(?:(?:a["^]*(?:j["^]*b|l|p["^]*s|s["^]*v)|b["^]*p|[civ]|w["^]*m["^]*i)["^]*|l["^]*(?:s["^]*)?|p["^]*(?:(?:j["^]*b|p["^]*s|s["^]*v)["^]*)?)[sv,.-/;-<>].*|h["^]*c["^]*m|u["^]*j["^]*b))(?:.["^]*[0-9A-Z_a-z]+)?b
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)[sv&)<>|]
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:a(?:ddgroup|xel)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:g(?:passwd|rp)|pass|sh)|lang++|oproc|ron)|d(?:iff[sv&)<>|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[sv&)<>|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|erl5?|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[sv&)<>|])|tar(?:diff|grep)?|wd.db|ython[2-3])|r(?:(?:bas|ealpat)h|m(?:dir[sv&)<>|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h.distri|pwd.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[sv&)<>|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:c(?:at|mp)|diff|[e-f]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i !@rx [0-9]s*'s*[0-9]
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx !-d
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @pmFromFile unix-shell.data
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx ^(s*)s+{
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx ^(s*)s+{
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx ba["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?sb[sv]+[!-"%',0-9@-Z_a-z]+=[^sv]
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @pmFromFile restricted-upload.data
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:c["^]*c["^]*c["^]*h["^]*e["^]*c["^]*k["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e|d["^]*(?:p["^]*l["^]*u["^]*s|v["^]*p["^]*a["^]*c["^]*k)|(?:g["^]*e["^]*n["^]*t["^]*e["^]*x["^]*e["^]*c["^]*u["^]*t["^]*o|s["^]*p["^]*n["^]*e["^]*t["^]*_["^]*c["^]*o["^]*m["^]*p["^]*i["^]*l["^]*e)["^]*r|p["^]*p["^]*(?:i["^]*n["^]*s["^]*t["^]*a["^]*l["^]*l["^]*e["^]*r|v["^]*l["^]*p)|t["^]*(?:[sv,.-/;-<>].*|b["^]*r["^]*o["^]*k["^]*e["^]*r))|b["^]*(?:a["^]*s["^]*h|g["^]*i["^]*n["^]*f["^]*o|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:d["^]*b|e["^]*r["^]*t["^]*(?:o["^]*c|r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|l["^]*_["^]*(?:i["^]*n["^]*v["^]*o["^]*c["^]*a["^]*t["^]*i["^]*o["^]*n|l["^]*o["^]*a["^]*d["^]*a["^]*s["^]*s["^]*e["^]*m["^]*b["^]*l["^]*y|m["^]*u["^]*t["^]*e["^]*x["^]*v["^]*e["^]*r["^]*i["^]*f["^]*i["^]*e["^]*r["^]*s)|m["^]*(?:d(?:["^]*(?:k["^]*e["^]*y|l["^]*3["^]*2))?|s["^]*t["^]*p)|o["^]*(?:m["^]*s["^]*v["^]*c["^]*s|n["^]*(?:f["^]*i["^]*g["^]*s["^]*e["^]*c["^]*u["^]*r["^]*i["^]*t["^]*y["^]*p["^]*o["^]*l["^]*i["^]*c["^]*y|h["^]*o["^]*s["^]*t|t["^]*r["^]*o["^]*l)|r["^]*e["^]*g["^]*e["^]*n)|r["^]*e["^]*a["^]*t["^]*e["^]*d["^]*u["^]*m["^]*p|s["^]*(?:c(?:["^]*r["^]*i["^]*p["^]*t)?|i)|u["^]*s["^]*t["^]*o["^]*m["^]*s["^]*h["^]*e["^]*l["^]*l["^]*h["^]*o["^]*s["^]*t)|d["^]*(?:a["^]*t["^]*a["^]*s["^]*v["^]*c["^]*u["^]*t["^]*i["^]*l|e["^]*(?:f["^]*a["^]*u["^]*l["^]*t["^]*p["^]*a["^]*c["^]*k|s["^]*k(?:["^]*t["^]*o["^]*p["^]*i["^]*m["^]*g["^]*d["^]*o["^]*w["^]*n["^]*l["^]*d["^]*r)?|v["^]*(?:i["^]*c["^]*e["^]*c["^]*r["^]*e["^]*d["^]*e["^]*n["^]*t["^]*i["^]*a["^]*l["^]*d["^]*e["^]*p["^]*l["^]*o["^]*y["^]*m["^]*e["^]*n["^]*t|t["^]*o["^]*o["^]*l["^]*s["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r))|f["^]*s["^]*(?:h["^]*i["^]*m|v["^]*c)|i["^]*(?:a["^]*n["^]*t["^]*z|s["^]*k["^]*s["^]*h["^]*a["^]*d["^]*o["^]*w)|n["^]*(?:s["^]*c["^]*m["^]*d|x)|o["^]*t["^]*n["^]*e["^]*t|u["^]*m["^]*p["^]*6["^]*4|x["^]*c["^]*a["^]*p)|e["^]*(?:s["^]*e["^]*n["^]*t["^]*u["^]*t["^]*l|v["^]*e["^]*n["^]*t["^]*v["^]*w["^]*r|x["^]*(?:c["^]*e["^]*l|p["^]*(?:a["^]*n["^]*d|l["^]*o["^]*r["^]*e["^]*r)|t["^]*(?:e["^]*x["^]*p["^]*o["^]*r["^]*t|r["^]*a["^]*c["^]*3["^]*2)))|f["^]*(?:i["^]*n["^]*(?:d["^]*s["^]*t|g["^]*e)["^]*r|l["^]*t["^]*m["^]*c|o["^]*r["^]*f["^]*i["^]*l["^]*e["^]*s|s["^]*(?:i(?:["^]*a["^]*n["^]*y["^]*c["^]*p["^]*u)?|u["^]*t["^]*i["^]*l)|t["^]*p)|g["^]*(?:f["^]*x["^]*d["^]*o["^]*w["^]*n["^]*l["^]*o["^]*a["^]*d["^]*w["^]*r["^]*a["^]*p["^]*p["^]*e["^]*r|p["^]*s["^]*c["^]*r["^]*i["^]*p["^]*t)|h["^]*h|i["^]*(?:e["^]*(?:4["^]*u["^]*i["^]*n["^]*i["^]*t|a["^]*d["^]*v["^]*p["^]*a["^]*c["^]*k|e["^]*x["^]*e["^]*c|f["^]*r["^]*a["^]*m["^]*e)|l["^]*a["^]*s["^]*m|m["^]*e["^]*w["^]*d["^]*b["^]*l["^]*d|n["^]*(?:f["^]*d["^]*e["^]*f["^]*a["^]*u["^]*l["^]*t["^]*i["^]*n["^]*s["^]*t["^]*a["^]*l|s["^]*t["^]*a["^]*l["^]*l["^]*u["^]*t["^]*i)["^]*l)|j["^]*s["^]*c|l["^]*(?:a["^]*u["^]*n["^]*c["^]*h["^]*-["^]*v["^]*s["^]*d["^]*e["^]*v["^]*s["^]*h["^]*e["^]*l["^]*l|d["^]*i["^]*f["^]*d["^]*e)|m["^]*(?:a["^]*(?:k["^]*e["^]*c["^]*a["^]*b|n["^]*a["^]*g["^]*e["^]*-["^]*b["^]*d["^]*e|v["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t)|f["^]*t["^]*r["^]*a["^]*c["^]*e|i["^]*c["^]*r["^]*o["^]*s["^]*o["^]*f["^]*t|m["^]*c|p["^]*c["^]*m["^]*d["^]*r["^]*u["^]*n|s["^]*(?:(?:b["^]*u["^]*i["^]*l|o["^]*h["^]*t["^]*m["^]*e)["^]*d|c["^]*o["^]*n["^]*f["^]*i["^]*g|d["^]*(?:e["^]*p["^]*l["^]*o["^]*y|t)|h["^]*t["^]*(?:a|m["^]*l)|i["^]*e["^]*x["^]*e["^]*c|p["^]*u["^]*b|x["^]*s["^]*l))|n["^]*(?:e["^]*t["^]*s["^]*h|t["^]*d["^]*s["^]*u["^]*t["^]*i["^]*l)|o["^]*(?:d["^]*b["^]*c["^]*c["^]*o["^]*n["^]*f|f["^]*f["^]*l["^]*i["^]*n["^]*e["^]*s["^]*c["^]*a["^]*n["^]*n["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l|n["^]*e["^]*d["^]*r["^]*i["^]*v["^]*e["^]*s["^]*t["^]*a["^]*n["^]*d["^]*a["^]*l["^]*o["^]*n["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t["^]*e["^]*r|p["^]*e["^]*n["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e)|p["^]*(?:c["^]*(?:a["^]*l["^]*u["^]*a|w["^]*(?:r["^]*u["^]*n|u["^]*t["^]*l))|(?:e["^]*s["^]*t["^]*e|s)["^]*r|(?:k["^]*t["^]*m["^]*o|u["^]*b["^]*p["^]*r)["^]*n|n["^]*p["^]*u["^]*t["^]*i["^]*l|o["^]*w["^]*e["^]*r["^]*p["^]*n["^]*t|r["^]*(?:e["^]*s["^]*e["^]*n["^]*t["^]*a["^]*t["^]*i["^]*o["^]*n["^]*h["^]*o["^]*s["^]*t|i["^]*n["^]*t(?:["^]*b["^]*r["^]*m)?|o["^]*(?:c["^]*d["^]*u["^]*m["^]*p|t["^]*o["^]*c["^]*o["^]*l["^]*h["^]*a["^]*n["^]*d["^]*l["^]*e["^]*r)))|r["^]*(?:a["^]*s["^]*a["^]*u["^]*t["^]*o["^]*u|c["^]*s["^]*i|(?:d["^]*r["^]*l["^]*e["^]*a["^]*k["^]*d["^]*i["^]*a|p["^]*c["^]*p["^]*i["^]*n)["^]*g|e["^]*(?:g(?:["^]*(?:a["^]*s["^]*m|e["^]*d["^]*i["^]*t|i["^]*(?:n["^]*i|s["^]*t["^]*e["^]*r["^]*-["^]*c["^]*i["^]*m["^]*p["^]*r["^]*o["^]*v["^]*i["^]*d["^]*e["^]*r)|s["^]*v["^]*(?:c["^]*s|r["^]*3["^]*2)))?|(?:m["^]*o["^]*t|p["^]*l["^]*a["^]*c)["^]*e)|u["^]*n["^]*(?:d["^]*l["^]*l["^]*3["^]*2|(?:e["^]*x["^]*e|s["^]*c["^]*r["^]*i["^]*p["^]*t)["^]*h["^]*e["^]*l["^]*p["^]*e["^]*r|o["^]*n["^]*c["^]*e))|s["^]*(?:c["^]*(?:[sv,.-/;-<>].*|h["^]*t["^]*a["^]*s["^]*k["^]*s|r["^]*i["^]*p["^]*t["^]*r["^]*u["^]*n["^]*n["^]*e["^]*r)|e["^]*t["^]*(?:r["^]*e["^]*s|t["^]*i["^]*n["^]*g["^]*s["^]*y["^]*n["^]*c["^]*h["^]*o["^]*s["^]*t|u["^]*p["^]*a["^]*p["^]*i)|h["^]*(?:d["^]*o["^]*c["^]*v["^]*w|e["^]*l["^]*l["^]*3["^]*2)|q["^]*(?:l["^]*(?:d["^]*u["^]*m["^]*p["^]*e["^]*r|(?:t["^]*o["^]*o["^]*l["^]*s["^]*)?p["^]*s)|u["^]*i["^]*r["^]*r["^]*e["^]*l)|s["^]*h|t["^]*o["^]*r["^]*d["^]*i["^]*a["^]*g|y["^]*(?:n["^]*c["^]*a["^]*p["^]*p["^]*v["^]*p["^]*u["^]*b["^]*l["^]*i["^]*s["^]*h["^]*i["^]*n["^]*g["^]*s["^]*e["^]*r["^]*v["^]*e["^]*r|s["^]*s["^]*e["^]*t["^]*u["^]*p))|t["^]*(?:e["^]*[sv,.-/;-<>].*|r["^]*a["^]*c["^]*k["^]*e["^]*r|t["^]*(?:d["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t|t["^]*r["^]*a["^]*c["^]*e["^]*r))|u["^]*(?:n["^]*r["^]*e["^]*g["^]*m["^]*p["^]*2|p["^]*d["^]*a["^]*t["^]*e|r["^]*l|t["^]*i["^]*l["^]*i["^]*t["^]*y["^]*f["^]*u["^]*n["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s)|v["^]*(?:b["^]*c|e["^]*r["^]*c["^]*l["^]*s["^]*i["^]*d|i["^]*s["^]*u["^]*a["^]*l["^]*u["^]*i["^]*a["^]*v["^]*e["^]*r["^]*i["^]*f["^]*y["^]*n["^]*a["^]*t["^]*i["^]*v["^]*e|s["^]*(?:i["^]*i["^]*s["^]*e["^]*x["^]*e["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h|j["^]*i["^]*t["^]*d["^]*e["^]*b["^]*u["^]*g["^]*g)["^]*e["^]*r)|w["^]*(?:a["^]*b|(?:f|m["^]*i)["^]*c|i["^]*n["^]*(?:g["^]*e["^]*t|r["^]*m|w["^]*o["^]*r["^]*d)|l["^]*r["^]*m["^]*d["^]*r|o["^]*r["^]*k["^]*f["^]*o["^]*l["^]*d["^]*e["^]*r["^]*s|s["^]*(?:(?:c["^]*r["^]*i["^]*p|r["^]*e["^]*s["^]*e)["^]*t|l)|t["^]*[sv,.-/;-<>].*|u["^]*a["^]*u["^]*c["^]*l["^]*t)|x["^]*w["^]*i["^]*z["^]*a["^]*r["^]*d|z["^]*i["^]*p["^]*f["^]*l["^]*d["^]*r)(?:.["^]*[0-9A-Z_a-z]+)?b
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:s["^]*s["^]*o["^]*c|t["^]*(?:m["^]*a["^]*d["^]*m|t["^]*r["^]*i["^]*b)|u["^]*(?:d["^]*i["^]*t["^]*p["^]*o["^]*l|t["^]*o["^]*(?:c["^]*(?:h["^]*k|o["^]*n["^]*v)|(?:f["^]*m|m["^]*o["^]*u["^]*n)["^]*t)))|b["^]*(?:c["^]*d["^]*(?:b["^]*o["^]*o|e["^]*d["^]*i)["^]*t|(?:d["^]*e["^]*h["^]*d|o["^]*o["^]*t)["^]*c["^]*f["^]*g|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:a["^]*c["^]*l["^]*s|e["^]*r["^]*t["^]*(?:r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|h["^]*(?:c["^]*p|d["^]*i["^]*r|g["^]*(?:l["^]*o["^]*g["^]*o["^]*n|p["^]*o["^]*r["^]*t|u["^]*s["^]*r)|k["^]*(?:d["^]*s["^]*k|n["^]*t["^]*f["^]*s))|l["^]*e["^]*a["^]*n["^]*m["^]*g["^]*r|m["^]*(?:d(?:["^]*k["^]*e["^]*y)?|s["^]*t["^]*p)|s["^]*c["^]*r["^]*i["^]*p["^]*t)|d["^]*(?:c["^]*(?:d["^]*i["^]*a["^]*g|g["^]*p["^]*o["^]*f["^]*i["^]*x)|e["^]*(?:f["^]*r["^]*a["^]*g|l)|f["^]*s["^]*(?:d["^]*i["^]*a|r["^]*m["^]*i)["^]*g|i["^]*(?:a["^]*n["^]*t["^]*z|r|s["^]*(?:k["^]*(?:c["^]*o["^]*(?:m["^]*p|p["^]*y)|p["^]*(?:a["^]*r["^]*t|e["^]*r["^]*f)|r["^]*a["^]*i["^]*d|s["^]*h["^]*a["^]*d["^]*o["^]*w)|p["^]*d["^]*i["^]*a["^]*g))|n["^]*s["^]*c["^]*m["^]*d|(?:o["^]*s["^]*k["^]*e|r["^]*i["^]*v["^]*e["^]*r["^]*q["^]*u["^]*e["^]*r)["^]*y)|e["^]*(?:n["^]*d["^]*l["^]*o["^]*c["^]*a["^]*l|v["^]*e["^]*n["^]*t["^]*c["^]*r["^]*e["^]*a["^]*t["^]*e)|E["^]*v["^]*n["^]*t["^]*c["^]*m["^]*d|f["^]*(?:c|i["^]*(?:l["^]*e["^]*s["^]*y["^]*s["^]*t["^]*e["^]*m["^]*s|n["^]*d["^]*s["^]*t["^]*r)|l["^]*a["^]*t["^]*t["^]*e["^]*m["^]*p|o["^]*r(?:["^]*f["^]*i["^]*l["^]*e["^]*s)?|r["^]*e["^]*e["^]*d["^]*i["^]*s["^]*k|s["^]*u["^]*t["^]*i["^]*l|(?:t["^]*y["^]*p|v["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t)["^]*e)|g["^]*(?:e["^]*t["^]*(?:m["^]*a["^]*c|t["^]*y["^]*p["^]*e)|o["^]*t["^]*o|p["^]*(?:f["^]*i["^]*x["^]*u["^]*p|(?:r["^]*e["^]*s["^]*u["^]*l["^]*)?t|u["^]*p["^]*d["^]*a["^]*t["^]*e)|r["^]*a["^]*f["^]*t["^]*a["^]*b["^]*l)|h["^]*(?:e["^]*l["^]*p["^]*c["^]*t["^]*r|o["^]*s["^]*t["^]*n["^]*a["^]*m["^]*e)|i["^]*(?:c["^]*a["^]*c["^]*l["^]*s|f|p["^]*(?:c["^]*o["^]*n["^]*f["^]*i["^]*g|x["^]*r["^]*o["^]*u["^]*t["^]*e)|r["^]*f["^]*t["^]*p)|j["^]*e["^]*t["^]*p["^]*a["^]*c["^]*k|k["^]*(?:l["^]*i["^]*s["^]*t|s["^]*e["^]*t["^]*u["^]*p|t["^]*(?:m["^]*u["^]*t["^]*i["^]*l|p["^]*a["^]*s["^]*s))|l["^]*(?:o["^]*(?:d["^]*c["^]*t["^]*r|g["^]*(?:m["^]*a["^]*n|o["^]*f["^]*f))|p["^]*[q-r])|m["^]*(?:a["^]*(?:c["^]*f["^]*i["^]*l["^]*e|k["^]*e["^]*c["^]*a["^]*b|p["^]*a["^]*d["^]*m["^]*i["^]*n)|k["^]*(?:d["^]*i["^]*r|l["^]*i["^]*n["^]*k)|m["^]*c|o["^]*u["^]*n["^]*t["^]*v["^]*o["^]*l|q["^]*(?:b["^]*k["^]*u["^]*p|(?:t["^]*g["^]*)?s["^]*v["^]*c)|s["^]*(?:d["^]*t|i["^]*(?:e["^]*x["^]*e["^]*c|n["^]*f["^]*o["^]*3["^]*2)|t["^]*s["^]*c))|n["^]*(?:b["^]*t["^]*s["^]*t["^]*a["^]*t|e["^]*t["^]*(?:c["^]*f["^]*g|d["^]*o["^]*m|s["^]*(?:h|t["^]*a["^]*t))|f["^]*s["^]*(?:a["^]*d["^]*m["^]*i["^]*n|s["^]*(?:h["^]*a["^]*r["^]*e|t["^]*a["^]*t))|l["^]*(?:b["^]*m["^]*g["^]*r|t["^]*e["^]*s["^]*t)|s["^]*l["^]*o["^]*o["^]*k["^]*u["^]*p|t["^]*(?:b["^]*a["^]*c["^]*k["^]*u["^]*p|c["^]*m["^]*d["^]*p["^]*r["^]*o["^]*m["^]*p["^]*t|f["^]*r["^]*s["^]*u["^]*t["^]*l))|o["^]*(?:f["^]*f["^]*l["^]*i["^]*n["^]*e|p["^]*e["^]*n["^]*f["^]*i["^]*l["^]*e["^]*s)|p["^]*(?:a["^]*(?:g["^]*e["^]*f["^]*i["^]*l["^]*e["^]*c["^]*o["^]*n["^]*f["^]*i|t["^]*h["^]*p["^]*i["^]*n)["^]*g|(?:b["^]*a["^]*d["^]*m["^]*i|k["^]*t["^]*m["^]*o)["^]*n|e["^]*(?:n["^]*t["^]*n["^]*t|r["^]*f["^]*m["^]*o["^]*n)|n["^]*p["^]*u["^]*(?:n["^]*a["^]*t["^]*t["^]*e["^]*n["^]*d|t["^]*i["^]*l)|o["^]*(?:p["^]*d|w["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l)|r["^]*n["^]*(?:c["^]*n["^]*f["^]*g|(?:d["^]*r["^]*v|m["^]*n["^]*g)["^]*r|j["^]*o["^]*b["^]*s|p["^]*o["^]*r["^]*t|q["^]*c["^]*t["^]*l)|u["^]*(?:b["^]*p["^]*r["^]*n|s["^]*h["^]*(?:d|p["^]*r["^]*i["^]*n["^]*t["^]*e["^]*r["^]*c["^]*o["^]*n["^]*n["^]*e["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s))|w["^]*(?:l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r|s["^]*h))|q["^]*(?:a["^]*p["^]*p["^]*s["^]*r["^]*v|p["^]*r["^]*o["^]*c["^]*e["^]*s["^]*s|u["^]*s["^]*e["^]*r|w["^]*i["^]*n["^]*s["^]*t["^]*a)|r["^]*(?:d(?:["^]*p["^]*s["^]*i["^]*g["^]*n)?|e["^]*(?:f["^]*s["^]*u["^]*t["^]*i["^]*l|g(?:["^]*(?:i["^]*n["^]*i|s["^]*v["^]*r["^]*3["^]*2))?|l["^]*o["^]*g|(?:(?:p["^]*a["^]*d["^]*m["^]*i|s["^]*c["^]*a)["^]*)?n|x["^]*e["^]*c)|i["^]*s["^]*e["^]*t["^]*u["^]*p|m["^]*d["^]*i["^]*r|o["^]*b["^]*o["^]*c["^]*o["^]*p["^]*y|p["^]*c["^]*(?:i["^]*n["^]*f["^]*o|p["^]*i["^]*n["^]*g)|s["^]*h|u["^]*n["^]*d["^]*l["^]*l["^]*3["^]*2|w["^]*i["^]*n["^]*s["^]*t["^]*a)|s["^]*(?:a["^]*n|c["^]*(?:h["^]*t["^]*a["^]*s["^]*k["^]*s|w["^]*c["^]*m["^]*d)|e["^]*(?:c["^]*e["^]*d["^]*i["^]*t|r["^]*v["^]*e["^]*r["^]*(?:(?:c["^]*e["^]*i["^]*p|w["^]*e["^]*r)["^]*o["^]*p["^]*t["^]*i["^]*n|m["^]*a["^]*n["^]*a["^]*g["^]*e["^]*r["^]*c["^]*m["^]*d)|t["^]*x)|f["^]*c|(?:h["^]*o["^]*w["^]*m["^]*o["^]*u["^]*n|u["^]*b["^]*s)["^]*t|x["^]*s["^]*t["^]*r["^]*a["^]*c["^]*e|y["^]*s["^]*(?:o["^]*c["^]*m["^]*g["^]*r|t["^]*e["^]*m["^]*i["^]*n["^]*f["^]*o))|t["^]*(?:a["^]*(?:k["^]*e["^]*o["^]*w["^]*n|p["^]*i["^]*c["^]*f["^]*g|s["^]*k["^]*(?:k["^]*i["^]*l["^]*l|l["^]*i["^]*s["^]*t))|(?:c["^]*m["^]*s["^]*e["^]*t["^]*u|f["^]*t)["^]*p|(?:(?:e["^]*l["^]*n["^]*e|i["^]*m["^]*e["^]*o["^]*u)["^]*|r["^]*a["^]*c["^]*e["^]*r["^]*(?:p["^]*)?)t|l["^]*n["^]*t["^]*a["^]*d["^]*m["^]*n|p["^]*m["^]*(?:t["^]*o["^]*o["^]*l|v["^]*s["^]*c["^]*m["^]*g["^]*r)|s["^]*(?:(?:d["^]*i["^]*s["^]*)?c["^]*o["^]*n|e["^]*c["^]*i["^]*m["^]*p|k["^]*i["^]*l["^]*l|p["^]*r["^]*o["^]*f)|y["^]*p["^]*e["^]*p["^]*e["^]*r["^]*f|z["^]*u["^]*t["^]*i["^]*l)|u["^]*n["^]*(?:e["^]*x["^]*p["^]*o["^]*s["^]*e|i["^]*q["^]*u["^]*e["^]*i["^]*d|l["^]*o["^]*d["^]*c["^]*t["^]*r)|v["^]*(?:o["^]*l|s["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|w["^]*(?:a["^]*i["^]*t["^]*f["^]*o["^]*r|b["^]*a["^]*d["^]*m["^]*i["^]*n|(?:d["^]*s|e["^]*(?:c|v["^]*t))["^]*u["^]*t["^]*i["^]*l|h["^]*(?:e["^]*r["^]*e|o["^]*a["^]*m["^]*i)|i["^]*n["^]*(?:n["^]*t(?:["^]*3["^]*2)?|r["^]*s)|m["^]*i["^]*c|s["^]*c["^]*r["^]*i["^]*p["^]*t)|x["^]*c["^]*o["^]*p["^]*y)(?:.["^]*[0-9A-Z_a-z]+)?b
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*.[sv].*b
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?:$(?:((?:(.*)|.*))|{.*})|[<>](.*)|[!?.+])
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx /
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx s
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx /
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx s
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx /
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx s
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i).|(?:[sv]*|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|G["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?E["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?T|a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:b|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?t|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[jp])?|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ks])|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[8-9]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?9|[au]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|c|(?:m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dfu]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[gr])|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[bdx]|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|q["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[c-dgi]|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[chr]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|o|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dp]|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b)|j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|q)|k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)?|[nps]|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|v)|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[cl]|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|o["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[at]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?x|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|f|(?:k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?g|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cp]|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?y)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dv]|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dt]|[g-hu]|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cr]|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l|[co]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ex]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|l)|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|c)|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|z)|y["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)[-0-9_a-z]+(?:["'[-]]+|$+[!#*-0-9?-@x5c_a-{]+|``|[$<>]())[sv]*[-0-9_a-z]+
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i !@rx [0-9]s*'s*[0-9]
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx ;[sv]*.[sv]*["']?(?:a(?:rchive|uth)|b(?:a(?:ckup|il)|inary)|c(?:d|h(?:anges|eck)|lone|onnection)|d(?:atabases|b(?:config|info)|ump)|e(?:cho|qp|x(?:cel|it|p(?:ert|lain)))|f(?:ilectrl|ullschema)|he(?:aders|lp)|i(?:mpo(?:rt|ster)|ndexes|otrace)|l(?:i(?:mi|n)t|o(?:ad|g))|(?:mod|n(?:onc|ullvalu)|unmodul)e|o(?:nce|pen|utput)|p(?:arameter|r(?:int|o(?:gress|mpt)))|quit|re(?:ad|cover|store)|s(?:ave|c(?:anstats|hema)|e(?:lftest|parator|ssion)|h(?:a3sum|ell|ow)?|tats|ystem)|t(?:ables|estc(?:ase|trl)|ime(?:out|r)|race)|vfs(?:info|list|name)|width)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:["-#%-&*--9A-Zx5c_a-z]+)?(?: ([ x5ca-z]+))?(?: "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [+-][0-9]{4}"?)? {[0-9]{1,20}+?}|UTHENTICATE [-0-9_a-z]{1,20}rn)|L(?:SUB (?:["-#*.-9A-Z_a-z~]+)? (?:["%-&*.-9A-Zx5c_a-z]+)?|ISTRIGHTS (?:["%-&*--9A-Zx5c_a-z]+)?)|S(?:TATUS (?:["%-&*--9A-Zx5c_a-z]+)? ((?:U(?:NSEEN|IDNEXT)|MESSAGES|UIDVALIDITY|RECENT| )+)|ETACL (?:["%-&*--9A-Zx5c_a-z]+)? [+-][ac-eik-lpr-tw-x]+?)|UID (?:COPY|FETCH|STORE) (?:[*,0-:]+)?|(?:(?:DELETE|GET)ACL|MYRIGHTS) (?:["%-&*--9A-Zx5c_a-z]+)?)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|an|io|ulimit)|s(?:h|plit|vtool)|u(?:(?:t|rl)[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|inks|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[^sv])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash|nap)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:3m|c|a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:c|a(?:ll|tch)[sv&)<>|]|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @pmFromFile unix-shell.data
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))b
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))b
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) ["-#%-&*--9A-Zx5c_a-z]+|APABILITY|HECK|LOSE)|DELETE ["-#%-&*--.0-9A-Zx5c_a-z]+|EX(?:AMINE ["-#%-&*--.0-9A-Zx5c_a-z]+|PUNGE)|FETCH [*,0-:]+|L(?:IST ["-#*--9A-Zx5c_a-z~]+? ["-#%-&*--9A-Zx5c_a-z]+|OG(?:IN [--.0-9@_a-z]{1,40} .*?|OUT))|RENAME ["-#%-&*--9A-Zx5c_a-z]+? ["-#%-&*--9A-Zx5c_a-z]+|S(?:E(?:LECT ["-#%-&*--9A-Zx5c_a-z]+|ARCH(?: CHARSET [--.0-9A-Z_a-z]{1,40})? (?:(KEYWORD x5c)?(?:A(?:LL|NSWERED)|BCC|D(?:ELETED|RAFT)|(?:FLAGGE|OL)D|RECENT|SEEN|UN(?:(?:ANSWER|FLAGG)ED|D(?:ELETED|RAFT)|SEEN)|NEW)|(?:BODY|CC|FROM|HEADER .{1,100}|NOT|OR .{1,255}|T(?:EXT|O)) .{1,255}|LARGER [0-9]{1,20}|[*,0-:]+|(?:BEFORE|ON|S(?:ENT(?:(?:BEFOR|SINC)E|ON)|INCE)) "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4}"?|S(?:MALLER [0-9]{1,20}|UBJECT .{1,255})|U(?:ID [*,0-:]+?|NKEYWORD x5c(Seen|(?:Answer|Flagg)ed|D(?:eleted|raft)|Recent))))|T(?:ORE [*,0-:]+? [+-]?FLAGS(?:.SILENT)? (?:(x5c[a-z]{1,20}))?|ARTTLS)|UBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+)|UN(?:SUBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+|AUTHENTICATE)|NOOP)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @rx !(?:d|!)
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_RCE
+
 acl block_RCE hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_RCE
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-config-directives.data
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pm =
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-variables.data
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-function-names-933150.data
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?i)b(?["']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:*.**/|/.*)|#.*[sv]|")*["']*)?[sv]*(.*)
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx [oOcC]:d+:".+?":d+:{.*}
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+));
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-function-names-933151.data
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pm (
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx .*.(?:phpd*|phtml)..*$
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pm ?>
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+))(?:;|$)?
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_PHP
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)["'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[["'`](?:debug|error|info|trace|warn)["'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[["'`](?:(?:resolv|cach)e|main|extensions)["'`]])
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @pmFromFile ssrf.data
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx (?:__proto__|constructors*(?:.|[)s*prototype)
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx Process[sv]*.[sv]*spawn[sv]*(
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|"[^"]+"|'[^']+'|`[^`]+`)).*)
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx ^data:(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx [s*constructors*]
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @rx @{.*}
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_GENERIC
+
 acl block_GENERIC hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_GENERIC
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i !@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @detectXSS
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<script[^>]*>[sS]*?
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv"'<>]*:)?[^0-9<>A-Z_a-z]*[^0-9A-Z_a-z]*?(?:s[^0-9A-Z_a-z]*?(?:c[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?t|t[^0-9A-Z_a-z]*?y[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e|v[^0-9A-Z_a-z]*?g|e[^0-9A-Z_a-z]*?t[^0-9>A-Z_a-z])|f[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?m|m[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?q[^0-9A-Z_a-z]*?u[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?e|e[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?a[^0-9>A-Z_a-z])|(?:l[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?k|o[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?j[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?c[^0-9A-Z_a-z]*?t|e[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?d|a[^0-9A-Z_a-z]*?(?:p[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?t|u[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?o|n[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?e)|p[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m|i?[^0-9A-Z_a-z]*?f[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?e|b[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?s[^0-9A-Z_a-z]*?e|o[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?y|i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?s)|i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a?[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?e?|v[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?o)[^0-9>A-Z_a-z])|(?:<[0-9A-Z_a-z].*[sv/]|["'](?:.*[sv/])?)(?:background|formaction|lowsrc|on(?:a(?:bort|ctivate|d(?:apteradded|dtrack)|fter(?:print|(?:scriptexecu|upda)te)|lerting|n(?:imation(?:cancel|end|iteration|start)|tennastatechange)|ppcommand|u(?:dio(?:end|process|start)|xclick))|b(?:e(?:fore(?:(?:(?:(?:de)?activa|scriptexecu)t|toggl)e|c(?:opy|ut)|editfocus|input|p(?:aste|rint)|u(?:nload|pdate))|gin(?:Event)?)|l(?:ocked|ur)|oun(?:ce|dary)|roadcast|usy)|c(?:a(?:(?:ch|llschang)ed|nplay(?:through)?|rdstatechange)|(?:ell|fstate)change|h(?:a(?:rging(?:time)?cha)?nge|ecking)|l(?:ick|ose)|o(?:m(?:mand(?:update)?|p(?:lete|osition(?:end|start|update)))|n(?:nect(?:ed|ing)|t(?:extmenu|rolselect))|py)|u(?:echange|t))|d(?:ata(?:(?:availabl|chang)e|error|setc(?:hanged|omplete))|blclick|e(?:activate|livery(?:error|success)|vice(?:found|light|(?:mo|orienta)tion|proximity))|i(?:aling|s(?:abled|c(?:hargingtimechange|onnect(?:ed|ing))))|o(?:m(?:a(?:ctivate|ttrmodified)|(?:characterdata|subtree)modified|focus(?:in|out)|mousescroll|node(?:inserted(?:intodocument)?|removed(?:fromdocument)?))|wnloading)|r(?:ag(?:drop|e(?:n(?:d|ter)|xit)|(?:gestur|leav)e|over|start)|op)|urationchange)|e(?:mptied|n(?:abled|d(?:ed|Event)?|ter)|rror(?:update)?|xit)|f(?:ailed|i(?:lterchange|nish)|o(?:cus(?:in|out)?|rm(?:change|input))|ullscreenchange)|g(?:amepad(?:axismove|button(?:down|up)|(?:dis)?connected)|et)|h(?:ashchange|e(?:adphoneschange|l[dp])|olding)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|put|valid))|key(?:down|press|up)|l(?:evelchange|o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|y)|m(?:ark|essage|o(?:use(?:down|enter|(?:lea|mo)ve|o(?:ut|ver)|up|wheel)|ve(?:end|start)?|z(?:a(?:fterpaint|udioavailable)|(?:beforeresiz|orientationchang|t(?:apgestur|imechang))e|(?:edgeui(?:c(?:ancel|omplet)|start)e|network(?:down|up)loa)d|fullscreen(?:change|error)|m(?:agnifygesture(?:start|update)?|ouse(?:hittest|pixelscroll))|p(?:ointerlock(?:change|error)|resstapgesture)|rotategesture(?:start|update)?|s(?:crolledareachanged|wipegesture(?:end|start|update)?))))|no(?:match|update)|o(?:(?:bsolet|(?:ff|n)lin)e|pen|verflow(?:changed)?)|p(?:a(?:ge(?:hide|show)|int|(?:st|us)e)|lay(?:ing)?|o(?:inter(?:down|enter|(?:(?:lea|mo)v|rawupdat)e|o(?:ut|ver)|up)|p(?:state|up(?:hid(?:den|ing)|show(?:ing|n))))|ro(?:gress|pertychange))|r(?:atechange|e(?:adystatechange|ceived|movetrack|peat(?:Event)?|quest|s(?:et|ize|u(?:lt|m(?:e|ing)))|trieving)|ow(?:e(?:nter|xit)|s(?:delete|inserted)))|s(?:croll(?:end)?|e(?:arch|ek(?:complete|ed|ing)|lect(?:ionchange|start)?|n(?:ding|t)|t)|how|(?:ound|peech)(?:end|start)|t(?:a(?:lled|rt|t(?:echange|uschanged))|k(?:comma|sessione)nd|op)|u(?:bmit|ccess|spend)|vg(?:abort|error|(?:un)?load|resize|scroll|zoom))|t(?:ext|ime(?:out|update)|o(?:ggle|uch(?:cancel|en(?:d|ter)|(?:lea|mo)ve|start))|ransition(?:cancel|end|run|start))|u(?:n(?:derflow|handledrejection|load)|p(?:dateready|gradeneeded)|s(?:erproximity|sdreceived))|v(?:ersion|o(?:ic|lum)e)change|w(?:a(?:it|rn)ing|ebkit(?:animation(?:end|iteration|start)|transitionend)|heel)|zoom)|ping|s(?:rc|tyle))[x08-nf-r ]*?=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:["']|W*?uW*?rW*?l[sS]*?()|[^-]*?-W*?mW*?oW*?zW*?-W*?bW*?iW*?nW*?dW*?iW*?nW*?g[^:]*?:W*?uW*?rW*?l[sS]*?(
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)(?:v|&#(?:0*8|x0*5)[36];)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*6[26]|x0*(?:98|42));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<EMBED[s/+].*?(?:src|type).*?=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx <[?]?import[s/+S]*?implementation[s/+]*?=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*["'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i:<META[s/+].*?charset[s/+]*=)
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<LINK[s/+].*?href[s/+]*=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<BASE[s/+].*?href[s/+]*=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<APPLET[s/+>]
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx +ADw-.*(?:+AD4-|>)|<.*+AD4-
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx ![!+ ][]
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa)[sv]*(
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @detectXSS
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)[s"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @contains -->
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i:["'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx (?i)["'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?=
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @rx {{.*?}}
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_XSS
+
 acl block_XSS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_XSS
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @detectSQLi
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)["'`](?:[sv]*![sv]*["'0-9A-Z_-z]|;?[sv]*(?:having|select|unionb[sv]*(?:all|(?:distin|sele)ct))b[sv]*[^sv])|b(?:(?:(?:c(?:onnection_id|urrent_user)|database|schema|user)[sv]*?|select.*?[0-9A-Z_a-z]?user)(|exec(?:ute)?[sv]+master.|from[^0-9A-Z_a-z]+information_schema[^0-9A-Z_a-z]|into[sv+]+(?:dump|out)file[sv]*?["'`]|union(?:[sv]select[sv]@|[sv(0-9A-Z_a-z]*?select))|[sv]*?exec(?:ute)?.*?[^0-9A-Z_a-z]xp_cmdshell|[^0-9A-Z_a-z]iif[sv]*?(
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|["'`](?:;*?[sv]*?waitfor[sv]+(?:time|delay)[sv]+["'`]|;.*?:[sv]*?goto)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:merge.*?usings*?(|executes*?immediates*?["'`]|matchs*?[w(),+-]+s*?againsts*?()
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)union.*?select.*?from
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?["'`]+[sv]?[0-9]|;[sv]*?shutdown[sv]*?(?:[#;{]|/*|--)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|["'0-9A-Z_-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:(?:(?:(?:cre|trunc)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]+[0-9A-Z_a-z]+|u(?:pdate[sv]+[0-9A-Z_a-z]+|nion[sv]*(?:all|(?:sele|distin)ct)b)|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject))b)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:/*[!+](?:[ws=_-()]+)?*/)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ^(?:[^']*'|[^"]*"|[^`]*`)[sv]*;
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)1.e[(-),]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ["'`][[{].*[]}]["'`].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)["'`][[{].*[]}]["'`]|json_extract.*(.*)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?:^s*["'`;]+|["'`]+s*$)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[sv]*()|r(?:egexp|like)[sv]+binary|not[sv]+between[sv]+(?:0[sv]+and|(?:'[^']*'|"[^"]*")[sv]+and[sv]+(?:'[^']*'|"[^"]*"))|is[sv]+null|like[sv]+(?:null|[0-9A-Z_a-z]+[sv]+escapeb)|(?:^|[^0-9A-Z_a-z])in[sv+]*([sv"0-9]+[^(-)]*)|[!<->]{1,2}[sv]*allb
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:=|<=>|(?:sounds[sv]+)?like|glob|r(?:like|egexp))[sv"'-)`]*?b([0-9A-Z_a-z]+)b
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @streq %{TX.2}
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:![<->]|<[=->]?|>=?|^|is[sv]+not|not[sv]+(?:like|r(?:like|egexp)))[sv"'-)`]*?b([0-9A-Z_a-z]+)b
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i !@streq %{TX.2}
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*(
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:/*)+["'`]+[sv]?(?:--|[#{]|/*)?|["'`](?:[sv]*(?:(?:x?or|and|div|like|between)[sv-0-9A-Z_a-z]+[(-)+--<->][sv]*["'0-9`]|[!=|](?:[sv -!+-0-9=]+.*?["'-(`].*?|[sv -!0-9=]+.*?[0-9]+)$|(?:like|print)[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|;)|(?:[<>~]+|[sv]*[^sv0-9A-Z_a-z]?=[sv]*|[^0-9A-Z_a-z]*?[+=]+[^0-9A-Z_a-z]*?)["'`])|[0-9]["'`][sv]+["'`][sv]+[0-9]|^admin[sv]*?["'`]|[sv"'-(`][sv]*?glob[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|[sv]is[sv]*?0[^0-9A-Z_a-z]|where[sv][sv,-.0-9A-Z_a-z]+[sv]=
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i),.*?["')0-9`-f]["'`](?:["'`].*?["'`]|(?:r?n)?z|[^"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]*?([sv]*?space[sv]*?(
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?["'-)=`]|[0-9](?:[sv]*?(?:and|between|div|like|x?or)[sv]*?[0-9]+[sv]*?[+-]|[sv]+group[sv]+by.+()|/[0-9A-Z_a-z]+;?[sv]+(?:and|between|div|having|like|x?or|select)[^0-9A-Z_a-z]|(?:[#;]|--)[sv]*?(?:alter|drop|(?:insert|update)[sv]*?[0-9A-Z_a-z]{2,})|@.+=[sv]*?([sv]*?select|[^0-9A-Z_a-z]SET[sv]*?@[0-9A-Z_a-z]+
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)["'`][sv]*?(?:(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)[sv]+[sv0-9A-Z_a-z]+=[sv]*?[0-9A-Z_a-z]+[sv]*?having[sv]+|like[^0-9A-Z_a-z]*?["'0-9`])|[0-9A-Z_a-z][sv]+like[sv]+["'`]|like[sv]*?["'`]%|select[sv]+?[sv"'-),-.0-9A-[]_-z]+from[sv]+
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|["'`][sv]*?(?:[#{]|--)|/*![sv]?[0-9]+|b(?:(?:binary|cha?r)[sv]*?([sv]*?[0-9]|(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between|r(?:egexp|like))[sv]+[0-9A-Z_a-z]+()|(?:|||&&)[sv]*?[0-9A-Z_a-z]+(
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z]["'`][sv]*?(?:(?:[+-=@|]+[sv]+?)+|[+-=@|]+)[(0-9]|@@[0-9A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]|[^0-9A-Z_a-z]!+["'`][0-9A-Z_a-z]|["'`](?:;[sv]*?(?:if|while|begin)|[sv0-9]+=[sv]*?[0-9])|[sv(]+case[0-9]*?[^0-9A-Z_a-z].+[tw]hen[sv(]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)["'`][sv]*?b(?:x?or|div|like|between|and)b[sv]*?["'`]?[0-9]|x5cx(?:2[37]|3d)|^(?:.?["'`]$|["'x5c`]*?(?:["'0-9`]+|[^"'`]+["'`])[sv]*?b(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)b[sv]*?["'0-9A-Z_-z][!&(-)+-.@])|[^sv0-9A-Z_a-z][0-9A-Z_a-z]+[sv]*?[-|][sv]*?["'`][sv]*?[0-9A-Z_a-z]|@(?:[0-9A-Z_a-z]+[sv]+(?:and|x?or|div|like|between)b[sv]*?["'0-9`]+|[-0-9A-Z_a-z]+[sv](?:and|x?or|div|like|between)b[sv]*?[^sv0-9A-Z_a-z])|[^sv0-:A-Z_a-z][sv]*?[0-9][^0-9A-Z_a-z]+[^sv0-9A-Z_a-z][sv]*?["'`].|[^0-9A-Z_a-z]information_schema|table_name[^0-9A-Z_a-z]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?["'`]|[0-9=]+x)|["'`](?:[sv]*?(?:[0-9][sv]*?(?:--|#)|is[sv]*?(?:[0-9].+["'`]?[0-9A-Z_a-z]|[.0-9]+[sv]*?[^0-9A-Z_a-z].*?["'`]))|[%-&<->^]+[0-9][sv]*?(?:=|x?or|div|like|between|and)|(?:[^0-9A-Z_a-z]+[+-0-9A-Z_a-z]+[sv]*?=[sv]*?[0-9][^0-9A-Z_a-z]+||?[-0-9A-Z_a-z]{3,}[^sv,.0-9A-Z_a-z]+)["'`]|[sv]*(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)(?:array[sv]*[|[0-9A-Z_a-z]+(?:[sv]*!?~|[sv]+(?:not[sv]+)?similar[sv]+to[sv]+)|(?:tru|fals)eb))|bexcept[sv]+(?:selectb|values[sv]*?()
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:^[Wd]+s*?(?:alter|union)b)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|[^A-Z_a-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:create[sv]+[0-9A-Z_a-z]+|(?:d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load|(?:renam|truncat)e|u(?:pdate|nion[sv]*(?:all|(?:sele|distin)ct))|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject)))b)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)["'`](?:[sv]*?(?:(?:*.+(?:x?or|div|like|between|(?:an|i)d)[^0-9A-Z_a-z]*?["'`]|(?:x?or|div|like|between|and)[sv][^0-9]+[-0-9A-Z_a-z]+.*?)[0-9]|[^sv0-9?A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]+[sv]*?["'`]|[^sv0-9A-Z_a-z]+[sv]*?[^A-Z_a-z].*?(?:#|--))|.*?*[sv]*?[0-9])|^["'`]|[%(-+-<>][-0-9A-Z_a-z]+[^sv0-9A-Z_a-z]+["'`][^,]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["'][^=]{1,10}[ "'<-?[]+))|ex(?:ecute(?:(|[sv]{1,5}[$.0-9A-Z_a-z]{1,5}[sv]{0,3})|ists[sv]*?([sv]*?selectb)|(?:create[sv]+?table.{0,20}?|like[^0-9A-Z_a-z]*?char[^0-9A-Z_a-z]*?)()|select.*?case|from.*?limit|order[sv]by|exists[sv](?:[sv]select|s(?:elect[^sv](?:if(?:null)?[sv](|top|concat)|ystem[sv]()|bhavingb[sv]+[0-9]{1,10}|'[^=]{1,10}')
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|["'][^=]{1,10}["'])[sv]?[<->]+|[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|xorb[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|'[sv]+x?or[sv]+.{1,20}[!+-<->]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["'][^=]{1,10}["']) ?[<->]+)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){12})
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i !@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i:b0x[a-fd]{3,})
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)["'`][sv]*?(?:(?:is[sv]+not|not[sv]+(?:like|glob|(?:betwee|i)n|null|regexp|match)|mod|div|sounds[sv]+like)b|[%-&*-+-/<->^|])
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^"]*?(?:"[^"]*?"[^"]*?)*?"|[^`]*?(?:`[^`]*?`[^`]*?)*?`)[sv]*([0-9A-Z_a-z]+)b
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ^(?:and|or)$
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ^.*?x5c['"`](?:.*?['"`])?s*(?:and|or)b
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @detectSQLi
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*(
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?i)W+d*?s*?bhavingbs*?[^s-]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ["'`][sd]*?[^ws]W*?dW*?.*?["'`d]
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){8})
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){6})
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx W{4}
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx (?:'(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)')
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ';
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){3})
 http-request deny if block_SQLI
+
 acl block_SQLI hdr_sub(User-Agent) -i @rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){2})
 http-request deny if block_SQLI
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @rx ^(?:ht|f)tps?://(.*?)/
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i !@endsWith %{request_headers.host}
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_FIXATION
+
 acl block_FIXATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_FIXATION
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx java.lang.(?:runtime|processbuilder)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:runtime|processbuilder)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:unmarshaller|base64data|java.)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:runtime|processbuilder)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @pmFromFile java-classes.data
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx .*.(?:jsp|jspx).*$
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx xacxedx00x05
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:rO0ABQ|KztAAU|Cs7QAF)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx javab.+(?:runtime|processbuilder)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)
 http-request deny if block_JAVA
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge %{tx.inbound_anomaly_score_threshold}
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge %{tx.inbound_anomaly_score_threshold}
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_EVALUATION
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @rx ^#!s?/
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @rx ^5d{2}$
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_LEAKAGES
+
 acl block_LEAKAGES hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_LEAKAGES
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i !@pmFromFile sql-errors.data
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)Dynamic SQL Error
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)Exception (?:condition )?d+. Transaction rollback.
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)org.hsqldb.jdbc
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SQL
+
 acl block_SQL hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SQL
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @pmFromFile java-code-leakages.data
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @pmFromFile java-errors.data
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_JAVA
+
 acl block_JAVA hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_JAVA
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-errors.data
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @rx (?i)<?(?:=|php)?s+
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @pmFromFile php-errors-pl2.data
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_PHP
+
 acl block_PHP hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_PHP
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @rx [a-z]:x5cinetpubb
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @pmFromFile iis-errors.data
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i !@rx ^404$
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @rx bServer Error in.{0,50}?bApplicationb
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_IIS
+
 acl block_IIS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_IIS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @pmFromFile web-shells-php.data
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>Mini Shell</title>.*Developed By LameHacker
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>Symlink_Sa [0-9.]+</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>CasuS [0-9.]+ by MafiABoY</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>lama's'hell v. [0-9.]+</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>n<head>n<div align="left"><font size="1">Input command :</font></div>n<form name="cmd" method="POST" enctype="multipart/form-data">
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>n<head>n<title>Ru24PostWebShell -
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>rn<head>rn<meta http-equiv="Content-Type" content="text/html; charset=gb2312">rn<title>PhpSpy Ver [0-9]+</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @contains <title>punkholicshell</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @contains <h1 style="margin-bottom: 0">webadmin.php</h1>
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SHELLS
+
 acl block_SHELLS hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_SHELLS
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge %{tx.outbound_anomaly_score_threshold}
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @eq 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @ge %{tx.outbound_anomaly_score_threshold}
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_EVALUATION
+
 acl block_EVALUATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_EVALUATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @ge 5
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @eq 0
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @ge %{tx.inbound_anomaly_score_threshold}
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @ge %{tx.outbound_anomaly_score_threshold}
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @ge %{tx.inbound_anomaly_score_threshold}
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @ge %{tx.outbound_anomaly_score_threshold}
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @gt 0
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 1
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 2
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 3
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_CORRELATION
+
 acl block_CORRELATION hdr_sub(User-Agent) -i @lt 4
 http-request deny if block_CORRELATION
+
diff --git a/waf_patterns/traefik/middleware.toml b/waf_patterns/traefik/middleware.toml
index e9fbfce..cb4e7e2 100644
--- a/waf_patterns/traefik/middleware.toml
+++ b/waf_patterns/traefik/middleware.toml
@@ -1,1939 +1,538 @@
 [http.middlewares]
+
 [http.middlewares.bad_bot_block_INITIALIZATION]
   [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@rx ^.*$"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["!@rx (?:URLENCODED|MULTIPART|XML|JSON)"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["!@rx (?:URLENCODED|MULTIPART|XML|JSON)"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@eq 100"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@rx ^[a-f]*([0-9])[a-f]*([0-9])"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["!@lt %{tx.sampling_percentage}"]
-[http.middlewares.bad_bot_block_INITIALIZATION]
-  [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
-    userAgent = ["@lt %{tx.blocking_paranoia_level}"]
+    userAgent = [
+      "@rx ^.*$",
+      "@lt %{tx.blocking_paranoia_level}",
+      "!@rx (?:URLENCODED|MULTIPART|XML|JSON)",
+      "@eq 100",
+      "!@lt %{tx.sampling_percentage}",
+      "@eq 0",
+      "@eq 1",
+      "@rx ^[a-f]*([0-9])[a-f]*([0-9])"
+    ]
+
 [http.middlewares.bad_bot_block_EXCEPTIONS]
   [http.middlewares.bad_bot_block_EXCEPTIONS.plugin.badbot]
-    userAgent = ["@streq GET /"]
-[http.middlewares.bad_bot_block_EXCEPTIONS]
-  [http.middlewares.bad_bot_block_EXCEPTIONS.plugin.badbot]
-    userAgent = ["@ipMatch 127.0.0.1,::1"]
-[http.middlewares.bad_bot_block_EXCEPTIONS]
-  [http.middlewares.bad_bot_block_EXCEPTIONS.plugin.badbot]
-    userAgent = ["@ipMatch 127.0.0.1,::1"]
-[http.middlewares.bad_bot_block_EXCEPTIONS]
-  [http.middlewares.bad_bot_block_EXCEPTIONS.plugin.badbot]
-    userAgent = ["@endsWith (internal dummy connection)"]
-[http.middlewares.bad_bot_block_EXCEPTIONS]
-  [http.middlewares.bad_bot_block_EXCEPTIONS.plugin.badbot]
-    userAgent = ["@rx ^(?:GET /|OPTIONS *) HTTP/[12].[01]$"]
+    userAgent = [
+      "@endsWith (internal dummy connection)",
+      "@rx ^(?:GET /|OPTIONS *) HTTP/[12].[01]$",
+      "@streq GET /",
+      "@ipMatch 127.0.0.1,::1"
+    ]
+
 [http.middlewares.bad_bot_block_ENFORCEMENT]
   [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@within %{tx.allowed_methods}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@gt %{tx.arg_name_length}",
+      "@rx ^.*$",
+      "@lt %{tx.1}",
+      "@gt %{tx.max_file_size}",
+      "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b",
+      "!@endsWith .pdf",
+      "@endsWith .pdf",
+      "@gt %{tx.combined_file_sizes}",
+      "!@streq JSON",
+      "@eq 0",
+      "@within %{tx.restricted_extensions}",
+      "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}",
+      "!@within %{tx.allowed_http_versions}",
+      "!@rx ^d+$",
+      "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0",
+      "@lt 4",
+      "@rx (d+)-(d+)",
+      "@validateUtf8Encoding",
+      "@streq POST",
+      "!@rx ^0?$",
+      "@gt 0",
+      "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122",
+      "@gt 50",
+      "@lt 2",
+      "@rx %u[fF]{2}[0-9a-fA-F]{2}",
+      "!@rx ^0$",
+      "@rx ^(?i)application/x-www-form-urlencoded",
+      "!@within %{tx.allowed_request_content_type_charset}",
+      "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$",
+      "@rx charsets*=s*[\\"']?([^;\\"'s]+)",
+      "@within %{tx.restricted_headers_extended}",
+      "!@eq 0",
+      "@validateByteRange 1-255",
+      "@eq 1",
+      "@gt %{tx.arg_length}",
+      "@rx .([^.]+)$",
+      "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^\\"';=])*$",
+      "@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)",
+      "@rx ^(?i)multipart/form-data",
+      "@contains #",
+      "@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]",
+      "@gt %{tx.total_arg_length}",
+      "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['\\"w.()+,/:=?<>@#*-]+)*$",
+      "@rx ^(?:GET|HEAD)$",
+      "@rx ^$",
+      "@rx x25",
+      "@lt 3",
+      "!@rx ^OPTIONS$",
+      "@gt 1",
+      "@ge 1",
+      "@rx charset.*?charset",
+      "!@within %{tx.allowed_request_content_type}",
+      "@validateByteRange 9,10,13,32-126,128-255",
+      "@rx %[0-9a-fA-F]{2}",
+      "!@within %{tx.allowed_methods}",
+      "@validateByteRange 32-36,38-126",
+      "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122",
+      "!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)",
+      "@validateUrlEncoding",
+      "!@rx ^(?:?[01])?$",
+      "@gt %{tx.max_num_args}",
+      "!@pm AppleWebKit Android Business Enterprise Entreprise",
+      "@rx ['\\";=]",
+      "!@rx ^(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$",
+      "!@rx ^(?:OPTIONS|CONNECT)$",
+      "@rx ^[^;s]+",
+      "@lt 1",
+      "@rx .[^.~]+~(?:/.*|)$",
+      "@rx (?i)x5cu[0-9a-f]{4}",
+      "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$",
+      "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}",
+      "@rx ^(?i)up",
+      "!@pm AppleWebKit Android",
+      "@within %{tx.restricted_headers_basic}"
+    ]
+
 [http.middlewares.bad_bot_block_DETECTION]
   [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@pmFromFile scanners-user-agents.data"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_DETECTION]
-  [http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^d+$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^(?:GET|HEAD)$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^0?$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^(?:GET|HEAD)$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@streq POST"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx (d+)-(d+)"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt %{tx.1}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx b(?:keep-alive|close),s?(?:keep-alive|close)b"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx x25"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateUrlEncoding"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^(?i)application/x-www-form-urlencoded"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx x25"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateUrlEncoding"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateUtf8Encoding"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx %u[fF]{2}[0-9a-fA-F]{2}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateByteRange 1-255"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^OPTIONS$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@pm AppleWebKit Android Business Enterprise Entreprise"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^OPTIONS$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^0$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt %{tx.max_num_args}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt %{tx.arg_name_length}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt %{tx.arg_length}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt %{tx.total_arg_length}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^(?i)multipart/form-data"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt %{tx.max_file_size}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt %{tx.combined_file_sizes}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^[^;s]+"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@within %{tx.allowed_request_content_type}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx charsets*=s*["']?([^;"'s]+)"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@within %{tx.allowed_request_content_type_charset}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx charset.*?charset"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@within %{tx.allowed_http_versions}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx .([^.]+)$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@within %{tx.restricted_extensions}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx .[^.~]+~(?:/.*|)$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^.*$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@within %{tx.restricted_headers_basic}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt 50"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@streq JSON"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx (?i)x5cu[0-9a-f]{4}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@contains #"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@endsWith .pdf"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@endsWith .pdf"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx %[0-9a-fA-F]{2}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateByteRange 9,10,13,32-126,128-255"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ['";=]"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^0$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^.*$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@within %{tx.restricted_headers_extended}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateByteRange 32-36,38-126"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^(?:OPTIONS|CONNECT)$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@pm AppleWebKit Android"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^(?i)up"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@gt 0"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@endsWith .pdf"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateByteRange 38,44-46,48-58,61,65-90,95,97-122"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@validateByteRange 32,34,38,42-59,61,65-90,95,97-122"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["!@rx ^(?:?[01])?$"]
-[http.middlewares.bad_bot_block_ENFORCEMENT]
-  [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot]
-    userAgent = ["@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]"]
+    userAgent = [
+      "@lt 2",
+      "@pmFromFile scanners-user-agents.data",
+      "@lt 1",
+      "@lt 3",
+      "@lt 4"
+    ]
+
 [http.middlewares.bad_bot_block_ATTACK]
   [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx (?:bhttp/d|<(?:html|meta)b)"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx [nr]"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx [nr]"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx [nr]"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx unix:[^|]*|"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx [nr]"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@gt 0"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ."]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@gt 1"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx TX:paramcounter_(.*)"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx (][^]]+$|][^]]+[)"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ["]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["!@eq 0"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["!@within |%{tx.allowed_request_content_type_charset}|"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx ^content-types*:s*(.*)$"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$"]
-[http.middlewares.bad_bot_block_ATTACK]
-  [http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
-    userAgent = ["@rx content-transfer-encoding:(.*)"]
+    userAgent = [
+      "@rx TX:paramcounter_(.*)",
+      "!@within |%{tx.allowed_request_content_type_charset}|",
+      "@rx (?:bhttp/d|<(?:html|meta)b)",
+      "@lt 4",
+      "@rx ^content-types*:s*(.*)$",
+      "@gt 0",
+      "@rx (][^]]+$|][^]]+[)",
+      "@lt 2",
+      "@rx [nr]",
+      "!@eq 0",
+      "@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)",
+      "@rx .",
+      "@rx unix:[^|]*|",
+      "@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)",
+      "@lt 3",
+      "@gt 1",
+      "@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b",
+      "@rx [",
+      "@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w",
+      "@rx content-transfer-encoding:(.*)",
+      "@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d",
+      "!@rx ^(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$",
+      "@lt 1",
+      "@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:"
+    ]
+
 [http.middlewares.bad_bot_block_LFI]
   [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@pmFromFile lfi-os-files.data"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@pmFromFile restricted-files.data"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@pmFromFile lfi-os-files.data"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_LFI]
-  [http.middlewares.bad_bot_block_LFI.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@pmFromFile lfi-os-files.data",
+      "@lt 2",
+      "@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))",
+      "@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))",
+      "@lt 1",
+      "@lt 3",
+      "@lt 4",
+      "@pmFromFile restricted-files.data"
+    ]
+
 [http.middlewares.bad_bot_block_RFI]
   [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@rx ^(?i:file|ftps?|https?).*??+$"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["!@endsWith .%{request_headers.host}"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["!@endsWith .%{request_headers.host}"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_RFI]
-  [http.middlewares.bad_bot_block_RFI.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://",
+      "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)",
+      "@lt 2",
+      "@rx ^(?i:file|ftps?|https?).*??+$",
+      "!@endsWith .%{request_headers.host}",
+      "@rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})",
+      "@lt 1",
+      "@lt 3",
+      "@lt 4"
+    ]
+
 [http.middlewares.bad_bot_block_RCE]
   [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[&,<>|]|(?:[--.0-9A-Z_a-z]["'[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#*-0-9?-@_a-{]*)?x5c?)+[sv&,<>|]).*|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:4|[sv&),<>|].*))|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)b"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[sv&)<>|]|a(?:dd(?:group|user)|getty|l(?:ias|pine)[sv&)<>|]|nsible-playbook|pt(?:-get|itude[sv&)<>|])|r(?:ch[sv&)<>|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm|xel)|b(?:a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[sv&)<>|]|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[sv&)<>|]|on(?:tab)?)|s(?:plit|vtool)|u(?:psfilter|rl[sv&)<>|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[sv&)<>|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[sv&)<>|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r)))|f(?:acter|(?:etch|lock|unction)[sv&)<>|]|grep|i(?:le(?:[sv&)<>|]|test)|(?:n(?:d|ger)|sh)[sv&)<>|])|o(?:ld[sv&)<>|]|reach)|ping|tp(?:stats|who))|g(?:awk[sv&)<>|]|core|e(?:ni(?:e[sv&)<>|]|soimage)|tfacl[sv&)<>|])|hci|i(?:mp[sv&)<>|]|nsh)|r(?:ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[sv&)<>|]|onice|p(?:6?tables|config)|spell)|j(?:ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:ill(?:[sv&)<>|]|all)|nife[sv&)<>|]|sshell)|l(?:a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|dconfig|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[sv&)<>|]|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[sv&)<>q|]|x[sv&)<>|])|ke[sv&)<>|]|ster.passwd|wk)|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[sv&)<>|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[sv&)<>|]|sm|wk)|c(?:.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[sv&)<>|]|map|o(?:de[sv&)<>|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:f(?:la)?tex|ksh)|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[sv&)<>|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[sv&)<>|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[sv&)<>|]|shd)|wd.db|ython[^sv])|r(?:ak(?:e[sv&)<>|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[sv&)<>|]|stic)|l(?:ogin|wrap)|m(?:dir[sv&)<>|]|user)|nano|oute[sv&)<>|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|nap)[sv&)<>|]|c(?:hed|r(?:een|ipt)[sv&)<>|])|diff|e(?:(?:lf|rvice)[sv&)<>|]|ndmail|t(?:arch|env|facl[sv&)<>|]|sid))|ftp|h(?:.distrib|(?:adow|ells)[sv&)<>|]|u(?:f|tdown[sv&)<>|]))|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:(?:out)?[sv&)<>|]|datectl)|mux|ouch[sv&)<>|]|r(?:aceroute6?|off)|shark)|u(?:limit[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[sv&)<>|]|gr|mdiff|pw|rsh)|olatility[sv&)<>|])|w(?:a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@pmFromFile windows-powershell-commands.data"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:(?:a["^]*(?:c|s["^]*n["^]*p)|e["^]*(?:b["^]*p|p["^]*(?:a["^]*l|c["^]*s["^]*v|s["^]*n)|[tx]["^]*s["^]*n)|f["^]*(?:[cltw]|o["^]*r["^]*e["^]*a["^]*c["^]*h)|i["^]*(?:[cr]["^]*m|e["^]*x|h["^]*y|i|p["^]*(?:a["^]*l|c["^]*s["^]*v|m["^]*o|s["^]*n)|s["^]*e|w["^]*(?:m["^]*i|r))|m["^]*(?:a["^]*n|[dipv]|o["^]*u["^]*n["^]*t)|o["^]*g["^]*v|p["^]*(?:o["^]*p|u["^]*s["^]*h)["^]*d|t["^]*r["^]*c["^]*m|w["^]*j["^]*b)["^]*[sv,.-/;-<>].*|c["^]*(?:(?:(?:d|h["^]*d["^]*i["^]*r|v["^]*p["^]*a)["^]*|p["^]*(?:[ip]["^]*)?)[sv,.-/;-<>].*|l["^]*(?:(?:[cipv]|h["^]*y)["^]*[sv,.-/;-<>].*|s)|n["^]*s["^]*n)|d["^]*(?:(?:b["^]*p|e["^]*l|i["^]*(?:f["^]*f|r))["^]*[sv,.-/;-<>].*|n["^]*s["^]*n)|g["^]*(?:(?:(?:(?:a["^]*)?l|b["^]*p|d["^]*r|h["^]*y|(?:w["^]*m["^]*)?i|j["^]*b|[u-v])["^]*|c["^]*(?:[ims]["^]*)?|m["^]*(?:o["^]*)?|s["^]*(?:n["^]*(?:p["^]*)?|v["^]*))[sv,.-/;-<>].*|e["^]*r["^]*r|p["^]*(?:(?:s["^]*)?[sv,.-/;-<>].*|v))|l["^]*s|n["^]*(?:(?:a["^]*l|d["^]*r|[iv]|m["^]*o|s["^]*n)["^]*[sv,.-/;-<>].*|p["^]*s["^]*s["^]*c)|r["^]*(?:(?:(?:(?:b["^]*)?p|e["^]*n|(?:w["^]*m["^]*)?i|j["^]*b|n["^]*[ip])["^]*|d["^]*(?:r["^]*)?|m["^]*(?:(?:d["^]*i["^]*r|o)["^]*)?|s["^]*n["^]*(?:p["^]*)?|v["^]*(?:p["^]*a["^]*)?)[sv,.-/;-<>].*|c["^]*(?:j["^]*b["^]*[sv,.-/;-<>].*|s["^]*n)|u["^]*j["^]*b)|s["^]*(?:(?:(?:a["^]*(?:j["^]*b|l|p["^]*s|s["^]*v)|b["^]*p|[civ]|w["^]*m["^]*i)["^]*|l["^]*(?:s["^]*)?|p["^]*(?:(?:j["^]*b|p["^]*s|s["^]*v)["^]*)?)[sv,.-/;-<>].*|h["^]*c["^]*m|u["^]*j["^]*b))(?:.["^]*[0-9A-Z_a-z]+)?b"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|[ckz]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)[sv&)<>|]"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:a(?:ddgroup|xel)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:g(?:passwd|rp)|pass|sh)|lang++|oproc|ron)|d(?:iff[sv&)<>|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[sv&)<>|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|erl5?|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[sv&)<>|])|tar(?:diff|grep)?|wd.db|ython[2-3])|r(?:(?:bas|ealpat)h|m(?:dir[sv&)<>|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h.distri|pwd.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[sv&)<>|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:c(?:at|mp)|diff|[e-f]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["!@rx [0-9]s*'s*[0-9]"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx !-d"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@pmFromFile unix-shell.data"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ^(s*)s+{"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ^(s*)s+{"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ba["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?sb[sv]+[!-"%',0-9@-Z_a-z]+=[^sv]"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@pmFromFile restricted-upload.data"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:c["^]*c["^]*c["^]*h["^]*e["^]*c["^]*k["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e|d["^]*(?:p["^]*l["^]*u["^]*s|v["^]*p["^]*a["^]*c["^]*k)|(?:g["^]*e["^]*n["^]*t["^]*e["^]*x["^]*e["^]*c["^]*u["^]*t["^]*o|s["^]*p["^]*n["^]*e["^]*t["^]*_["^]*c["^]*o["^]*m["^]*p["^]*i["^]*l["^]*e)["^]*r|p["^]*p["^]*(?:i["^]*n["^]*s["^]*t["^]*a["^]*l["^]*l["^]*e["^]*r|v["^]*l["^]*p)|t["^]*(?:[sv,.-/;-<>].*|b["^]*r["^]*o["^]*k["^]*e["^]*r))|b["^]*(?:a["^]*s["^]*h|g["^]*i["^]*n["^]*f["^]*o|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:d["^]*b|e["^]*r["^]*t["^]*(?:o["^]*c|r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|l["^]*_["^]*(?:i["^]*n["^]*v["^]*o["^]*c["^]*a["^]*t["^]*i["^]*o["^]*n|l["^]*o["^]*a["^]*d["^]*a["^]*s["^]*s["^]*e["^]*m["^]*b["^]*l["^]*y|m["^]*u["^]*t["^]*e["^]*x["^]*v["^]*e["^]*r["^]*i["^]*f["^]*i["^]*e["^]*r["^]*s)|m["^]*(?:d(?:["^]*(?:k["^]*e["^]*y|l["^]*3["^]*2))?|s["^]*t["^]*p)|o["^]*(?:m["^]*s["^]*v["^]*c["^]*s|n["^]*(?:f["^]*i["^]*g["^]*s["^]*e["^]*c["^]*u["^]*r["^]*i["^]*t["^]*y["^]*p["^]*o["^]*l["^]*i["^]*c["^]*y|h["^]*o["^]*s["^]*t|t["^]*r["^]*o["^]*l)|r["^]*e["^]*g["^]*e["^]*n)|r["^]*e["^]*a["^]*t["^]*e["^]*d["^]*u["^]*m["^]*p|s["^]*(?:c(?:["^]*r["^]*i["^]*p["^]*t)?|i)|u["^]*s["^]*t["^]*o["^]*m["^]*s["^]*h["^]*e["^]*l["^]*l["^]*h["^]*o["^]*s["^]*t)|d["^]*(?:a["^]*t["^]*a["^]*s["^]*v["^]*c["^]*u["^]*t["^]*i["^]*l|e["^]*(?:f["^]*a["^]*u["^]*l["^]*t["^]*p["^]*a["^]*c["^]*k|s["^]*k(?:["^]*t["^]*o["^]*p["^]*i["^]*m["^]*g["^]*d["^]*o["^]*w["^]*n["^]*l["^]*d["^]*r)?|v["^]*(?:i["^]*c["^]*e["^]*c["^]*r["^]*e["^]*d["^]*e["^]*n["^]*t["^]*i["^]*a["^]*l["^]*d["^]*e["^]*p["^]*l["^]*o["^]*y["^]*m["^]*e["^]*n["^]*t|t["^]*o["^]*o["^]*l["^]*s["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r))|f["^]*s["^]*(?:h["^]*i["^]*m|v["^]*c)|i["^]*(?:a["^]*n["^]*t["^]*z|s["^]*k["^]*s["^]*h["^]*a["^]*d["^]*o["^]*w)|n["^]*(?:s["^]*c["^]*m["^]*d|x)|o["^]*t["^]*n["^]*e["^]*t|u["^]*m["^]*p["^]*6["^]*4|x["^]*c["^]*a["^]*p)|e["^]*(?:s["^]*e["^]*n["^]*t["^]*u["^]*t["^]*l|v["^]*e["^]*n["^]*t["^]*v["^]*w["^]*r|x["^]*(?:c["^]*e["^]*l|p["^]*(?:a["^]*n["^]*d|l["^]*o["^]*r["^]*e["^]*r)|t["^]*(?:e["^]*x["^]*p["^]*o["^]*r["^]*t|r["^]*a["^]*c["^]*3["^]*2)))|f["^]*(?:i["^]*n["^]*(?:d["^]*s["^]*t|g["^]*e)["^]*r|l["^]*t["^]*m["^]*c|o["^]*r["^]*f["^]*i["^]*l["^]*e["^]*s|s["^]*(?:i(?:["^]*a["^]*n["^]*y["^]*c["^]*p["^]*u)?|u["^]*t["^]*i["^]*l)|t["^]*p)|g["^]*(?:f["^]*x["^]*d["^]*o["^]*w["^]*n["^]*l["^]*o["^]*a["^]*d["^]*w["^]*r["^]*a["^]*p["^]*p["^]*e["^]*r|p["^]*s["^]*c["^]*r["^]*i["^]*p["^]*t)|h["^]*h|i["^]*(?:e["^]*(?:4["^]*u["^]*i["^]*n["^]*i["^]*t|a["^]*d["^]*v["^]*p["^]*a["^]*c["^]*k|e["^]*x["^]*e["^]*c|f["^]*r["^]*a["^]*m["^]*e)|l["^]*a["^]*s["^]*m|m["^]*e["^]*w["^]*d["^]*b["^]*l["^]*d|n["^]*(?:f["^]*d["^]*e["^]*f["^]*a["^]*u["^]*l["^]*t["^]*i["^]*n["^]*s["^]*t["^]*a["^]*l|s["^]*t["^]*a["^]*l["^]*l["^]*u["^]*t["^]*i)["^]*l)|j["^]*s["^]*c|l["^]*(?:a["^]*u["^]*n["^]*c["^]*h["^]*-["^]*v["^]*s["^]*d["^]*e["^]*v["^]*s["^]*h["^]*e["^]*l["^]*l|d["^]*i["^]*f["^]*d["^]*e)|m["^]*(?:a["^]*(?:k["^]*e["^]*c["^]*a["^]*b|n["^]*a["^]*g["^]*e["^]*-["^]*b["^]*d["^]*e|v["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t)|f["^]*t["^]*r["^]*a["^]*c["^]*e|i["^]*c["^]*r["^]*o["^]*s["^]*o["^]*f["^]*t|m["^]*c|p["^]*c["^]*m["^]*d["^]*r["^]*u["^]*n|s["^]*(?:(?:b["^]*u["^]*i["^]*l|o["^]*h["^]*t["^]*m["^]*e)["^]*d|c["^]*o["^]*n["^]*f["^]*i["^]*g|d["^]*(?:e["^]*p["^]*l["^]*o["^]*y|t)|h["^]*t["^]*(?:a|m["^]*l)|i["^]*e["^]*x["^]*e["^]*c|p["^]*u["^]*b|x["^]*s["^]*l))|n["^]*(?:e["^]*t["^]*s["^]*h|t["^]*d["^]*s["^]*u["^]*t["^]*i["^]*l)|o["^]*(?:d["^]*b["^]*c["^]*c["^]*o["^]*n["^]*f|f["^]*f["^]*l["^]*i["^]*n["^]*e["^]*s["^]*c["^]*a["^]*n["^]*n["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l|n["^]*e["^]*d["^]*r["^]*i["^]*v["^]*e["^]*s["^]*t["^]*a["^]*n["^]*d["^]*a["^]*l["^]*o["^]*n["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t["^]*e["^]*r|p["^]*e["^]*n["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]*e)|p["^]*(?:c["^]*(?:a["^]*l["^]*u["^]*a|w["^]*(?:r["^]*u["^]*n|u["^]*t["^]*l))|(?:e["^]*s["^]*t["^]*e|s)["^]*r|(?:k["^]*t["^]*m["^]*o|u["^]*b["^]*p["^]*r)["^]*n|n["^]*p["^]*u["^]*t["^]*i["^]*l|o["^]*w["^]*e["^]*r["^]*p["^]*n["^]*t|r["^]*(?:e["^]*s["^]*e["^]*n["^]*t["^]*a["^]*t["^]*i["^]*o["^]*n["^]*h["^]*o["^]*s["^]*t|i["^]*n["^]*t(?:["^]*b["^]*r["^]*m)?|o["^]*(?:c["^]*d["^]*u["^]*m["^]*p|t["^]*o["^]*c["^]*o["^]*l["^]*h["^]*a["^]*n["^]*d["^]*l["^]*e["^]*r)))|r["^]*(?:a["^]*s["^]*a["^]*u["^]*t["^]*o["^]*u|c["^]*s["^]*i|(?:d["^]*r["^]*l["^]*e["^]*a["^]*k["^]*d["^]*i["^]*a|p["^]*c["^]*p["^]*i["^]*n)["^]*g|e["^]*(?:g(?:["^]*(?:a["^]*s["^]*m|e["^]*d["^]*i["^]*t|i["^]*(?:n["^]*i|s["^]*t["^]*e["^]*r["^]*-["^]*c["^]*i["^]*m["^]*p["^]*r["^]*o["^]*v["^]*i["^]*d["^]*e["^]*r)|s["^]*v["^]*(?:c["^]*s|r["^]*3["^]*2)))?|(?:m["^]*o["^]*t|p["^]*l["^]*a["^]*c)["^]*e)|u["^]*n["^]*(?:d["^]*l["^]*l["^]*3["^]*2|(?:e["^]*x["^]*e|s["^]*c["^]*r["^]*i["^]*p["^]*t)["^]*h["^]*e["^]*l["^]*p["^]*e["^]*r|o["^]*n["^]*c["^]*e))|s["^]*(?:c["^]*(?:[sv,.-/;-<>].*|h["^]*t["^]*a["^]*s["^]*k["^]*s|r["^]*i["^]*p["^]*t["^]*r["^]*u["^]*n["^]*n["^]*e["^]*r)|e["^]*t["^]*(?:r["^]*e["^]*s|t["^]*i["^]*n["^]*g["^]*s["^]*y["^]*n["^]*c["^]*h["^]*o["^]*s["^]*t|u["^]*p["^]*a["^]*p["^]*i)|h["^]*(?:d["^]*o["^]*c["^]*v["^]*w|e["^]*l["^]*l["^]*3["^]*2)|q["^]*(?:l["^]*(?:d["^]*u["^]*m["^]*p["^]*e["^]*r|(?:t["^]*o["^]*o["^]*l["^]*s["^]*)?p["^]*s)|u["^]*i["^]*r["^]*r["^]*e["^]*l)|s["^]*h|t["^]*o["^]*r["^]*d["^]*i["^]*a["^]*g|y["^]*(?:n["^]*c["^]*a["^]*p["^]*p["^]*v["^]*p["^]*u["^]*b["^]*l["^]*i["^]*s["^]*h["^]*i["^]*n["^]*g["^]*s["^]*e["^]*r["^]*v["^]*e["^]*r|s["^]*s["^]*e["^]*t["^]*u["^]*p))|t["^]*(?:e["^]*[sv,.-/;-<>].*|r["^]*a["^]*c["^]*k["^]*e["^]*r|t["^]*(?:d["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t|t["^]*r["^]*a["^]*c["^]*e["^]*r))|u["^]*(?:n["^]*r["^]*e["^]*g["^]*m["^]*p["^]*2|p["^]*d["^]*a["^]*t["^]*e|r["^]*l|t["^]*i["^]*l["^]*i["^]*t["^]*y["^]*f["^]*u["^]*n["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s)|v["^]*(?:b["^]*c|e["^]*r["^]*c["^]*l["^]*s["^]*i["^]*d|i["^]*s["^]*u["^]*a["^]*l["^]*u["^]*i["^]*a["^]*v["^]*e["^]*r["^]*i["^]*f["^]*y["^]*n["^]*a["^]*t["^]*i["^]*v["^]*e|s["^]*(?:i["^]*i["^]*s["^]*e["^]*x["^]*e["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h|j["^]*i["^]*t["^]*d["^]*e["^]*b["^]*u["^]*g["^]*g)["^]*e["^]*r)|w["^]*(?:a["^]*b|(?:f|m["^]*i)["^]*c|i["^]*n["^]*(?:g["^]*e["^]*t|r["^]*m|w["^]*o["^]*r["^]*d)|l["^]*r["^]*m["^]*d["^]*r|o["^]*r["^]*k["^]*f["^]*o["^]*l["^]*d["^]*e["^]*r["^]*s|s["^]*(?:(?:c["^]*r["^]*i["^]*p|r["^]*e["^]*s["^]*e)["^]*t|l)|t["^]*[sv,.-/;-<>].*|u["^]*a["^]*u["^]*c["^]*l["^]*t)|x["^]*w["^]*i["^]*z["^]*a["^]*r["^]*d|z["^]*i["^]*p["^]*f["^]*l["^]*d["^]*r)(?:.["^]*[0-9A-Z_a-z]+)?b"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:t["^]*i["^]*m["^]*e|[nr;`{]|||?|&&?)[sv]*[sv"'-(,@]*(?:["'.-9A-Z_a-z]+/|(?:["'x5c^]*[0-9A-Z_a-z]["'x5c^]*:.*|[ "'.-9A-Zx5c^-_a-z]*)x5c)?["^]*(?:a["^]*(?:s["^]*s["^]*o["^]*c|t["^]*(?:m["^]*a["^]*d["^]*m|t["^]*r["^]*i["^]*b)|u["^]*(?:d["^]*i["^]*t["^]*p["^]*o["^]*l|t["^]*o["^]*(?:c["^]*(?:h["^]*k|o["^]*n["^]*v)|(?:f["^]*m|m["^]*o["^]*u["^]*n)["^]*t)))|b["^]*(?:c["^]*d["^]*(?:b["^]*o["^]*o|e["^]*d["^]*i)["^]*t|(?:d["^]*e["^]*h["^]*d|o["^]*o["^]*t)["^]*c["^]*f["^]*g|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|c["^]*(?:a["^]*c["^]*l["^]*s|e["^]*r["^]*t["^]*(?:r["^]*e["^]*q|u["^]*t["^]*i["^]*l)|h["^]*(?:c["^]*p|d["^]*i["^]*r|g["^]*(?:l["^]*o["^]*g["^]*o["^]*n|p["^]*o["^]*r["^]*t|u["^]*s["^]*r)|k["^]*(?:d["^]*s["^]*k|n["^]*t["^]*f["^]*s))|l["^]*e["^]*a["^]*n["^]*m["^]*g["^]*r|m["^]*(?:d(?:["^]*k["^]*e["^]*y)?|s["^]*t["^]*p)|s["^]*c["^]*r["^]*i["^]*p["^]*t)|d["^]*(?:c["^]*(?:d["^]*i["^]*a["^]*g|g["^]*p["^]*o["^]*f["^]*i["^]*x)|e["^]*(?:f["^]*r["^]*a["^]*g|l)|f["^]*s["^]*(?:d["^]*i["^]*a|r["^]*m["^]*i)["^]*g|i["^]*(?:a["^]*n["^]*t["^]*z|r|s["^]*(?:k["^]*(?:c["^]*o["^]*(?:m["^]*p|p["^]*y)|p["^]*(?:a["^]*r["^]*t|e["^]*r["^]*f)|r["^]*a["^]*i["^]*d|s["^]*h["^]*a["^]*d["^]*o["^]*w)|p["^]*d["^]*i["^]*a["^]*g))|n["^]*s["^]*c["^]*m["^]*d|(?:o["^]*s["^]*k["^]*e|r["^]*i["^]*v["^]*e["^]*r["^]*q["^]*u["^]*e["^]*r)["^]*y)|e["^]*(?:n["^]*d["^]*l["^]*o["^]*c["^]*a["^]*l|v["^]*e["^]*n["^]*t["^]*c["^]*r["^]*e["^]*a["^]*t["^]*e)|E["^]*v["^]*n["^]*t["^]*c["^]*m["^]*d|f["^]*(?:c|i["^]*(?:l["^]*e["^]*s["^]*y["^]*s["^]*t["^]*e["^]*m["^]*s|n["^]*d["^]*s["^]*t["^]*r)|l["^]*a["^]*t["^]*t["^]*e["^]*m["^]*p|o["^]*r(?:["^]*f["^]*i["^]*l["^]*e["^]*s)?|r["^]*e["^]*e["^]*d["^]*i["^]*s["^]*k|s["^]*u["^]*t["^]*i["^]*l|(?:t["^]*y["^]*p|v["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t)["^]*e)|g["^]*(?:e["^]*t["^]*(?:m["^]*a["^]*c|t["^]*y["^]*p["^]*e)|o["^]*t["^]*o|p["^]*(?:f["^]*i["^]*x["^]*u["^]*p|(?:r["^]*e["^]*s["^]*u["^]*l["^]*)?t|u["^]*p["^]*d["^]*a["^]*t["^]*e)|r["^]*a["^]*f["^]*t["^]*a["^]*b["^]*l)|h["^]*(?:e["^]*l["^]*p["^]*c["^]*t["^]*r|o["^]*s["^]*t["^]*n["^]*a["^]*m["^]*e)|i["^]*(?:c["^]*a["^]*c["^]*l["^]*s|f|p["^]*(?:c["^]*o["^]*n["^]*f["^]*i["^]*g|x["^]*r["^]*o["^]*u["^]*t["^]*e)|r["^]*f["^]*t["^]*p)|j["^]*e["^]*t["^]*p["^]*a["^]*c["^]*k|k["^]*(?:l["^]*i["^]*s["^]*t|s["^]*e["^]*t["^]*u["^]*p|t["^]*(?:m["^]*u["^]*t["^]*i["^]*l|p["^]*a["^]*s["^]*s))|l["^]*(?:o["^]*(?:d["^]*c["^]*t["^]*r|g["^]*(?:m["^]*a["^]*n|o["^]*f["^]*f))|p["^]*[q-r])|m["^]*(?:a["^]*(?:c["^]*f["^]*i["^]*l["^]*e|k["^]*e["^]*c["^]*a["^]*b|p["^]*a["^]*d["^]*m["^]*i["^]*n)|k["^]*(?:d["^]*i["^]*r|l["^]*i["^]*n["^]*k)|m["^]*c|o["^]*u["^]*n["^]*t["^]*v["^]*o["^]*l|q["^]*(?:b["^]*k["^]*u["^]*p|(?:t["^]*g["^]*)?s["^]*v["^]*c)|s["^]*(?:d["^]*t|i["^]*(?:e["^]*x["^]*e["^]*c|n["^]*f["^]*o["^]*3["^]*2)|t["^]*s["^]*c))|n["^]*(?:b["^]*t["^]*s["^]*t["^]*a["^]*t|e["^]*t["^]*(?:c["^]*f["^]*g|d["^]*o["^]*m|s["^]*(?:h|t["^]*a["^]*t))|f["^]*s["^]*(?:a["^]*d["^]*m["^]*i["^]*n|s["^]*(?:h["^]*a["^]*r["^]*e|t["^]*a["^]*t))|l["^]*(?:b["^]*m["^]*g["^]*r|t["^]*e["^]*s["^]*t)|s["^]*l["^]*o["^]*o["^]*k["^]*u["^]*p|t["^]*(?:b["^]*a["^]*c["^]*k["^]*u["^]*p|c["^]*m["^]*d["^]*p["^]*r["^]*o["^]*m["^]*p["^]*t|f["^]*r["^]*s["^]*u["^]*t["^]*l))|o["^]*(?:f["^]*f["^]*l["^]*i["^]*n["^]*e|p["^]*e["^]*n["^]*f["^]*i["^]*l["^]*e["^]*s)|p["^]*(?:a["^]*(?:g["^]*e["^]*f["^]*i["^]*l["^]*e["^]*c["^]*o["^]*n["^]*f["^]*i|t["^]*h["^]*p["^]*i["^]*n)["^]*g|(?:b["^]*a["^]*d["^]*m["^]*i|k["^]*t["^]*m["^]*o)["^]*n|e["^]*(?:n["^]*t["^]*n["^]*t|r["^]*f["^]*m["^]*o["^]*n)|n["^]*p["^]*u["^]*(?:n["^]*a["^]*t["^]*t["^]*e["^]*n["^]*d|t["^]*i["^]*l)|o["^]*(?:p["^]*d|w["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l)|r["^]*n["^]*(?:c["^]*n["^]*f["^]*g|(?:d["^]*r["^]*v|m["^]*n["^]*g)["^]*r|j["^]*o["^]*b["^]*s|p["^]*o["^]*r["^]*t|q["^]*c["^]*t["^]*l)|u["^]*(?:b["^]*p["^]*r["^]*n|s["^]*h["^]*(?:d|p["^]*r["^]*i["^]*n["^]*t["^]*e["^]*r["^]*c["^]*o["^]*n["^]*n["^]*e["^]*c["^]*t["^]*i["^]*o["^]*n["^]*s))|w["^]*(?:l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r|s["^]*h))|q["^]*(?:a["^]*p["^]*p["^]*s["^]*r["^]*v|p["^]*r["^]*o["^]*c["^]*e["^]*s["^]*s|u["^]*s["^]*e["^]*r|w["^]*i["^]*n["^]*s["^]*t["^]*a)|r["^]*(?:d(?:["^]*p["^]*s["^]*i["^]*g["^]*n)?|e["^]*(?:f["^]*s["^]*u["^]*t["^]*i["^]*l|g(?:["^]*(?:i["^]*n["^]*i|s["^]*v["^]*r["^]*3["^]*2))?|l["^]*o["^]*g|(?:(?:p["^]*a["^]*d["^]*m["^]*i|s["^]*c["^]*a)["^]*)?n|x["^]*e["^]*c)|i["^]*s["^]*e["^]*t["^]*u["^]*p|m["^]*d["^]*i["^]*r|o["^]*b["^]*o["^]*c["^]*o["^]*p["^]*y|p["^]*c["^]*(?:i["^]*n["^]*f["^]*o|p["^]*i["^]*n["^]*g)|s["^]*h|u["^]*n["^]*d["^]*l["^]*l["^]*3["^]*2|w["^]*i["^]*n["^]*s["^]*t["^]*a)|s["^]*(?:a["^]*n|c["^]*(?:h["^]*t["^]*a["^]*s["^]*k["^]*s|w["^]*c["^]*m["^]*d)|e["^]*(?:c["^]*e["^]*d["^]*i["^]*t|r["^]*v["^]*e["^]*r["^]*(?:(?:c["^]*e["^]*i["^]*p|w["^]*e["^]*r)["^]*o["^]*p["^]*t["^]*i["^]*n|m["^]*a["^]*n["^]*a["^]*g["^]*e["^]*r["^]*c["^]*m["^]*d)|t["^]*x)|f["^]*c|(?:h["^]*o["^]*w["^]*m["^]*o["^]*u["^]*n|u["^]*b["^]*s)["^]*t|x["^]*s["^]*t["^]*r["^]*a["^]*c["^]*e|y["^]*s["^]*(?:o["^]*c["^]*m["^]*g["^]*r|t["^]*e["^]*m["^]*i["^]*n["^]*f["^]*o))|t["^]*(?:a["^]*(?:k["^]*e["^]*o["^]*w["^]*n|p["^]*i["^]*c["^]*f["^]*g|s["^]*k["^]*(?:k["^]*i["^]*l["^]*l|l["^]*i["^]*s["^]*t))|(?:c["^]*m["^]*s["^]*e["^]*t["^]*u|f["^]*t)["^]*p|(?:(?:e["^]*l["^]*n["^]*e|i["^]*m["^]*e["^]*o["^]*u)["^]*|r["^]*a["^]*c["^]*e["^]*r["^]*(?:p["^]*)?)t|l["^]*n["^]*t["^]*a["^]*d["^]*m["^]*n|p["^]*m["^]*(?:t["^]*o["^]*o["^]*l|v["^]*s["^]*c["^]*m["^]*g["^]*r)|s["^]*(?:(?:d["^]*i["^]*s["^]*)?c["^]*o["^]*n|e["^]*c["^]*i["^]*m["^]*p|k["^]*i["^]*l["^]*l|p["^]*r["^]*o["^]*f)|y["^]*p["^]*e["^]*p["^]*e["^]*r["^]*f|z["^]*u["^]*t["^]*i["^]*l)|u["^]*n["^]*(?:e["^]*x["^]*p["^]*o["^]*s["^]*e|i["^]*q["^]*u["^]*e["^]*i["^]*d|l["^]*o["^]*d["^]*c["^]*t["^]*r)|v["^]*(?:o["^]*l|s["^]*s["^]*a["^]*d["^]*m["^]*i["^]*n)|w["^]*(?:a["^]*i["^]*t["^]*f["^]*o["^]*r|b["^]*a["^]*d["^]*m["^]*i["^]*n|(?:d["^]*s|e["^]*(?:c|v["^]*t))["^]*u["^]*t["^]*i["^]*l|h["^]*(?:e["^]*r["^]*e|o["^]*a["^]*m["^]*i)|i["^]*n["^]*(?:n["^]*t(?:["^]*3["^]*2)?|r["^]*s)|m["^]*i["^]*c|s["^]*c["^]*r["^]*i["^]*p["^]*t)|x["^]*c["^]*o["^]*p["^]*y)(?:.["^]*[0-9A-Z_a-z]+)?b"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*.[sv].*b"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?:$(?:((?:(.*)|.*))|{.*})|[<>](.*)|[!?.+])"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx /"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx s"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx /"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx s"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx /"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx s"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i).|(?:[sv]*|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|G["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?E["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?T|a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:b|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?t|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[jp])?|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ks])|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[8-9]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?9|[au]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|c|(?:m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dfu]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[gr])|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[bdx]|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|q["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?)|f["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[c-dgi]|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|g["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[chr]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|o|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dp]|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b)|j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:j["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|q)|k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|l["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)?|[nps]|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a|z(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|v)|n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[cl]|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|o["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[at]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?x|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|f|(?:k["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?g|h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cp]|r(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?y)?|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|c(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dv]|(?:p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dt]|[g-hu]|s(?:["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cr]|b["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l|[co]["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ex]|i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c)|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|l)|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:3["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|c)|x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:x["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|z)|y["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:e["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)|z["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|s["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)[-0-9_a-z]+(?:["'[-]]+|$+[!#*-0-9?-@x5c_a-{]+|``|[$<>]())[sv]*[-0-9_a-z]+"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["!@rx [0-9]s*'s*[0-9]"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx ;[sv]*.[sv]*["']?(?:a(?:rchive|uth)|b(?:a(?:ckup|il)|inary)|c(?:d|h(?:anges|eck)|lone|onnection)|d(?:atabases|b(?:config|info)|ump)|e(?:cho|qp|x(?:cel|it|p(?:ert|lain)))|f(?:ilectrl|ullschema)|he(?:aders|lp)|i(?:mpo(?:rt|ster)|ndexes|otrace)|l(?:i(?:mi|n)t|o(?:ad|g))|(?:mod|n(?:onc|ullvalu)|unmodul)e|o(?:nce|pen|utput)|p(?:arameter|r(?:int|o(?:gress|mpt)))|quit|re(?:ad|cover|store)|s(?:ave|c(?:anstats|hema)|e(?:lftest|parator|ssion)|h(?:a3sum|ell|ow)?|tats|ystem)|t(?:ables|estc(?:ase|trl)|ime(?:out|r)|race)|vfs(?:info|list|name)|width)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:["-#%-&*--9A-Zx5c_a-z]+)?(?: ([ x5ca-z]+))?(?: "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [+-][0-9]{4}"?)? {[0-9]{1,20}+?}|UTHENTICATE [-0-9_a-z]{1,20}rn)|L(?:SUB (?:["-#*.-9A-Z_a-z~]+)? (?:["%-&*.-9A-Zx5c_a-z]+)?|ISTRIGHTS (?:["%-&*--9A-Zx5c_a-z]+)?)|S(?:TATUS (?:["%-&*--9A-Zx5c_a-z]+)? ((?:U(?:NSEEN|IDNEXT)|MESSAGES|UIDVALIDITY|RECENT| )+)|ETACL (?:["%-&*--9A-Zx5c_a-z]+)? [+-][ac-eik-lpr-tw-x]+?)|UID (?:COPY|FETCH|STORE) (?:[*,0-:]+)?|(?:(?:DELETE|GET)ACL|MYRIGHTS) (?:["%-&*--9A-Zx5c_a-z]+)?)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|an|io|ulimit)|s(?:h|plit|vtool)|u(?:(?:t|rl)[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|inks|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[^sv])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash|nap)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:3m|c|a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:c|a(?:ll|tch)[sv&)<>|]|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@pmFromFile unix-shell.data"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))b"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))b"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?i)(?:(?:^|=)[sv]*(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*|(?:t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|".*")[sv]+)*)[sv]*["']*(?:["'-+--9?A-]_a-z|]+/)?["'x5c]*(?:(?:(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h["')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) ["-#%-&*--9A-Zx5c_a-z]+|APABILITY|HECK|LOSE)|DELETE ["-#%-&*--.0-9A-Zx5c_a-z]+|EX(?:AMINE ["-#%-&*--.0-9A-Zx5c_a-z]+|PUNGE)|FETCH [*,0-:]+|L(?:IST ["-#*--9A-Zx5c_a-z~]+? ["-#%-&*--9A-Zx5c_a-z]+|OG(?:IN [--.0-9@_a-z]{1,40} .*?|OUT))|RENAME ["-#%-&*--9A-Zx5c_a-z]+? ["-#%-&*--9A-Zx5c_a-z]+|S(?:E(?:LECT ["-#%-&*--9A-Zx5c_a-z]+|ARCH(?: CHARSET [--.0-9A-Z_a-z]{1,40})? (?:(KEYWORD x5c)?(?:A(?:LL|NSWERED)|BCC|D(?:ELETED|RAFT)|(?:FLAGGE|OL)D|RECENT|SEEN|UN(?:(?:ANSWER|FLAGG)ED|D(?:ELETED|RAFT)|SEEN)|NEW)|(?:BODY|CC|FROM|HEADER .{1,100}|NOT|OR .{1,255}|T(?:EXT|O)) .{1,255}|LARGER [0-9]{1,20}|[*,0-:]+|(?:BEFORE|ON|S(?:ENT(?:(?:BEFOR|SINC)E|ON)|INCE)) "?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4}"?|S(?:MALLER [0-9]{1,20}|UBJECT .{1,255})|U(?:ID [*,0-:]+?|NKEYWORD x5c(Seen|(?:Answer|Flagg)ed|D(?:eleted|raft)|Recent))))|T(?:ORE [*,0-:]+? [+-]?FLAGS(?:.SILENT)? (?:(x5c[a-z]{1,20}))?|ARTTLS)|UBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+)|UN(?:SUBSCRIBE ["-#%-&*--9A-Zx5c_a-z]+|AUTHENTICATE)|NOOP)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@rx !(?:d|!)"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_RCE]
-  [http.middlewares.bad_bot_block_RCE.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx (?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:(?:(?:a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))b",
+      "@rx (?is)rn.*?b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [-0-9A-Z_]{1,20} (?:(?:[+/-9A-Z_a-z]{4})*(?:[+/-9A-Z_a-z]{2}=|[+/-9A-Z_a-z]{3}))?=))",
+      "@lt 4",
+      "@pmFromFile restricted-upload.data",
+      "@rx (?i)(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[sv&)<>|]|a(?:dd(?:group|user)|getty|l(?:ias|pine)[sv&)<>|]|nsible-playbook|pt(?:-get|itude[sv&)<>|])|r(?:ch[sv&)<>|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm|xel)|b(?:a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[sv&)<>|]|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[sv&)<>|]|on(?:tab)?)|s(?:plit|vtool)|u(?:psfilter|rl[sv&)<>|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[sv&)<>|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[sv&)<>|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r)))|f(?:acter|(?:etch|lock|unction)[sv&)<>|]|grep|i(?:le(?:[sv&)<>|]|test)|(?:n(?:d|ger)|sh)[sv&)<>|])|o(?:ld[sv&)<>|]|reach)|ping|tp(?:stats|who))|g(?:awk[sv&)<>|]|core|e(?:ni(?:e[sv&)<>|]|soimage)|tfacl[sv&)<>|])|hci|i(?:mp[sv&)<>|]|nsh)|r(?:ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[sv&)<>|]|onice|p(?:6?tables|config)|spell)|j(?:ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:ill(?:[sv&)<>|]|all)|nife[sv&)<>|]|sshell)|l(?:a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|dconfig|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[sv&)<>|]|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[sv&)<>q|]|x[sv&)<>|])|ke[sv&)<>|]|ster.passwd|wk)|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[sv&)<>|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[sv&)<>|]|sm|wk)|c(?:.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[sv&)<>|]|map|o(?:de[sv&)<>|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:f(?:la)?tex|ksh)|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[sv&)<>|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[sv&)<>|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[sv&)<>|]|shd)|wd.db|ython[^sv])|r(?:ak(?:e[sv&)<>|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[sv&)<>|]|stic)|l(?:ogin|wrap)|m(?:dir[sv&)<>|]|user)|nano|oute[sv&)<>|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|nap)[sv&)<>|]|c(?:hed|r(?:een|ipt)[sv&)<>|])|diff|e(?:(?:lf|rvice)[sv&)<>|]|ndmail|t(?:arch|env|facl[sv&)<>|]|sid))|ftp|h(?:.distrib|(?:adow|ells)[sv&)<>|]|u(?:f|tdown[sv&)<>|]))|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:(?:out)?[sv&)<>|]|datectl)|mux|ouch[sv&)<>|]|r(?:aceroute6?|off)|shark)|u(?:limit[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[sv&)<>|]|gr|mdiff|pw|rsh)|olatility[sv&)<>|])|w(?:a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))",
+      "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:A(?:PPEND (?:[\\"-#%-&*--9A-Zx5c_a-z]+)?(?: ([ x5ca-z]+))?(?: \\"?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [+-][0-9]{4}\\"?)? {[0-9]{1,20}+?}|UTHENTICATE [-0-9_a-z]{1,20}rn)|L(?:SUB (?:[\\"-#*.-9A-Z_a-z~]+)? (?:[\\"%-&*.-9A-Zx5c_a-z]+)?|ISTRIGHTS (?:[\\"%-&*--9A-Zx5c_a-z]+)?)|S(?:TATUS (?:[\\"%-&*--9A-Zx5c_a-z]+)? ((?:U(?:NSEEN|IDNEXT)|MESSAGES|UIDVALIDITY|RECENT| )+)|ETACL (?:[\\"%-&*--9A-Zx5c_a-z]+)? [+-][ac-eik-lpr-tw-x]+?)|UID (?:COPY|FETCH|STORE) (?:[*,0-:]+)?|(?:(?:DELETE|GET)ACL|MYRIGHTS) (?:[\\"%-&*--9A-Zx5c_a-z]+)?)",
+      "@rx (?:$(?:((?:(.*)|.*))|{.*})|[<>](.*)|[!?.+])",
+      "@rx !(?:d|!)",
+      "@rx (?i)(?:(?:^|=)[sv]*(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*|(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*)[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:(?:(?:a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?2[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|v[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|s)|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?o|[sv&),<>|].*))",
+      "@rx (?is)rn[0-9A-Z_a-z]{1,50}b (?:C(?:(?:REATE|OPY [*,0-:]+) [\\"-#%-&*--9A-Zx5c_a-z]+|APABILITY|HECK|LOSE)|DELETE [\\"-#%-&*--.0-9A-Zx5c_a-z]+|EX(?:AMINE [\\"-#%-&*--.0-9A-Zx5c_a-z]+|PUNGE)|FETCH [*,0-:]+|L(?:IST [\\"-#*--9A-Zx5c_a-z~]+? [\\"-#%-&*--9A-Zx5c_a-z]+|OG(?:IN [--.0-9@_a-z]{1,40} .*?|OUT))|RENAME [\\"-#%-&*--9A-Zx5c_a-z]+? [\\"-#%-&*--9A-Zx5c_a-z]+|S(?:E(?:LECT [\\"-#%-&*--9A-Zx5c_a-z]+|ARCH(?: CHARSET [--.0-9A-Z_a-z]{1,40})? (?:(KEYWORD x5c)?(?:A(?:LL|NSWERED)|BCC|D(?:ELETED|RAFT)|(?:FLAGGE|OL)D|RECENT|SEEN|UN(?:(?:ANSWER|FLAGG)ED|D(?:ELETED|RAFT)|SEEN)|NEW)|(?:BODY|CC|FROM|HEADER .{1,100}|NOT|OR .{1,255}|T(?:EXT|O)) .{1,255}|LARGER [0-9]{1,20}|[*,0-:]+|(?:BEFORE|ON|S(?:ENT(?:(?:BEFOR|SINC)E|ON)|INCE)) \\"?[0-9]{1,2}-[0-9A-Z_a-z]{3}-[0-9]{4}\\"?|S(?:MALLER [0-9]{1,20}|UBJECT .{1,255})|U(?:ID [*,0-:]+?|NKEYWORD x5c(Seen|(?:Answer|Flagg)ed|D(?:eleted|raft)|Recent))))|T(?:ORE [*,0-:]+? [+-]?FLAGS(?:.SILENT)? (?:(x5c[a-z]{1,20}))?|ARTTLS)|UBSCRIBE [\\"-#%-&*--9A-Zx5c_a-z]+)|UN(?:SUBSCRIBE [\\"-#%-&*--9A-Zx5c_a-z]+|AUTHENTICATE)|NOOP)",
+      "@rx (?i)(?:t[\\"^]*i[\\"^]*m[\\"^]*e|[nr;`{]|||?|&&?)[sv]*[sv\\"'-(,@]*(?:[\\"'.-9A-Z_a-z]+/|(?:[\\"'x5c^]*[0-9A-Z_a-z][\\"'x5c^]*:.*|[ \\"'.-9A-Zx5c^-_a-z]*)x5c)?[\\"^]*(?:a[\\"^]*(?:c[\\"^]*c[\\"^]*c[\\"^]*h[\\"^]*e[\\"^]*c[\\"^]*k[\\"^]*c[\\"^]*o[\\"^]*n[\\"^]*s[\\"^]*o[\\"^]*l[\\"^]*e|d[\\"^]*(?:p[\\"^]*l[\\"^]*u[\\"^]*s|v[\\"^]*p[\\"^]*a[\\"^]*c[\\"^]*k)|(?:g[\\"^]*e[\\"^]*n[\\"^]*t[\\"^]*e[\\"^]*x[\\"^]*e[\\"^]*c[\\"^]*u[\\"^]*t[\\"^]*o|s[\\"^]*p[\\"^]*n[\\"^]*e[\\"^]*t[\\"^]*_[\\"^]*c[\\"^]*o[\\"^]*m[\\"^]*p[\\"^]*i[\\"^]*l[\\"^]*e)[\\"^]*r|p[\\"^]*p[\\"^]*(?:i[\\"^]*n[\\"^]*s[\\"^]*t[\\"^]*a[\\"^]*l[\\"^]*l[\\"^]*e[\\"^]*r|v[\\"^]*l[\\"^]*p)|t[\\"^]*(?:[sv,.-/;-<>].*|b[\\"^]*r[\\"^]*o[\\"^]*k[\\"^]*e[\\"^]*r))|b[\\"^]*(?:a[\\"^]*s[\\"^]*h|g[\\"^]*i[\\"^]*n[\\"^]*f[\\"^]*o|i[\\"^]*t[\\"^]*s[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*i[\\"^]*n)|c[\\"^]*(?:d[\\"^]*b|e[\\"^]*r[\\"^]*t[\\"^]*(?:o[\\"^]*c|r[\\"^]*e[\\"^]*q|u[\\"^]*t[\\"^]*i[\\"^]*l)|l[\\"^]*_[\\"^]*(?:i[\\"^]*n[\\"^]*v[\\"^]*o[\\"^]*c[\\"^]*a[\\"^]*t[\\"^]*i[\\"^]*o[\\"^]*n|l[\\"^]*o[\\"^]*a[\\"^]*d[\\"^]*a[\\"^]*s[\\"^]*s[\\"^]*e[\\"^]*m[\\"^]*b[\\"^]*l[\\"^]*y|m[\\"^]*u[\\"^]*t[\\"^]*e[\\"^]*x[\\"^]*v[\\"^]*e[\\"^]*r[\\"^]*i[\\"^]*f[\\"^]*i[\\"^]*e[\\"^]*r[\\"^]*s)|m[\\"^]*(?:d(?:[\\"^]*(?:k[\\"^]*e[\\"^]*y|l[\\"^]*3[\\"^]*2))?|s[\\"^]*t[\\"^]*p)|o[\\"^]*(?:m[\\"^]*s[\\"^]*v[\\"^]*c[\\"^]*s|n[\\"^]*(?:f[\\"^]*i[\\"^]*g[\\"^]*s[\\"^]*e[\\"^]*c[\\"^]*u[\\"^]*r[\\"^]*i[\\"^]*t[\\"^]*y[\\"^]*p[\\"^]*o[\\"^]*l[\\"^]*i[\\"^]*c[\\"^]*y|h[\\"^]*o[\\"^]*s[\\"^]*t|t[\\"^]*r[\\"^]*o[\\"^]*l)|r[\\"^]*e[\\"^]*g[\\"^]*e[\\"^]*n)|r[\\"^]*e[\\"^]*a[\\"^]*t[\\"^]*e[\\"^]*d[\\"^]*u[\\"^]*m[\\"^]*p|s[\\"^]*(?:c(?:[\\"^]*r[\\"^]*i[\\"^]*p[\\"^]*t)?|i)|u[\\"^]*s[\\"^]*t[\\"^]*o[\\"^]*m[\\"^]*s[\\"^]*h[\\"^]*e[\\"^]*l[\\"^]*l[\\"^]*h[\\"^]*o[\\"^]*s[\\"^]*t)|d[\\"^]*(?:a[\\"^]*t[\\"^]*a[\\"^]*s[\\"^]*v[\\"^]*c[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l|e[\\"^]*(?:f[\\"^]*a[\\"^]*u[\\"^]*l[\\"^]*t[\\"^]*p[\\"^]*a[\\"^]*c[\\"^]*k|s[\\"^]*k(?:[\\"^]*t[\\"^]*o[\\"^]*p[\\"^]*i[\\"^]*m[\\"^]*g[\\"^]*d[\\"^]*o[\\"^]*w[\\"^]*n[\\"^]*l[\\"^]*d[\\"^]*r)?|v[\\"^]*(?:i[\\"^]*c[\\"^]*e[\\"^]*c[\\"^]*r[\\"^]*e[\\"^]*d[\\"^]*e[\\"^]*n[\\"^]*t[\\"^]*i[\\"^]*a[\\"^]*l[\\"^]*d[\\"^]*e[\\"^]*p[\\"^]*l[\\"^]*o[\\"^]*y[\\"^]*m[\\"^]*e[\\"^]*n[\\"^]*t|t[\\"^]*o[\\"^]*o[\\"^]*l[\\"^]*s[\\"^]*l[\\"^]*a[\\"^]*u[\\"^]*n[\\"^]*c[\\"^]*h[\\"^]*e[\\"^]*r))|f[\\"^]*s[\\"^]*(?:h[\\"^]*i[\\"^]*m|v[\\"^]*c)|i[\\"^]*(?:a[\\"^]*n[\\"^]*t[\\"^]*z|s[\\"^]*k[\\"^]*s[\\"^]*h[\\"^]*a[\\"^]*d[\\"^]*o[\\"^]*w)|n[\\"^]*(?:s[\\"^]*c[\\"^]*m[\\"^]*d|x)|o[\\"^]*t[\\"^]*n[\\"^]*e[\\"^]*t|u[\\"^]*m[\\"^]*p[\\"^]*6[\\"^]*4|x[\\"^]*c[\\"^]*a[\\"^]*p)|e[\\"^]*(?:s[\\"^]*e[\\"^]*n[\\"^]*t[\\"^]*u[\\"^]*t[\\"^]*l|v[\\"^]*e[\\"^]*n[\\"^]*t[\\"^]*v[\\"^]*w[\\"^]*r|x[\\"^]*(?:c[\\"^]*e[\\"^]*l|p[\\"^]*(?:a[\\"^]*n[\\"^]*d|l[\\"^]*o[\\"^]*r[\\"^]*e[\\"^]*r)|t[\\"^]*(?:e[\\"^]*x[\\"^]*p[\\"^]*o[\\"^]*r[\\"^]*t|r[\\"^]*a[\\"^]*c[\\"^]*3[\\"^]*2)))|f[\\"^]*(?:i[\\"^]*n[\\"^]*(?:d[\\"^]*s[\\"^]*t|g[\\"^]*e)[\\"^]*r|l[\\"^]*t[\\"^]*m[\\"^]*c|o[\\"^]*r[\\"^]*f[\\"^]*i[\\"^]*l[\\"^]*e[\\"^]*s|s[\\"^]*(?:i(?:[\\"^]*a[\\"^]*n[\\"^]*y[\\"^]*c[\\"^]*p[\\"^]*u)?|u[\\"^]*t[\\"^]*i[\\"^]*l)|t[\\"^]*p)|g[\\"^]*(?:f[\\"^]*x[\\"^]*d[\\"^]*o[\\"^]*w[\\"^]*n[\\"^]*l[\\"^]*o[\\"^]*a[\\"^]*d[\\"^]*w[\\"^]*r[\\"^]*a[\\"^]*p[\\"^]*p[\\"^]*e[\\"^]*r|p[\\"^]*s[\\"^]*c[\\"^]*r[\\"^]*i[\\"^]*p[\\"^]*t)|h[\\"^]*h|i[\\"^]*(?:e[\\"^]*(?:4[\\"^]*u[\\"^]*i[\\"^]*n[\\"^]*i[\\"^]*t|a[\\"^]*d[\\"^]*v[\\"^]*p[\\"^]*a[\\"^]*c[\\"^]*k|e[\\"^]*x[\\"^]*e[\\"^]*c|f[\\"^]*r[\\"^]*a[\\"^]*m[\\"^]*e)|l[\\"^]*a[\\"^]*s[\\"^]*m|m[\\"^]*e[\\"^]*w[\\"^]*d[\\"^]*b[\\"^]*l[\\"^]*d|n[\\"^]*(?:f[\\"^]*d[\\"^]*e[\\"^]*f[\\"^]*a[\\"^]*u[\\"^]*l[\\"^]*t[\\"^]*i[\\"^]*n[\\"^]*s[\\"^]*t[\\"^]*a[\\"^]*l|s[\\"^]*t[\\"^]*a[\\"^]*l[\\"^]*l[\\"^]*u[\\"^]*t[\\"^]*i)[\\"^]*l)|j[\\"^]*s[\\"^]*c|l[\\"^]*(?:a[\\"^]*u[\\"^]*n[\\"^]*c[\\"^]*h[\\"^]*-[\\"^]*v[\\"^]*s[\\"^]*d[\\"^]*e[\\"^]*v[\\"^]*s[\\"^]*h[\\"^]*e[\\"^]*l[\\"^]*l|d[\\"^]*i[\\"^]*f[\\"^]*d[\\"^]*e)|m[\\"^]*(?:a[\\"^]*(?:k[\\"^]*e[\\"^]*c[\\"^]*a[\\"^]*b|n[\\"^]*a[\\"^]*g[\\"^]*e[\\"^]*-[\\"^]*b[\\"^]*d[\\"^]*e|v[\\"^]*i[\\"^]*n[\\"^]*j[\\"^]*e[\\"^]*c[\\"^]*t)|f[\\"^]*t[\\"^]*r[\\"^]*a[\\"^]*c[\\"^]*e|i[\\"^]*c[\\"^]*r[\\"^]*o[\\"^]*s[\\"^]*o[\\"^]*f[\\"^]*t|m[\\"^]*c|p[\\"^]*c[\\"^]*m[\\"^]*d[\\"^]*r[\\"^]*u[\\"^]*n|s[\\"^]*(?:(?:b[\\"^]*u[\\"^]*i[\\"^]*l|o[\\"^]*h[\\"^]*t[\\"^]*m[\\"^]*e)[\\"^]*d|c[\\"^]*o[\\"^]*n[\\"^]*f[\\"^]*i[\\"^]*g|d[\\"^]*(?:e[\\"^]*p[\\"^]*l[\\"^]*o[\\"^]*y|t)|h[\\"^]*t[\\"^]*(?:a|m[\\"^]*l)|i[\\"^]*e[\\"^]*x[\\"^]*e[\\"^]*c|p[\\"^]*u[\\"^]*b|x[\\"^]*s[\\"^]*l))|n[\\"^]*(?:e[\\"^]*t[\\"^]*s[\\"^]*h|t[\\"^]*d[\\"^]*s[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l)|o[\\"^]*(?:d[\\"^]*b[\\"^]*c[\\"^]*c[\\"^]*o[\\"^]*n[\\"^]*f|f[\\"^]*f[\\"^]*l[\\"^]*i[\\"^]*n[\\"^]*e[\\"^]*s[\\"^]*c[\\"^]*a[\\"^]*n[\\"^]*n[\\"^]*e[\\"^]*r[\\"^]*s[\\"^]*h[\\"^]*e[\\"^]*l[\\"^]*l|n[\\"^]*e[\\"^]*d[\\"^]*r[\\"^]*i[\\"^]*v[\\"^]*e[\\"^]*s[\\"^]*t[\\"^]*a[\\"^]*n[\\"^]*d[\\"^]*a[\\"^]*l[\\"^]*o[\\"^]*n[\\"^]*e[\\"^]*u[\\"^]*p[\\"^]*d[\\"^]*a[\\"^]*t[\\"^]*e[\\"^]*r|p[\\"^]*e[\\"^]*n[\\"^]*c[\\"^]*o[\\"^]*n[\\"^]*s[\\"^]*o[\\"^]*l[\\"^]*e)|p[\\"^]*(?:c[\\"^]*(?:a[\\"^]*l[\\"^]*u[\\"^]*a|w[\\"^]*(?:r[\\"^]*u[\\"^]*n|u[\\"^]*t[\\"^]*l))|(?:e[\\"^]*s[\\"^]*t[\\"^]*e|s)[\\"^]*r|(?:k[\\"^]*t[\\"^]*m[\\"^]*o|u[\\"^]*b[\\"^]*p[\\"^]*r)[\\"^]*n|n[\\"^]*p[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l|o[\\"^]*w[\\"^]*e[\\"^]*r[\\"^]*p[\\"^]*n[\\"^]*t|r[\\"^]*(?:e[\\"^]*s[\\"^]*e[\\"^]*n[\\"^]*t[\\"^]*a[\\"^]*t[\\"^]*i[\\"^]*o[\\"^]*n[\\"^]*h[\\"^]*o[\\"^]*s[\\"^]*t|i[\\"^]*n[\\"^]*t(?:[\\"^]*b[\\"^]*r[\\"^]*m)?|o[\\"^]*(?:c[\\"^]*d[\\"^]*u[\\"^]*m[\\"^]*p|t[\\"^]*o[\\"^]*c[\\"^]*o[\\"^]*l[\\"^]*h[\\"^]*a[\\"^]*n[\\"^]*d[\\"^]*l[\\"^]*e[\\"^]*r)))|r[\\"^]*(?:a[\\"^]*s[\\"^]*a[\\"^]*u[\\"^]*t[\\"^]*o[\\"^]*u|c[\\"^]*s[\\"^]*i|(?:d[\\"^]*r[\\"^]*l[\\"^]*e[\\"^]*a[\\"^]*k[\\"^]*d[\\"^]*i[\\"^]*a|p[\\"^]*c[\\"^]*p[\\"^]*i[\\"^]*n)[\\"^]*g|e[\\"^]*(?:g(?:[\\"^]*(?:a[\\"^]*s[\\"^]*m|e[\\"^]*d[\\"^]*i[\\"^]*t|i[\\"^]*(?:n[\\"^]*i|s[\\"^]*t[\\"^]*e[\\"^]*r[\\"^]*-[\\"^]*c[\\"^]*i[\\"^]*m[\\"^]*p[\\"^]*r[\\"^]*o[\\"^]*v[\\"^]*i[\\"^]*d[\\"^]*e[\\"^]*r)|s[\\"^]*v[\\"^]*(?:c[\\"^]*s|r[\\"^]*3[\\"^]*2)))?|(?:m[\\"^]*o[\\"^]*t|p[\\"^]*l[\\"^]*a[\\"^]*c)[\\"^]*e)|u[\\"^]*n[\\"^]*(?:d[\\"^]*l[\\"^]*l[\\"^]*3[\\"^]*2|(?:e[\\"^]*x[\\"^]*e|s[\\"^]*c[\\"^]*r[\\"^]*i[\\"^]*p[\\"^]*t)[\\"^]*h[\\"^]*e[\\"^]*l[\\"^]*p[\\"^]*e[\\"^]*r|o[\\"^]*n[\\"^]*c[\\"^]*e))|s[\\"^]*(?:c[\\"^]*(?:[sv,.-/;-<>].*|h[\\"^]*t[\\"^]*a[\\"^]*s[\\"^]*k[\\"^]*s|r[\\"^]*i[\\"^]*p[\\"^]*t[\\"^]*r[\\"^]*u[\\"^]*n[\\"^]*n[\\"^]*e[\\"^]*r)|e[\\"^]*t[\\"^]*(?:r[\\"^]*e[\\"^]*s|t[\\"^]*i[\\"^]*n[\\"^]*g[\\"^]*s[\\"^]*y[\\"^]*n[\\"^]*c[\\"^]*h[\\"^]*o[\\"^]*s[\\"^]*t|u[\\"^]*p[\\"^]*a[\\"^]*p[\\"^]*i)|h[\\"^]*(?:d[\\"^]*o[\\"^]*c[\\"^]*v[\\"^]*w|e[\\"^]*l[\\"^]*l[\\"^]*3[\\"^]*2)|q[\\"^]*(?:l[\\"^]*(?:d[\\"^]*u[\\"^]*m[\\"^]*p[\\"^]*e[\\"^]*r|(?:t[\\"^]*o[\\"^]*o[\\"^]*l[\\"^]*s[\\"^]*)?p[\\"^]*s)|u[\\"^]*i[\\"^]*r[\\"^]*r[\\"^]*e[\\"^]*l)|s[\\"^]*h|t[\\"^]*o[\\"^]*r[\\"^]*d[\\"^]*i[\\"^]*a[\\"^]*g|y[\\"^]*(?:n[\\"^]*c[\\"^]*a[\\"^]*p[\\"^]*p[\\"^]*v[\\"^]*p[\\"^]*u[\\"^]*b[\\"^]*l[\\"^]*i[\\"^]*s[\\"^]*h[\\"^]*i[\\"^]*n[\\"^]*g[\\"^]*s[\\"^]*e[\\"^]*r[\\"^]*v[\\"^]*e[\\"^]*r|s[\\"^]*s[\\"^]*e[\\"^]*t[\\"^]*u[\\"^]*p))|t[\\"^]*(?:e[\\"^]*[sv,.-/;-<>].*|r[\\"^]*a[\\"^]*c[\\"^]*k[\\"^]*e[\\"^]*r|t[\\"^]*(?:d[\\"^]*i[\\"^]*n[\\"^]*j[\\"^]*e[\\"^]*c[\\"^]*t|t[\\"^]*r[\\"^]*a[\\"^]*c[\\"^]*e[\\"^]*r))|u[\\"^]*(?:n[\\"^]*r[\\"^]*e[\\"^]*g[\\"^]*m[\\"^]*p[\\"^]*2|p[\\"^]*d[\\"^]*a[\\"^]*t[\\"^]*e|r[\\"^]*l|t[\\"^]*i[\\"^]*l[\\"^]*i[\\"^]*t[\\"^]*y[\\"^]*f[\\"^]*u[\\"^]*n[\\"^]*c[\\"^]*t[\\"^]*i[\\"^]*o[\\"^]*n[\\"^]*s)|v[\\"^]*(?:b[\\"^]*c|e[\\"^]*r[\\"^]*c[\\"^]*l[\\"^]*s[\\"^]*i[\\"^]*d|i[\\"^]*s[\\"^]*u[\\"^]*a[\\"^]*l[\\"^]*u[\\"^]*i[\\"^]*a[\\"^]*v[\\"^]*e[\\"^]*r[\\"^]*i[\\"^]*f[\\"^]*y[\\"^]*n[\\"^]*a[\\"^]*t[\\"^]*i[\\"^]*v[\\"^]*e|s[\\"^]*(?:i[\\"^]*i[\\"^]*s[\\"^]*e[\\"^]*x[\\"^]*e[\\"^]*l[\\"^]*a[\\"^]*u[\\"^]*n[\\"^]*c[\\"^]*h|j[\\"^]*i[\\"^]*t[\\"^]*d[\\"^]*e[\\"^]*b[\\"^]*u[\\"^]*g[\\"^]*g)[\\"^]*e[\\"^]*r)|w[\\"^]*(?:a[\\"^]*b|(?:f|m[\\"^]*i)[\\"^]*c|i[\\"^]*n[\\"^]*(?:g[\\"^]*e[\\"^]*t|r[\\"^]*m|w[\\"^]*o[\\"^]*r[\\"^]*d)|l[\\"^]*r[\\"^]*m[\\"^]*d[\\"^]*r|o[\\"^]*r[\\"^]*k[\\"^]*f[\\"^]*o[\\"^]*l[\\"^]*d[\\"^]*e[\\"^]*r[\\"^]*s|s[\\"^]*(?:(?:c[\\"^]*r[\\"^]*i[\\"^]*p|r[\\"^]*e[\\"^]*s[\\"^]*e)[\\"^]*t|l)|t[\\"^]*[sv,.-/;-<>].*|u[\\"^]*a[\\"^]*u[\\"^]*c[\\"^]*l[\\"^]*t)|x[\\"^]*w[\\"^]*i[\\"^]*z[\\"^]*a[\\"^]*r[\\"^]*d|z[\\"^]*i[\\"^]*p[\\"^]*f[\\"^]*l[\\"^]*d[\\"^]*r)(?:.[\\"^]*[0-9A-Z_a-z]+)?b",
+      "@lt 2",
+      "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)",
+      "@rx rn(?s:.)*?b(?:(?:QUI|STA|RSE)(?i:T)|NOOP|CAPA)",
+      "@pmFromFile unix-shell.data",
+      "@rx (?i)(?:t[\\"^]*i[\\"^]*m[\\"^]*e|[nr;`{]|||?|&&?)[sv]*[sv\\"'-(,@]*(?:[\\"'.-9A-Z_a-z]+/|(?:[\\"'x5c^]*[0-9A-Z_a-z][\\"'x5c^]*:.*|[ \\"'.-9A-Zx5c^-_a-z]*)x5c)?[\\"^]*(?:a[\\"^]*(?:s[\\"^]*s[\\"^]*o[\\"^]*c|t[\\"^]*(?:m[\\"^]*a[\\"^]*d[\\"^]*m|t[\\"^]*r[\\"^]*i[\\"^]*b)|u[\\"^]*(?:d[\\"^]*i[\\"^]*t[\\"^]*p[\\"^]*o[\\"^]*l|t[\\"^]*o[\\"^]*(?:c[\\"^]*(?:h[\\"^]*k|o[\\"^]*n[\\"^]*v)|(?:f[\\"^]*m|m[\\"^]*o[\\"^]*u[\\"^]*n)[\\"^]*t)))|b[\\"^]*(?:c[\\"^]*d[\\"^]*(?:b[\\"^]*o[\\"^]*o|e[\\"^]*d[\\"^]*i)[\\"^]*t|(?:d[\\"^]*e[\\"^]*h[\\"^]*d|o[\\"^]*o[\\"^]*t)[\\"^]*c[\\"^]*f[\\"^]*g|i[\\"^]*t[\\"^]*s[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*i[\\"^]*n)|c[\\"^]*(?:a[\\"^]*c[\\"^]*l[\\"^]*s|e[\\"^]*r[\\"^]*t[\\"^]*(?:r[\\"^]*e[\\"^]*q|u[\\"^]*t[\\"^]*i[\\"^]*l)|h[\\"^]*(?:c[\\"^]*p|d[\\"^]*i[\\"^]*r|g[\\"^]*(?:l[\\"^]*o[\\"^]*g[\\"^]*o[\\"^]*n|p[\\"^]*o[\\"^]*r[\\"^]*t|u[\\"^]*s[\\"^]*r)|k[\\"^]*(?:d[\\"^]*s[\\"^]*k|n[\\"^]*t[\\"^]*f[\\"^]*s))|l[\\"^]*e[\\"^]*a[\\"^]*n[\\"^]*m[\\"^]*g[\\"^]*r|m[\\"^]*(?:d(?:[\\"^]*k[\\"^]*e[\\"^]*y)?|s[\\"^]*t[\\"^]*p)|s[\\"^]*c[\\"^]*r[\\"^]*i[\\"^]*p[\\"^]*t)|d[\\"^]*(?:c[\\"^]*(?:d[\\"^]*i[\\"^]*a[\\"^]*g|g[\\"^]*p[\\"^]*o[\\"^]*f[\\"^]*i[\\"^]*x)|e[\\"^]*(?:f[\\"^]*r[\\"^]*a[\\"^]*g|l)|f[\\"^]*s[\\"^]*(?:d[\\"^]*i[\\"^]*a|r[\\"^]*m[\\"^]*i)[\\"^]*g|i[\\"^]*(?:a[\\"^]*n[\\"^]*t[\\"^]*z|r|s[\\"^]*(?:k[\\"^]*(?:c[\\"^]*o[\\"^]*(?:m[\\"^]*p|p[\\"^]*y)|p[\\"^]*(?:a[\\"^]*r[\\"^]*t|e[\\"^]*r[\\"^]*f)|r[\\"^]*a[\\"^]*i[\\"^]*d|s[\\"^]*h[\\"^]*a[\\"^]*d[\\"^]*o[\\"^]*w)|p[\\"^]*d[\\"^]*i[\\"^]*a[\\"^]*g))|n[\\"^]*s[\\"^]*c[\\"^]*m[\\"^]*d|(?:o[\\"^]*s[\\"^]*k[\\"^]*e|r[\\"^]*i[\\"^]*v[\\"^]*e[\\"^]*r[\\"^]*q[\\"^]*u[\\"^]*e[\\"^]*r)[\\"^]*y)|e[\\"^]*(?:n[\\"^]*d[\\"^]*l[\\"^]*o[\\"^]*c[\\"^]*a[\\"^]*l|v[\\"^]*e[\\"^]*n[\\"^]*t[\\"^]*c[\\"^]*r[\\"^]*e[\\"^]*a[\\"^]*t[\\"^]*e)|E[\\"^]*v[\\"^]*n[\\"^]*t[\\"^]*c[\\"^]*m[\\"^]*d|f[\\"^]*(?:c|i[\\"^]*(?:l[\\"^]*e[\\"^]*s[\\"^]*y[\\"^]*s[\\"^]*t[\\"^]*e[\\"^]*m[\\"^]*s|n[\\"^]*d[\\"^]*s[\\"^]*t[\\"^]*r)|l[\\"^]*a[\\"^]*t[\\"^]*t[\\"^]*e[\\"^]*m[\\"^]*p|o[\\"^]*r(?:[\\"^]*f[\\"^]*i[\\"^]*l[\\"^]*e[\\"^]*s)?|r[\\"^]*e[\\"^]*e[\\"^]*d[\\"^]*i[\\"^]*s[\\"^]*k|s[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l|(?:t[\\"^]*y[\\"^]*p|v[\\"^]*e[\\"^]*u[\\"^]*p[\\"^]*d[\\"^]*a[\\"^]*t)[\\"^]*e)|g[\\"^]*(?:e[\\"^]*t[\\"^]*(?:m[\\"^]*a[\\"^]*c|t[\\"^]*y[\\"^]*p[\\"^]*e)|o[\\"^]*t[\\"^]*o|p[\\"^]*(?:f[\\"^]*i[\\"^]*x[\\"^]*u[\\"^]*p|(?:r[\\"^]*e[\\"^]*s[\\"^]*u[\\"^]*l[\\"^]*)?t|u[\\"^]*p[\\"^]*d[\\"^]*a[\\"^]*t[\\"^]*e)|r[\\"^]*a[\\"^]*f[\\"^]*t[\\"^]*a[\\"^]*b[\\"^]*l)|h[\\"^]*(?:e[\\"^]*l[\\"^]*p[\\"^]*c[\\"^]*t[\\"^]*r|o[\\"^]*s[\\"^]*t[\\"^]*n[\\"^]*a[\\"^]*m[\\"^]*e)|i[\\"^]*(?:c[\\"^]*a[\\"^]*c[\\"^]*l[\\"^]*s|f|p[\\"^]*(?:c[\\"^]*o[\\"^]*n[\\"^]*f[\\"^]*i[\\"^]*g|x[\\"^]*r[\\"^]*o[\\"^]*u[\\"^]*t[\\"^]*e)|r[\\"^]*f[\\"^]*t[\\"^]*p)|j[\\"^]*e[\\"^]*t[\\"^]*p[\\"^]*a[\\"^]*c[\\"^]*k|k[\\"^]*(?:l[\\"^]*i[\\"^]*s[\\"^]*t|s[\\"^]*e[\\"^]*t[\\"^]*u[\\"^]*p|t[\\"^]*(?:m[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l|p[\\"^]*a[\\"^]*s[\\"^]*s))|l[\\"^]*(?:o[\\"^]*(?:d[\\"^]*c[\\"^]*t[\\"^]*r|g[\\"^]*(?:m[\\"^]*a[\\"^]*n|o[\\"^]*f[\\"^]*f))|p[\\"^]*[q-r])|m[\\"^]*(?:a[\\"^]*(?:c[\\"^]*f[\\"^]*i[\\"^]*l[\\"^]*e|k[\\"^]*e[\\"^]*c[\\"^]*a[\\"^]*b|p[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*i[\\"^]*n)|k[\\"^]*(?:d[\\"^]*i[\\"^]*r|l[\\"^]*i[\\"^]*n[\\"^]*k)|m[\\"^]*c|o[\\"^]*u[\\"^]*n[\\"^]*t[\\"^]*v[\\"^]*o[\\"^]*l|q[\\"^]*(?:b[\\"^]*k[\\"^]*u[\\"^]*p|(?:t[\\"^]*g[\\"^]*)?s[\\"^]*v[\\"^]*c)|s[\\"^]*(?:d[\\"^]*t|i[\\"^]*(?:e[\\"^]*x[\\"^]*e[\\"^]*c|n[\\"^]*f[\\"^]*o[\\"^]*3[\\"^]*2)|t[\\"^]*s[\\"^]*c))|n[\\"^]*(?:b[\\"^]*t[\\"^]*s[\\"^]*t[\\"^]*a[\\"^]*t|e[\\"^]*t[\\"^]*(?:c[\\"^]*f[\\"^]*g|d[\\"^]*o[\\"^]*m|s[\\"^]*(?:h|t[\\"^]*a[\\"^]*t))|f[\\"^]*s[\\"^]*(?:a[\\"^]*d[\\"^]*m[\\"^]*i[\\"^]*n|s[\\"^]*(?:h[\\"^]*a[\\"^]*r[\\"^]*e|t[\\"^]*a[\\"^]*t))|l[\\"^]*(?:b[\\"^]*m[\\"^]*g[\\"^]*r|t[\\"^]*e[\\"^]*s[\\"^]*t)|s[\\"^]*l[\\"^]*o[\\"^]*o[\\"^]*k[\\"^]*u[\\"^]*p|t[\\"^]*(?:b[\\"^]*a[\\"^]*c[\\"^]*k[\\"^]*u[\\"^]*p|c[\\"^]*m[\\"^]*d[\\"^]*p[\\"^]*r[\\"^]*o[\\"^]*m[\\"^]*p[\\"^]*t|f[\\"^]*r[\\"^]*s[\\"^]*u[\\"^]*t[\\"^]*l))|o[\\"^]*(?:f[\\"^]*f[\\"^]*l[\\"^]*i[\\"^]*n[\\"^]*e|p[\\"^]*e[\\"^]*n[\\"^]*f[\\"^]*i[\\"^]*l[\\"^]*e[\\"^]*s)|p[\\"^]*(?:a[\\"^]*(?:g[\\"^]*e[\\"^]*f[\\"^]*i[\\"^]*l[\\"^]*e[\\"^]*c[\\"^]*o[\\"^]*n[\\"^]*f[\\"^]*i|t[\\"^]*h[\\"^]*p[\\"^]*i[\\"^]*n)[\\"^]*g|(?:b[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*i|k[\\"^]*t[\\"^]*m[\\"^]*o)[\\"^]*n|e[\\"^]*(?:n[\\"^]*t[\\"^]*n[\\"^]*t|r[\\"^]*f[\\"^]*m[\\"^]*o[\\"^]*n)|n[\\"^]*p[\\"^]*u[\\"^]*(?:n[\\"^]*a[\\"^]*t[\\"^]*t[\\"^]*e[\\"^]*n[\\"^]*d|t[\\"^]*i[\\"^]*l)|o[\\"^]*(?:p[\\"^]*d|w[\\"^]*e[\\"^]*r[\\"^]*s[\\"^]*h[\\"^]*e[\\"^]*l[\\"^]*l)|r[\\"^]*n[\\"^]*(?:c[\\"^]*n[\\"^]*f[\\"^]*g|(?:d[\\"^]*r[\\"^]*v|m[\\"^]*n[\\"^]*g)[\\"^]*r|j[\\"^]*o[\\"^]*b[\\"^]*s|p[\\"^]*o[\\"^]*r[\\"^]*t|q[\\"^]*c[\\"^]*t[\\"^]*l)|u[\\"^]*(?:b[\\"^]*p[\\"^]*r[\\"^]*n|s[\\"^]*h[\\"^]*(?:d|p[\\"^]*r[\\"^]*i[\\"^]*n[\\"^]*t[\\"^]*e[\\"^]*r[\\"^]*c[\\"^]*o[\\"^]*n[\\"^]*n[\\"^]*e[\\"^]*c[\\"^]*t[\\"^]*i[\\"^]*o[\\"^]*n[\\"^]*s))|w[\\"^]*(?:l[\\"^]*a[\\"^]*u[\\"^]*n[\\"^]*c[\\"^]*h[\\"^]*e[\\"^]*r|s[\\"^]*h))|q[\\"^]*(?:a[\\"^]*p[\\"^]*p[\\"^]*s[\\"^]*r[\\"^]*v|p[\\"^]*r[\\"^]*o[\\"^]*c[\\"^]*e[\\"^]*s[\\"^]*s|u[\\"^]*s[\\"^]*e[\\"^]*r|w[\\"^]*i[\\"^]*n[\\"^]*s[\\"^]*t[\\"^]*a)|r[\\"^]*(?:d(?:[\\"^]*p[\\"^]*s[\\"^]*i[\\"^]*g[\\"^]*n)?|e[\\"^]*(?:f[\\"^]*s[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l|g(?:[\\"^]*(?:i[\\"^]*n[\\"^]*i|s[\\"^]*v[\\"^]*r[\\"^]*3[\\"^]*2))?|l[\\"^]*o[\\"^]*g|(?:(?:p[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*i|s[\\"^]*c[\\"^]*a)[\\"^]*)?n|x[\\"^]*e[\\"^]*c)|i[\\"^]*s[\\"^]*e[\\"^]*t[\\"^]*u[\\"^]*p|m[\\"^]*d[\\"^]*i[\\"^]*r|o[\\"^]*b[\\"^]*o[\\"^]*c[\\"^]*o[\\"^]*p[\\"^]*y|p[\\"^]*c[\\"^]*(?:i[\\"^]*n[\\"^]*f[\\"^]*o|p[\\"^]*i[\\"^]*n[\\"^]*g)|s[\\"^]*h|u[\\"^]*n[\\"^]*d[\\"^]*l[\\"^]*l[\\"^]*3[\\"^]*2|w[\\"^]*i[\\"^]*n[\\"^]*s[\\"^]*t[\\"^]*a)|s[\\"^]*(?:a[\\"^]*n|c[\\"^]*(?:h[\\"^]*t[\\"^]*a[\\"^]*s[\\"^]*k[\\"^]*s|w[\\"^]*c[\\"^]*m[\\"^]*d)|e[\\"^]*(?:c[\\"^]*e[\\"^]*d[\\"^]*i[\\"^]*t|r[\\"^]*v[\\"^]*e[\\"^]*r[\\"^]*(?:(?:c[\\"^]*e[\\"^]*i[\\"^]*p|w[\\"^]*e[\\"^]*r)[\\"^]*o[\\"^]*p[\\"^]*t[\\"^]*i[\\"^]*n|m[\\"^]*a[\\"^]*n[\\"^]*a[\\"^]*g[\\"^]*e[\\"^]*r[\\"^]*c[\\"^]*m[\\"^]*d)|t[\\"^]*x)|f[\\"^]*c|(?:h[\\"^]*o[\\"^]*w[\\"^]*m[\\"^]*o[\\"^]*u[\\"^]*n|u[\\"^]*b[\\"^]*s)[\\"^]*t|x[\\"^]*s[\\"^]*t[\\"^]*r[\\"^]*a[\\"^]*c[\\"^]*e|y[\\"^]*s[\\"^]*(?:o[\\"^]*c[\\"^]*m[\\"^]*g[\\"^]*r|t[\\"^]*e[\\"^]*m[\\"^]*i[\\"^]*n[\\"^]*f[\\"^]*o))|t[\\"^]*(?:a[\\"^]*(?:k[\\"^]*e[\\"^]*o[\\"^]*w[\\"^]*n|p[\\"^]*i[\\"^]*c[\\"^]*f[\\"^]*g|s[\\"^]*k[\\"^]*(?:k[\\"^]*i[\\"^]*l[\\"^]*l|l[\\"^]*i[\\"^]*s[\\"^]*t))|(?:c[\\"^]*m[\\"^]*s[\\"^]*e[\\"^]*t[\\"^]*u|f[\\"^]*t)[\\"^]*p|(?:(?:e[\\"^]*l[\\"^]*n[\\"^]*e|i[\\"^]*m[\\"^]*e[\\"^]*o[\\"^]*u)[\\"^]*|r[\\"^]*a[\\"^]*c[\\"^]*e[\\"^]*r[\\"^]*(?:p[\\"^]*)?)t|l[\\"^]*n[\\"^]*t[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*n|p[\\"^]*m[\\"^]*(?:t[\\"^]*o[\\"^]*o[\\"^]*l|v[\\"^]*s[\\"^]*c[\\"^]*m[\\"^]*g[\\"^]*r)|s[\\"^]*(?:(?:d[\\"^]*i[\\"^]*s[\\"^]*)?c[\\"^]*o[\\"^]*n|e[\\"^]*c[\\"^]*i[\\"^]*m[\\"^]*p|k[\\"^]*i[\\"^]*l[\\"^]*l|p[\\"^]*r[\\"^]*o[\\"^]*f)|y[\\"^]*p[\\"^]*e[\\"^]*p[\\"^]*e[\\"^]*r[\\"^]*f|z[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l)|u[\\"^]*n[\\"^]*(?:e[\\"^]*x[\\"^]*p[\\"^]*o[\\"^]*s[\\"^]*e|i[\\"^]*q[\\"^]*u[\\"^]*e[\\"^]*i[\\"^]*d|l[\\"^]*o[\\"^]*d[\\"^]*c[\\"^]*t[\\"^]*r)|v[\\"^]*(?:o[\\"^]*l|s[\\"^]*s[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*i[\\"^]*n)|w[\\"^]*(?:a[\\"^]*i[\\"^]*t[\\"^]*f[\\"^]*o[\\"^]*r|b[\\"^]*a[\\"^]*d[\\"^]*m[\\"^]*i[\\"^]*n|(?:d[\\"^]*s|e[\\"^]*(?:c|v[\\"^]*t))[\\"^]*u[\\"^]*t[\\"^]*i[\\"^]*l|h[\\"^]*(?:e[\\"^]*r[\\"^]*e|o[\\"^]*a[\\"^]*m[\\"^]*i)|i[\\"^]*n[\\"^]*(?:n[\\"^]*t(?:[\\"^]*3[\\"^]*2)?|r[\\"^]*s)|m[\\"^]*i[\\"^]*c|s[\\"^]*c[\\"^]*r[\\"^]*i[\\"^]*p[\\"^]*t)|x[\\"^]*c[\\"^]*o[\\"^]*p[\\"^]*y)(?:.[\\"^]*[0-9A-Z_a-z]+)?b",
+      "@rx (?i)(?:(?:^|=)[sv]*(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*|(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*)[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:c|a(?:ll|tch)[sv&)<>|]|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))",
+      "@rx b(?:for(?:/[dflr].*)? %+[^ ]+ in(.*)[sv]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)b|[ (].*(?:b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))b|==)))",
+      "@rx ba[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?sb[sv]+[!-\\"%',0-9@-Z_a-z]+=[^sv]",
+      "@rx (?i).|(?:[sv]*|t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:7[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|G[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?E[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?T|a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:b|(?:p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?t|r(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[jp])?|s(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ks])|b[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[8-9][\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?9|[au][\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|c|(?:m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?p|s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dfu]|i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[gr])|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[bdx]|n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|q[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|s(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?)|f[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[c-dgi]|m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|g[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[chr][\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|o|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)|i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[dp]|r[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b)|j[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:j[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|q)|k[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|l[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)?|[nps]|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?a|z(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n|t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|v)|n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[cl]|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?t|(?:p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|o[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[at][\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?x|d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|f|(?:k[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?g|h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cp]|r(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?y)?|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r|c(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dv]|(?:p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?m)|s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dt]|[g-hu]|s(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)?|v[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:a[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[cr]|b[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?l|[co][\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[ex]|i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c)|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|l)|v[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:3[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m|c)|x[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:x[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|z)|y[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)|z[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h))",
+      "@rx ^(s*)s+{",
+      "@rx (?i)(?:^|=)[sv]*(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:7[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:b[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|[ckz][\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|(?:h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?4)?)|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)?|s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h|v[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)[sv&)<>|]",
+      "@rx ^[^.]+.[^;?]+[;?](.*(['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]))",
+      "@rx ;[sv]*.[sv]*[\\"']?(?:a(?:rchive|uth)|b(?:a(?:ckup|il)|inary)|c(?:d|h(?:anges|eck)|lone|onnection)|d(?:atabases|b(?:config|info)|ump)|e(?:cho|qp|x(?:cel|it|p(?:ert|lain)))|f(?:ilectrl|ullschema)|he(?:aders|lp)|i(?:mpo(?:rt|ster)|ndexes|otrace)|l(?:i(?:mi|n)t|o(?:ad|g))|(?:mod|n(?:onc|ullvalu)|unmodul)e|o(?:nce|pen|utput)|p(?:arameter|r(?:int|o(?:gress|mpt)))|quit|re(?:ad|cover|store)|s(?:ave|c(?:anstats|hema)|e(?:lftest|parator|ssion)|h(?:a3sum|ell|ow)?|tats|ystem)|t(?:ables|estc(?:ase|trl)|ime(?:out|r)|race)|vfs(?:info|list|name)|width)",
+      "@rx ^[^.]*?(?:['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{])",
+      "@rx rn(?s:.)*?b(?:(?i:E)(?:HLO [--.A-Za-zx17fx212a]{1,255}|XPN .{1,64})|HELO [--.A-Za-zx17fx212a]{1,255}|MAIL FROM:<.{1,64}(?i:@).{1,255}(?i:>)|(?i:R)(?:CPT TO:(?:(?i:<).{1,64}(?i:@).{1,255}(?i:>)|(?i: ))?(?i:<).{1,64}(?i:>)|SETb)|VRFY .{1,64}(?: <.{1,64}(?i:@).{1,255}(?i:>)|(?i:@).{1,255})|AUTH [-0-9A-Z_a-zx17fx212a]{1,20}(?i: )(?:(?:[+/-9A-Z_a-zx17fx212a]{4})*(?:[+/-9A-Z_a-zx17fx212a]{2}(?i:=)|[+/-9A-Z_a-zx17fx212a]{3}))?(?i:=)|STARTTLSb|NOOPb(?:(?i: ).{1,255})?)",
+      "@rx $(?:((?:.*|(.*)))|{.*})|[<>](.*)|/[0-9A-Z_a-z]*[!?.+]",
+      "@pmFromFile windows-powershell-commands.data",
+      "!@rx [0-9]s*'s*[0-9]",
+      "@rx (?i)(?:(?:^|=)[sv]*(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*|(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*)[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|an|io|ulimit)|s(?:h|plit|vtool)|u(?:(?:t|rl)[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|inks|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|s(?:ed|ftp|ql)|u(?:ppet[sv&)<>|]|shd)|ython[^sv])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash|nap)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[sv&)<>|]|diff)|ew[sv&)<>|]|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:3m|c|a(?:ll|tch)[sv&)<>|]|get|h(?:iptail[sv&)<>|]|o(?:ami|is))|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))",
+      "@lt 3",
+      "@rx (?i)(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:7[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[arx])?|(?:(?:b[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|x)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z|h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|[ckz][\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h|d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?f|e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:n[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?v|s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?h)|f[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[dg]|g[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:[&,<>|]|(?:[--.0-9A-Z_a-z][\\"'[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#*-0-9?-@_a-{]*)?x5c?)+[sv&,<>|]).*|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?g)|i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?r[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?b|l[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:s|z[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:4|[sv&),<>|].*))|p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:h[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|x[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?z)|r[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?c(?:[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*)?|s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?(?:c[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|(?:e[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d|(?:s[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?)?h)[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?[sv&),<>|].*|v[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?n)|u[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?d[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?p|w[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?3[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m)b",
+      "@rx (?i)[-0-9_a-z]+(?:[\\"'[-]]+|$+[!#*-0-9?-@x5c_a-{]+|``|[$<>]())[sv]*[-0-9_a-z]+",
+      "@rx (?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[nr;`{]|||?|&&?|$(?:((?|{)|[<>](|([sv]*))[sv]*(?:[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*.[sv].*b",
+      "@rx rn(?s:.)*?b(?:DATA|QUIT|HELP(?: .{1,255})?)",
+      "@rx (?i)(?:[nr;`{]|||?|&&?)[sv]*[sv\\"'-(,@]*(?:[\\"'.-9A-Z_a-z]+/|(?:[\\"'x5c^]*[0-9A-Z_a-z][\\"'x5c^]*:.*|[ \\"'.-9A-Zx5c^-_a-z]*)x5c)?[\\"^]*(?:(?:a[\\"^]*(?:c|s[\\"^]*n[\\"^]*p)|e[\\"^]*(?:b[\\"^]*p|p[\\"^]*(?:a[\\"^]*l|c[\\"^]*s[\\"^]*v|s[\\"^]*n)|[tx][\\"^]*s[\\"^]*n)|f[\\"^]*(?:[cltw]|o[\\"^]*r[\\"^]*e[\\"^]*a[\\"^]*c[\\"^]*h)|i[\\"^]*(?:[cr][\\"^]*m|e[\\"^]*x|h[\\"^]*y|i|p[\\"^]*(?:a[\\"^]*l|c[\\"^]*s[\\"^]*v|m[\\"^]*o|s[\\"^]*n)|s[\\"^]*e|w[\\"^]*(?:m[\\"^]*i|r))|m[\\"^]*(?:a[\\"^]*n|[dipv]|o[\\"^]*u[\\"^]*n[\\"^]*t)|o[\\"^]*g[\\"^]*v|p[\\"^]*(?:o[\\"^]*p|u[\\"^]*s[\\"^]*h)[\\"^]*d|t[\\"^]*r[\\"^]*c[\\"^]*m|w[\\"^]*j[\\"^]*b)[\\"^]*[sv,.-/;-<>].*|c[\\"^]*(?:(?:(?:d|h[\\"^]*d[\\"^]*i[\\"^]*r|v[\\"^]*p[\\"^]*a)[\\"^]*|p[\\"^]*(?:[ip][\\"^]*)?)[sv,.-/;-<>].*|l[\\"^]*(?:(?:[cipv]|h[\\"^]*y)[\\"^]*[sv,.-/;-<>].*|s)|n[\\"^]*s[\\"^]*n)|d[\\"^]*(?:(?:b[\\"^]*p|e[\\"^]*l|i[\\"^]*(?:f[\\"^]*f|r))[\\"^]*[sv,.-/;-<>].*|n[\\"^]*s[\\"^]*n)|g[\\"^]*(?:(?:(?:(?:a[\\"^]*)?l|b[\\"^]*p|d[\\"^]*r|h[\\"^]*y|(?:w[\\"^]*m[\\"^]*)?i|j[\\"^]*b|[u-v])[\\"^]*|c[\\"^]*(?:[ims][\\"^]*)?|m[\\"^]*(?:o[\\"^]*)?|s[\\"^]*(?:n[\\"^]*(?:p[\\"^]*)?|v[\\"^]*))[sv,.-/;-<>].*|e[\\"^]*r[\\"^]*r|p[\\"^]*(?:(?:s[\\"^]*)?[sv,.-/;-<>].*|v))|l[\\"^]*s|n[\\"^]*(?:(?:a[\\"^]*l|d[\\"^]*r|[iv]|m[\\"^]*o|s[\\"^]*n)[\\"^]*[sv,.-/;-<>].*|p[\\"^]*s[\\"^]*s[\\"^]*c)|r[\\"^]*(?:(?:(?:(?:b[\\"^]*)?p|e[\\"^]*n|(?:w[\\"^]*m[\\"^]*)?i|j[\\"^]*b|n[\\"^]*[ip])[\\"^]*|d[\\"^]*(?:r[\\"^]*)?|m[\\"^]*(?:(?:d[\\"^]*i[\\"^]*r|o)[\\"^]*)?|s[\\"^]*n[\\"^]*(?:p[\\"^]*)?|v[\\"^]*(?:p[\\"^]*a[\\"^]*)?)[sv,.-/;-<>].*|c[\\"^]*(?:j[\\"^]*b[\\"^]*[sv,.-/;-<>].*|s[\\"^]*n)|u[\\"^]*j[\\"^]*b)|s[\\"^]*(?:(?:(?:a[\\"^]*(?:j[\\"^]*b|l|p[\\"^]*s|s[\\"^]*v)|b[\\"^]*p|[civ]|w[\\"^]*m[\\"^]*i)[\\"^]*|l[\\"^]*(?:s[\\"^]*)?|p[\\"^]*(?:(?:j[\\"^]*b|p[\\"^]*s|s[\\"^]*v)[\\"^]*)?)[sv,.-/;-<>].*|h[\\"^]*c[\\"^]*m|u[\\"^]*j[\\"^]*b))(?:.[\\"^]*[0-9A-Z_a-z]+)?b",
+      "@rx /",
+      "@rx !-d",
+      "@rx s",
+      "@lt 1",
+      "@rx (?i)b(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[sv&)<>|]|a(?:(?:b|w[ks]|l(?:ias|pine))[sv&)<>|]|pt(?:(?:itude)?[sv&)<>|]|-get)|r(?:[sv&)<>j|]|(?:p|ch)[sv&)<>|]|ia2c)|s(?:h?[sv&)<>|]|cii(?:-xfr|85)|pell)|t(?:[sv&)<>|]|obm)|dd(?:group|user)|getty|nsible-playbook|xel)|b(?:z(?:z[sv&)<>|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[sv&)<>|]|c))|h[sv&)<>|])|tch[sv&)<>|])|lkid|pftrace|r(?:eaksw|idge[sv&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[sv&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[8-9]9|(?:a(?:t|ncel|psh)|c)[sv&)<>|]|mp|p(?:[sv&)<>|]|io|ulimit)|s(?:h|plit|vtool)|u(?:t[sv&)<>|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[sv&)<>|]|eck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[sv&)<>|]|++)|o(?:(?:b|pro)c|lumn[sv&)<>|]|m(?:m(?:and[sv&)<>|])?|p(?:oser|ress)[sv&)<>|])|w(?:say|think))|r(?:ash[sv&)<>|]|on(?:tab)?))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[sv&)<>|]|n?f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[sv&)<>|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[sv&)<>|]|n(?:v(?:-update)?|d(?:if|sw))|qn|s(?:[sv&)<>h|]|ac)|x(?:(?:ec)?[sv&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[sv&)<>|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[sv&)<>|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[sv&)<>|]|le(?:[sv&)<>|]|test))|mt|tp(?:[sv&)<>|]|stats|who)|acter|o(?:ld[sv&)<>|]|reach)|ping)|g(?:c(?:c[^sv]|ore)|db|e(?:(?:m|tfacl)[sv&)<>|]|ni(?:e[sv&)<>|]|soimage))|hci?|i(?:(?:t|mp)[sv&)<>|]|nsh)|(?:o|awk)[sv&)<>|]|pg|r(?:c|ep[sv&)<>|]|oup(?:[sv&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[sv&)<>|]|e(?:ad[sv&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[sv&)<>|]|onice|spell)|j(?:js|q|ava[sv&)<>|]|exec|o(?:(?:bs|in)[sv&)<>|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[sv&)<>|]|all)|nife[sv&)<>|])|l(?:d(?:d?[sv&)<>|]|config)|(?:[np]|ynx)[sv&)<>|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[sv&)<>|]|(?:la)?tex)|z(?:[sv&)4<>|]|4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[sv&)<>|]|comm|log(?:in)?)|tex[sv&)<>|])|ess(?:[sv&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[sv&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[sv&)<>|]|il(?:[sv&)<>q|]|x[sv&)<>|])|ster.passwd|wk)|tr|(?:v|utt)[sv&)<>|]|k(?:dir[sv&)<>|]|fifo|nod|temp)|locate|o(?:(?:re|unt)[sv&)<>|]|squitto)|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[sv&)<>|]|.(?:openbsd|traditional)|at)|e(?:t(?:[sv&)<>|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[sv&)<>|]|m(?:[sv&)<>|]|ap)|p(?:m[sv&)<>|]|ing)|a(?:no[sv&)<>|]|sm|wk)|o(?:de[sv&)<>|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[sv&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|cman|rted|tch)[sv&)<>|]|s(?:swd|te[sv&)<>|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[sv&)<>|]|tp)|g(?:rep)?|hp(?:[sv&)57<>|]|-cgi)|i(?:(?:co?|ng)[sv&)<>|]|p[^sv]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[sv&)<>|]|int(?:env|f[sv&)<>|]))|s(?:[sv&)<>|]|ed|ftp|ql)?|t(?:x|ar(?:diff|grep)?)|wd(?:.db)?|xz|er(?:f|l(?:5|sh)?|ms[sv&)<>|])|opd|u(?:ppet[sv&)<>|]|shd)|ython[2-3])|r(?:a(?:r[sv&)<>|]|k(?:e[sv&)<>|]|u))|c(?:p[sv&)<>|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[sv&)<>|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[sv&)<>|]|user)|pm(?:[sv&)<>|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[sv&)<>|]|sync|u(?:by[^sv]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|hed|r(?:een|ipt)[sv&)<>|])|e(?:(?:d|lf|rvice)[sv&)<>|]|t(?:arch|env|facl[sv&)<>|]|sid)?|ndmail)|(?:g|ash)[sv&)<>|]|h(?:(?:adow|ells)?[sv&)<>|]|.distrib|u(?:f|tdown[sv&)<>|]))|s(?:[sv&)<>|]|h(?:[sv&)<>|]|-key(?:ge|sca)n|pass))|u(?:[sv&)<>|]|do)|vn|diff|ftp|l(?:eep[sv&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[sv&)<>|])|p(?:lit[sv&)<>|]|wd.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[sv&)<>|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[sv&)<>|]|il[sv&)<>f|]|sk(?:[sv&)<>|]|set))|bl|c(?:p(?:[sv&)<>|]|dump|ing|traceroute)|l?sh)|e(?:[ex][sv&)<>|]|lnet)|i(?:c[sv&)<>|]|me(?:(?:out)?[sv&)<>|]|datectl))|o(?:p|uch[sv&)<>|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[sv&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[sv&)<>|]|expand|iq|l(?:ink[sv&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[sv&)<>|]|std))|p(?:2date[sv&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:(?:ew)?[sv&)<>|]|m(?:[sv&)<>|]|diff)|gr|pw|rsh)|algrind|olatility[sv&)<>|])|w(?:[sv&)<>c|]|h(?:o(?:[sv&)<>|]|ami|is)?|iptail[sv&)<>|])|a(?:ll|tch)[sv&)<>|]|i(?:reshark|sh[sv&)<>|]))|x(?:(?:x|pa)d|z(?:[sv&)<>|]|c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[sv&)<>|]|um)|z(?:ip(?:[sv&)<>|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[sv&)<>|])|f?grep|less|more|run|ypper))b",
+      "@rx (?i)(?:^|=)[sv]*(?:t[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?i[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?m[\\"')[-x5c]*(?:(?:(?:|||&&)[sv]*)?$[!#(*-0-9?-@_a-{]*)?x5c?e|[${]|(?:[sv]*(|!)[sv]*|[0-9A-Z_a-z]+=(?:[^sv]*|$(?:.*|.*)|[<>].*|'.*'|\\".*\\")[sv]+)*[sv]*[\\"']*(?:[\\"'-+--9?A-]_a-z|]+/)?[\\"'x5c]*(?:a(?:ddgroup|xel)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:g(?:passwd|rp)|pass|sh)|lang++|oproc|ron)|d(?:iff[sv&)<>|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[sv&)<>|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[e-f]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|erl5?|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[sv&)<>|])|tar(?:diff|grep)?|wd.db|ython[2-3])|r(?:(?:bas|ealpat)h|m(?:dir[sv&)<>|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h.distri|pwd.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[sv&)<>|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[e-f]?grep|less|more))|z(?:c(?:at|mp)|diff|[e-f]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))",
+      "@rx ['*?x5c`][^n/]+/|/[^/]+?['*?x5c`]|$[!#-$(*-0-9?-[_a-{]"
+    ]
+
 [http.middlewares.bad_bot_block_PHP]
   [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-config-directives.data"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pm ="]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-variables.data"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-function-names-933150.data"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?i)b(?["']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:*.**/|/.*)|#.*[sv]|")*["']*)?[sv]*(.*)"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx [oOcC]:d+:".+?":d+:{.*}"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+));"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-function-names-933151.data"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pm ("]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx .*.(?:phpd*|phtml)..*$"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pm ?>"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+))(?:;|$)?"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://",
+      "@pm =",
+      "@pmFromFile php-errors-pl2.data",
+      "@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)",
+      "@pmFromFile php-function-names-933151.data",
+      "@rx (?:((?:.+)(?:[\\"'][-0-9A-Z_a-z]+[\\"'])?(.+|[^)]*string[^)]*)[sv\\"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|[\\"'][-0-9A-Zx5c_a-z]+[\\"'])(.+))(?:;|$)?",
+      "@pmFromFile php-variables.data",
+      "@lt 4",
+      "@pmFromFile php-function-names-933150.data",
+      "@pmFromFile php-config-directives.data",
+      "@rx [oOcC]:d+:\\".+?\\":d+:{.*}",
+      "@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
+      "@rx (?:((?:.+)(?:[\\"'][-0-9A-Z_a-z]+[\\"'])?(.+|[^)]*string[^)]*)[sv\\"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|[\\"'][-0-9A-Zx5c_a-z]+[\\"'])(.+));",
+      "@lt 2",
+      "@pm ?>",
+      "@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI",
+      "@rx .*.(?:phpd*|phtml)..*$",
+      "@rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b",
+      "@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$",
+      "@pmFromFile php-errors.data",
+      "@lt 3",
+      "@rx (?i)b(?[\\"']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:*.**/|/.*)|#.*[sv]|\\")*[\\"']*)?[sv]*(.*)",
+      "@pm (",
+      "@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)",
+      "@lt 1",
+      "@rx (?i)<?(?:=|php)?s+",
+      "@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])"
+    ]
+
 [http.middlewares.bad_bot_block_GENERIC]
   [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)["'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[["'`](?:debug|error|info|trace|warn)["'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[["'`](?:(?:resolv|cach)e|main|extensions)["'`]])"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*("]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@pmFromFile ssrf.data"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx (?:__proto__|constructors*(?:.|[)s*prototype)"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx Process[sv]*.[sv]*spawn[sv]*("]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|"[^"]+"|'[^']+'|`[^`]+`)).*)"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx ^data:(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx [s*constructors*]"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@rx @{.*}"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_GENERIC]
-  [http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(",
+      "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[\\"'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)[\\"'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[[\\"'`](?:debug|error|info|trace|warn)[\\"'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[[\\"'`](?:(?:resolv|cach)e|main|extensions)[\\"'`]])",
+      "@lt 4",
+      "@lt 2",
+      "@rx Process[sv]*.[sv]*spawn[sv]*(",
+      "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))",
+      "@lt 1",
+      "@rx ^data:(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*",
+      "@rx [s*constructors*]",
+      "@lt 3",
+      "@pmFromFile ssrf.data",
+      "@rx (?:__proto__|constructors*(?:.|[)s*prototype)",
+      "@rx @{.*}",
+      "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\\"[^\\"]+\\"|'[^']+'|`[^`]+`)).*)"
+    ]
+
 [http.middlewares.bad_bot_block_XSS]
   [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@detectXSS"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<script[^>]*>[sS]*?"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv"'<>]*:)?[^0-9<>A-Z_a-z]*[^0-9A-Z_a-z]*?(?:s[^0-9A-Z_a-z]*?(?:c[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?t|t[^0-9A-Z_a-z]*?y[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e|v[^0-9A-Z_a-z]*?g|e[^0-9A-Z_a-z]*?t[^0-9>A-Z_a-z])|f[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?m|m[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?q[^0-9A-Z_a-z]*?u[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?e|e[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?a[^0-9>A-Z_a-z])|(?:l[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?k|o[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?j[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?c[^0-9A-Z_a-z]*?t|e[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?d|a[^0-9A-Z_a-z]*?(?:p[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?t|u[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?o|n[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?e)|p[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m|i?[^0-9A-Z_a-z]*?f[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?e|b[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?s[^0-9A-Z_a-z]*?e|o[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?y|i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?s)|i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a?[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?e?|v[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?o)[^0-9>A-Z_a-z])|(?:<[0-9A-Z_a-z].*[sv/]|["'](?:.*[sv/])?)(?:background|formaction|lowsrc|on(?:a(?:bort|ctivate|d(?:apteradded|dtrack)|fter(?:print|(?:scriptexecu|upda)te)|lerting|n(?:imation(?:cancel|end|iteration|start)|tennastatechange)|ppcommand|u(?:dio(?:end|process|start)|xclick))|b(?:e(?:fore(?:(?:(?:(?:de)?activa|scriptexecu)t|toggl)e|c(?:opy|ut)|editfocus|input|p(?:aste|rint)|u(?:nload|pdate))|gin(?:Event)?)|l(?:ocked|ur)|oun(?:ce|dary)|roadcast|usy)|c(?:a(?:(?:ch|llschang)ed|nplay(?:through)?|rdstatechange)|(?:ell|fstate)change|h(?:a(?:rging(?:time)?cha)?nge|ecking)|l(?:ick|ose)|o(?:m(?:mand(?:update)?|p(?:lete|osition(?:end|start|update)))|n(?:nect(?:ed|ing)|t(?:extmenu|rolselect))|py)|u(?:echange|t))|d(?:ata(?:(?:availabl|chang)e|error|setc(?:hanged|omplete))|blclick|e(?:activate|livery(?:error|success)|vice(?:found|light|(?:mo|orienta)tion|proximity))|i(?:aling|s(?:abled|c(?:hargingtimechange|onnect(?:ed|ing))))|o(?:m(?:a(?:ctivate|ttrmodified)|(?:characterdata|subtree)modified|focus(?:in|out)|mousescroll|node(?:inserted(?:intodocument)?|removed(?:fromdocument)?))|wnloading)|r(?:ag(?:drop|e(?:n(?:d|ter)|xit)|(?:gestur|leav)e|over|start)|op)|urationchange)|e(?:mptied|n(?:abled|d(?:ed|Event)?|ter)|rror(?:update)?|xit)|f(?:ailed|i(?:lterchange|nish)|o(?:cus(?:in|out)?|rm(?:change|input))|ullscreenchange)|g(?:amepad(?:axismove|button(?:down|up)|(?:dis)?connected)|et)|h(?:ashchange|e(?:adphoneschange|l[dp])|olding)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|put|valid))|key(?:down|press|up)|l(?:evelchange|o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|y)|m(?:ark|essage|o(?:use(?:down|enter|(?:lea|mo)ve|o(?:ut|ver)|up|wheel)|ve(?:end|start)?|z(?:a(?:fterpaint|udioavailable)|(?:beforeresiz|orientationchang|t(?:apgestur|imechang))e|(?:edgeui(?:c(?:ancel|omplet)|start)e|network(?:down|up)loa)d|fullscreen(?:change|error)|m(?:agnifygesture(?:start|update)?|ouse(?:hittest|pixelscroll))|p(?:ointerlock(?:change|error)|resstapgesture)|rotategesture(?:start|update)?|s(?:crolledareachanged|wipegesture(?:end|start|update)?))))|no(?:match|update)|o(?:(?:bsolet|(?:ff|n)lin)e|pen|verflow(?:changed)?)|p(?:a(?:ge(?:hide|show)|int|(?:st|us)e)|lay(?:ing)?|o(?:inter(?:down|enter|(?:(?:lea|mo)v|rawupdat)e|o(?:ut|ver)|up)|p(?:state|up(?:hid(?:den|ing)|show(?:ing|n))))|ro(?:gress|pertychange))|r(?:atechange|e(?:adystatechange|ceived|movetrack|peat(?:Event)?|quest|s(?:et|ize|u(?:lt|m(?:e|ing)))|trieving)|ow(?:e(?:nter|xit)|s(?:delete|inserted)))|s(?:croll(?:end)?|e(?:arch|ek(?:complete|ed|ing)|lect(?:ionchange|start)?|n(?:ding|t)|t)|how|(?:ound|peech)(?:end|start)|t(?:a(?:lled|rt|t(?:echange|uschanged))|k(?:comma|sessione)nd|op)|u(?:bmit|ccess|spend)|vg(?:abort|error|(?:un)?load|resize|scroll|zoom))|t(?:ext|ime(?:out|update)|o(?:ggle|uch(?:cancel|en(?:d|ter)|(?:lea|mo)ve|start))|ransition(?:cancel|end|run|start))|u(?:n(?:derflow|handledrejection|load)|p(?:dateready|gradeneeded)|s(?:erproximity|sdreceived))|v(?:ersion|o(?:ic|lum)e)change|w(?:a(?:it|rn)ing|ebkit(?:animation(?:end|iteration|start)|transitionend)|heel)|zoom)|ping|s(?:rc|tyle))[x08-nf-r ]*?="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:["']|W*?uW*?rW*?l[sS]*?()|[^-]*?-W*?mW*?oW*?zW*?-W*?bW*?iW*?nW*?dW*?iW*?nW*?g[^:]*?:W*?uW*?rW*?l[sS]*?("]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata["]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)(?:v|&#(?:0*8|x0*5)[36];)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*6[26]|x0*(?:98|42));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))."]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<EMBED[s/+].*?(?:src|type).*?="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx <[?]?import[s/+S]*?implementation[s/+]*?="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*["'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i:<META[s/+].*?charset[s/+]*=)"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<LINK[s/+].*?href[s/+]*="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<BASE[s/+].*?href[s/+]*="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<APPLET[s/+>]"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx ![!+ ][]"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa)[sv]*("]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@detectXSS"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)[s"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@contains -->"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i:["'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx (?i)["'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?="]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@rx {{.*?}}"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_XSS]
-  [http.middlewares.bad_bot_block_XSS.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@detectSQLi"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)["'`](?:[sv]*![sv]*["'0-9A-Z_-z]|;?[sv]*(?:having|select|unionb[sv]*(?:all|(?:distin|sele)ct))b[sv]*[^sv])|b(?:(?:(?:c(?:onnection_id|urrent_user)|database|schema|user)[sv]*?|select.*?[0-9A-Z_a-z]?user)(|exec(?:ute)?[sv]+master.|from[^0-9A-Z_a-z]+information_schema[^0-9A-Z_a-z]|into[sv+]+(?:dump|out)file[sv]*?["'`]|union(?:[sv]select[sv]@|[sv(0-9A-Z_a-z]*?select))|[sv]*?exec(?:ute)?.*?[^0-9A-Z_a-z]xp_cmdshell|[^0-9A-Z_a-z]iif[sv]*?("]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|["'`](?:;*?[sv]*?waitfor[sv]+(?:time|delay)[sv]+["'`]|;.*?:[sv]*?goto)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i:merge.*?usings*?(|executes*?immediates*?["'`]|matchs*?[w(),+-]+s*?againsts*?()"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)union.*?select.*?from"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?["'`]+[sv]?[0-9]|;[sv]*?shutdown[sv]*?(?:[#;{]|/*|--)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|["'0-9A-Z_-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:(?:(?:(?:cre|trunc)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]+[0-9A-Z_a-z]+|u(?:pdate[sv]+[0-9A-Z_a-z]+|nion[sv]*(?:all|(?:sele|distin)ct)b)|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject))b)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i:/*[!+](?:[ws=_-()]+)?*/)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ^(?:[^']*'|[^"]*"|[^`]*`)[sv]*;"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)1.e[(-),]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ["'`][[{].*[]}]["'`].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)["'`][[{].*[]}]["'`]|json_extract.*(.*)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?:^s*["'`;]+|["'`]+s*$)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?["'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[sv]*()|r(?:egexp|like)[sv]+binary|not[sv]+between[sv]+(?:0[sv]+and|(?:'[^']*'|"[^"]*")[sv]+and[sv]+(?:'[^']*'|"[^"]*"))|is[sv]+null|like[sv]+(?:null|[0-9A-Z_a-z]+[sv]+escapeb)|(?:^|[^0-9A-Z_a-z])in[sv+]*([sv"0-9]+[^(-)]*)|[!<->]{1,2}[sv]*allb"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:=|<=>|(?:sounds[sv]+)?like|glob|r(?:like|egexp))[sv"'-)`]*?b([0-9A-Z_a-z]+)b"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@streq %{TX.2}"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)[sv"'-)`]*?b([0-9A-Z_a-z]+)b[sv"'-)`]*?(?:![<->]|<[=->]?|>=?|^|is[sv]+not|not[sv]+(?:like|r(?:like|egexp)))[sv"'-)`]*?b([0-9A-Z_a-z]+)b"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["!@streq %{TX.2}"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*("]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:/*)+["'`]+[sv]?(?:--|[#{]|/*)?|["'`](?:[sv]*(?:(?:x?or|and|div|like|between)[sv-0-9A-Z_a-z]+[(-)+--<->][sv]*["'0-9`]|[!=|](?:[sv -!+-0-9=]+.*?["'-(`].*?|[sv -!0-9=]+.*?[0-9]+)$|(?:like|print)[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|;)|(?:[<>~]+|[sv]*[^sv0-9A-Z_a-z]?=[sv]*|[^0-9A-Z_a-z]*?[+=]+[^0-9A-Z_a-z]*?)["'`])|[0-9]["'`][sv]+["'`][sv]+[0-9]|^admin[sv]*?["'`]|[sv"'-(`][sv]*?glob[^0-9A-Z_a-z]+["'-(0-9A-Z_-z]|[sv]is[sv]*?0[^0-9A-Z_a-z]|where[sv][sv,-.0-9A-Z_a-z]+[sv]="]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i),.*?["')0-9`-f]["'`](?:["'`].*?["'`]|(?:r?n)?z|[^"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]*?([sv]*?space[sv]*?("]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?["'-)=`]|[0-9](?:[sv]*?(?:and|between|div|like|x?or)[sv]*?[0-9]+[sv]*?[+-]|[sv]+group[sv]+by.+()|/[0-9A-Z_a-z]+;?[sv]+(?:and|between|div|having|like|x?or|select)[^0-9A-Z_a-z]|(?:[#;]|--)[sv]*?(?:alter|drop|(?:insert|update)[sv]*?[0-9A-Z_a-z]{2,})|@.+=[sv]*?([sv]*?select|[^0-9A-Z_a-z]SET[sv]*?@[0-9A-Z_a-z]+"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)["'`][sv]*?(?:(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)[sv]+[sv0-9A-Z_a-z]+=[sv]*?[0-9A-Z_a-z]+[sv]*?having[sv]+|like[^0-9A-Z_a-z]*?["'0-9`])|[0-9A-Z_a-z][sv]+like[sv]+["'`]|like[sv]*?["'`]%|select[sv]+?[sv"'-),-.0-9A-[]_-z]+from[sv]+"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|["'`][sv]*?(?:[#{]|--)|/*![sv]?[0-9]+|b(?:(?:binary|cha?r)[sv]*?([sv]*?[0-9]|(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between|r(?:egexp|like))[sv]+[0-9A-Z_a-z]+()|(?:|||&&)[sv]*?[0-9A-Z_a-z]+("]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z]["'`][sv]*?(?:(?:[+-=@|]+[sv]+?)+|[+-=@|]+)[(0-9]|@@[0-9A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]|[^0-9A-Z_a-z]!+["'`][0-9A-Z_a-z]|["'`](?:;[sv]*?(?:if|while|begin)|[sv0-9]+=[sv]*?[0-9])|[sv(]+case[0-9]*?[^0-9A-Z_a-z].+[tw]hen[sv(]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)["'`][sv]*?b(?:x?or|div|like|between|and)b[sv]*?["'`]?[0-9]|x5cx(?:2[37]|3d)|^(?:.?["'`]$|["'x5c`]*?(?:["'0-9`]+|[^"'`]+["'`])[sv]*?b(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)b[sv]*?["'0-9A-Z_-z][!&(-)+-.@])|[^sv0-9A-Z_a-z][0-9A-Z_a-z]+[sv]*?[-|][sv]*?["'`][sv]*?[0-9A-Z_a-z]|@(?:[0-9A-Z_a-z]+[sv]+(?:and|x?or|div|like|between)b[sv]*?["'0-9`]+|[-0-9A-Z_a-z]+[sv](?:and|x?or|div|like|between)b[sv]*?[^sv0-9A-Z_a-z])|[^sv0-:A-Z_a-z][sv]*?[0-9][^0-9A-Z_a-z]+[^sv0-9A-Z_a-z][sv]*?["'`].|[^0-9A-Z_a-z]information_schema|table_name[^0-9A-Z_a-z]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?["'`]|[0-9=]+x)|["'`](?:[sv]*?(?:[0-9][sv]*?(?:--|#)|is[sv]*?(?:[0-9].+["'`]?[0-9A-Z_a-z]|[.0-9]+[sv]*?[^0-9A-Z_a-z].*?["'`]))|[%-&<->^]+[0-9][sv]*?(?:=|x?or|div|like|between|and)|(?:[^0-9A-Z_a-z]+[+-0-9A-Z_a-z]+[sv]*?=[sv]*?[0-9][^0-9A-Z_a-z]+||?[-0-9A-Z_a-z]{3,}[^sv,.0-9A-Z_a-z]+)["'`]|[sv]*(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)(?:array[sv]*[|[0-9A-Z_a-z]+(?:[sv]*!?~|[sv]+(?:not[sv]+)?similar[sv]+to[sv]+)|(?:tru|fals)eb))|bexcept[sv]+(?:selectb|values[sv]*?()"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i:^[Wd]+s*?(?:alter|union)b)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|["'`][sv]+regexp[^0-9A-Z_a-z]|[^A-Z_a-z][sv]+asb[sv]*["'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:create[sv]+[0-9A-Z_a-z]+|(?:d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load|(?:renam|truncat)e|u(?:pdate|nion[sv]*(?:all|(?:sele|distin)ct))|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject)))b)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)["'`](?:[sv]*?(?:(?:*.+(?:x?or|div|like|between|(?:an|i)d)[^0-9A-Z_a-z]*?["'`]|(?:x?or|div|like|between|and)[sv][^0-9]+[-0-9A-Z_a-z]+.*?)[0-9]|[^sv0-9?A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]+[sv]*?["'`]|[^sv0-9A-Z_a-z]+[sv]*?[^A-Z_a-z].*?(?:#|--))|.*?*[sv]*?[0-9])|^["'`]|[%(-+-<>][-0-9A-Z_a-z]+[^sv0-9A-Z_a-z]+["'`][^,]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|["'][^=]{1,10}[ "'<-?[]+))|ex(?:ecute(?:(|[sv]{1,5}[$.0-9A-Z_a-z]{1,5}[sv]{0,3})|ists[sv]*?([sv]*?selectb)|(?:create[sv]+?table.{0,20}?|like[^0-9A-Z_a-z]*?char[^0-9A-Z_a-z]*?)()|select.*?case|from.*?limit|order[sv]by|exists[sv](?:[sv]select|s(?:elect[^sv](?:if(?:null)?[sv](|top|concat)|ystem[sv]()|bhavingb[sv]+[0-9]{1,10}|'[^=]{1,10}')"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|["'][^=]{1,10}["'])[sv]?[<->]+|[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|xorb[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|'[sv]+x?or[sv]+.{1,20}[!+-<->]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|["'][^=]{1,10}["']) ?[<->]+)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?("]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){12})"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i:b0x[a-fd]{3,})"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)["'`][sv]*?(?:(?:is[sv]+not|not[sv]+(?:like|glob|(?:betwee|i)n|null|regexp|match)|mod|div|sounds[sv]+like)b|[%-&*-+-/<->^|])"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^"]*?(?:"[^"]*?"[^"]*?)*?"|[^`]*?(?:`[^`]*?`[^`]*?)*?`)[sv]*([0-9A-Z_a-z]+)b"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ^(?:and|or)$"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ^.*?x5c['"`](?:.*?['"`])?s*(?:and|or)b"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@detectSQLi"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?i)W+d*?s*?bhavingbs*?[^s-]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ["'`][sd]*?[^ws]W*?dW*?.*?["'`d]"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){8})"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){6})"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx W{4}"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx (?:'(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)')"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ';"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){3})"]
-[http.middlewares.bad_bot_block_SQLI]
-  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
-    userAgent = ["@rx ((?:[~!@#$%^&*()-+={}[]|:;"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;"'´’‘`<>]*?){2})"]
+    userAgent = [
+      "@rx (?i)<script[^>]*>[sS]*?",
+      "@rx (?i)<BASE[s/+].*?href[s/+]*=",
+      "@rx (?i)<APPLET[s/+>]",
+      "@rx ((?:[[^]]*][^.]*.)|Reflect[^.]*.).*(?:map|sort|apply)[^.]*..*call[^`]*`.*`",
+      "@rx (?i:<style.*?>.*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))",
+      "@lt 4",
+      "@rx (?i)[\\"'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?=",
+      "@rx (?i)<LINK[s/+].*?href[s/+]*=",
+      "@lt 2",
+      "@detectXSS",
+      "@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)",
+      "@rx (?:xbcs*/s*[^xbe>]*[xbe>])|(?:<s*/s*[^xbe]*xbe)",
+      "@rx <[?]?import[s/+S]*?implementation[s/+]*?=",
+      "@rx (?i)<OBJECT[s/+].*?(?:type|codetype|classid|code|data)[s/+]*=",
+      "@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W",
+      "@contains -->",
+      "@rx (?i)[s\\"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]",
+      "@rx (?i:<META[s/+].*?charset[s/+]*=)",
+      "@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b",
+      "@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-",
+      "@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=",
+      "@rx {{.*?}}",
+      "@rx (?i)<[^0-9<>A-Z_a-z]*(?:[^sv\\"'<>]*:)?[^0-9<>A-Z_a-z]*[^0-9A-Z_a-z]*?(?:s[^0-9A-Z_a-z]*?(?:c[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?t|t[^0-9A-Z_a-z]*?y[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e|v[^0-9A-Z_a-z]*?g|e[^0-9A-Z_a-z]*?t[^0-9>A-Z_a-z])|f[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?m|m[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?q[^0-9A-Z_a-z]*?u[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?e|e[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?a[^0-9>A-Z_a-z])|(?:l[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?k|o[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?j[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?c[^0-9A-Z_a-z]*?t|e[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?d|a[^0-9A-Z_a-z]*?(?:p[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?t|u[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?o|n[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?e)|p[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m|i?[^0-9A-Z_a-z]*?f[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?e|b[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?s[^0-9A-Z_a-z]*?e|o[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?y|i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?s)|i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a?[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?e?|v[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?o)[^0-9>A-Z_a-z])|(?:<[0-9A-Z_a-z].*[sv/]|[\\"'](?:.*[sv/])?)(?:background|formaction|lowsrc|on(?:a(?:bort|ctivate|d(?:apteradded|dtrack)|fter(?:print|(?:scriptexecu|upda)te)|lerting|n(?:imation(?:cancel|end|iteration|start)|tennastatechange)|ppcommand|u(?:dio(?:end|process|start)|xclick))|b(?:e(?:fore(?:(?:(?:(?:de)?activa|scriptexecu)t|toggl)e|c(?:opy|ut)|editfocus|input|p(?:aste|rint)|u(?:nload|pdate))|gin(?:Event)?)|l(?:ocked|ur)|oun(?:ce|dary)|roadcast|usy)|c(?:a(?:(?:ch|llschang)ed|nplay(?:through)?|rdstatechange)|(?:ell|fstate)change|h(?:a(?:rging(?:time)?cha)?nge|ecking)|l(?:ick|ose)|o(?:m(?:mand(?:update)?|p(?:lete|osition(?:end|start|update)))|n(?:nect(?:ed|ing)|t(?:extmenu|rolselect))|py)|u(?:echange|t))|d(?:ata(?:(?:availabl|chang)e|error|setc(?:hanged|omplete))|blclick|e(?:activate|livery(?:error|success)|vice(?:found|light|(?:mo|orienta)tion|proximity))|i(?:aling|s(?:abled|c(?:hargingtimechange|onnect(?:ed|ing))))|o(?:m(?:a(?:ctivate|ttrmodified)|(?:characterdata|subtree)modified|focus(?:in|out)|mousescroll|node(?:inserted(?:intodocument)?|removed(?:fromdocument)?))|wnloading)|r(?:ag(?:drop|e(?:n(?:d|ter)|xit)|(?:gestur|leav)e|over|start)|op)|urationchange)|e(?:mptied|n(?:abled|d(?:ed|Event)?|ter)|rror(?:update)?|xit)|f(?:ailed|i(?:lterchange|nish)|o(?:cus(?:in|out)?|rm(?:change|input))|ullscreenchange)|g(?:amepad(?:axismove|button(?:down|up)|(?:dis)?connected)|et)|h(?:ashchange|e(?:adphoneschange|l[dp])|olding)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|put|valid))|key(?:down|press|up)|l(?:evelchange|o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|y)|m(?:ark|essage|o(?:use(?:down|enter|(?:lea|mo)ve|o(?:ut|ver)|up|wheel)|ve(?:end|start)?|z(?:a(?:fterpaint|udioavailable)|(?:beforeresiz|orientationchang|t(?:apgestur|imechang))e|(?:edgeui(?:c(?:ancel|omplet)|start)e|network(?:down|up)loa)d|fullscreen(?:change|error)|m(?:agnifygesture(?:start|update)?|ouse(?:hittest|pixelscroll))|p(?:ointerlock(?:change|error)|resstapgesture)|rotategesture(?:start|update)?|s(?:crolledareachanged|wipegesture(?:end|start|update)?))))|no(?:match|update)|o(?:(?:bsolet|(?:ff|n)lin)e|pen|verflow(?:changed)?)|p(?:a(?:ge(?:hide|show)|int|(?:st|us)e)|lay(?:ing)?|o(?:inter(?:down|enter|(?:(?:lea|mo)v|rawupdat)e|o(?:ut|ver)|up)|p(?:state|up(?:hid(?:den|ing)|show(?:ing|n))))|ro(?:gress|pertychange))|r(?:atechange|e(?:adystatechange|ceived|movetrack|peat(?:Event)?|quest|s(?:et|ize|u(?:lt|m(?:e|ing)))|trieving)|ow(?:e(?:nter|xit)|s(?:delete|inserted)))|s(?:croll(?:end)?|e(?:arch|ek(?:complete|ed|ing)|lect(?:ionchange|start)?|n(?:ding|t)|t)|how|(?:ound|peech)(?:end|start)|t(?:a(?:lled|rt|t(?:echange|uschanged))|k(?:comma|sessione)nd|op)|u(?:bmit|ccess|spend)|vg(?:abort|error|(?:un)?load|resize|scroll|zoom))|t(?:ext|ime(?:out|update)|o(?:ggle|uch(?:cancel|en(?:d|ter)|(?:lea|mo)ve|start))|ransition(?:cancel|end|run|start))|u(?:n(?:derflow|handledrejection|load)|p(?:dateready|gradeneeded)|s(?:erproximity|sdreceived))|v(?:ersion|o(?:ic|lum)e)change|w(?:a(?:it|rn)ing|ebkit(?:animation(?:end|iteration|start)|transitionend)|heel)|zoom)|ping|s(?:rc|tyle))[x08-nf-r ]*?=",
+      "@rx (?i)<EMBED[s/+].*?(?:src|type).*?=",
+      "@rx ![!+ ][]",
+      "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122",
+      "@lt 3",
+      "@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[",
+      "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa)[sv]*(",
+      "@rx (?i:[\\"'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)",
+      "@rx (?i:<META[s/+].*?http-equiv[s/+]*=[s/+]*[\\"'`]?(?:(?:c|&#x?0*(?:67|43|99|63);?)|(?:r|&#x?0*(?:82|52|114|72);?)|(?:s|&#x?0*(?:83|53|115|73);?)))",
+      "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).",
+      "@rx (?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url(javascript",
+      "@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)",
+      "@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe",
+      "@lt 1",
+      "@rx (?i)(?:v|&#(?:0*8|x0*5)[36];)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*6[26]|x0*(?:98|42));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).",
+      "@rx (?i)(?:W|^)(?:javascript:(?:[sS]+[=x5c([.<]|[sS]*?(?:bnameb|x5c[ux]d))|data:(?:(?:[a-z]w+/w[w+-]+w)?[;,]|[sS]*?;[sS]*?b(?:base64|charset=)|[sS]*?,[sS]*?<[sS]*?w[sS]*?>))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[\\"']|W*?uW*?rW*?l[sS]*?()|[^-]*?-W*?mW*?oW*?zW*?-W*?bW*?iW*?nW*?dW*?iW*?nW*?g[^:]*?:W*?uW*?rW*?l[sS]*?("
+    ]
+
+[http.middlewares.bad_bot_block_SQLI]
+  [http.middlewares.bad_bot_block_SQLI.plugin.badbot]
+    userAgent = [
+      "@rx (?i)[\\"'`][sv]*?(?:(?:is[sv]+not|not[sv]+(?:like|glob|(?:betwee|i)n|null|regexp|match)|mod|div|sounds[sv]+like)b|[%-&*-+-/<->^|])",
+      "@rx (?i:sleep(s*?d*?s*?)|benchmark(.*?,.*?))",
+      "@rx ^(?:[^']*'|[^\\"]*\\"|[^`]*`)[sv]*;",
+      "@rx /*!?|*/|[';]--|--(?:[sv]|[^-]*?-)|[^&-]#.*?[sv]|;?x00",
+      "@rx ^(?:and|or)$",
+      "@detectSQLi",
+      "@rx (?i:^[Wd]+s*?(?:alter|union)b)",
+      "@rx (?i)(?:select|;)[sv]+(?:benchmark|if|sleep)[sv]*?([sv]*?(?[sv]*?[0-9A-Z_a-z]+",
+      "@rx (?i)[sv\\"'-)`]*?b([0-9A-Z_a-z]+)b[sv\\"'-)`]*?(?:=|<=>|(?:sounds[sv]+)?like|glob|r(?:like|egexp))[sv\\"'-)`]*?b([0-9A-Z_a-z]+)b",
+      "@rx (?i:/*[!+](?:[ws=_-()]+)?*/)",
+      "@rx (?i)union.*?select.*?from",
+      "@rx (?i)create[sv]+(?:function|procedure)[sv]*?[0-9A-Z_a-z]+[sv]*?([sv]*?)[sv]*?-|d(?:eclare[^0-9A-Z_a-z]+[#@][sv]*?[0-9A-Z_a-z]+|iv[sv]*?([+-]*[sv.0-9]+,[+-]*[sv.0-9]+))|exec[sv]*?([sv]*?@|(?:lo_(?:impor|ge)t|procedure[sv]+analyse)[sv]*?(|;[sv]*?(?:declare|open)[sv]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[sv]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)",
+      "@rx (?i:merge.*?usings*?(|executes*?immediates*?[\\"'`]|matchs*?[w(),+-]+s*?againsts*?()",
+      "@rx (?:`(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)`)",
+      "@rx ((?:[~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>]*?){3})",
+      "@rx ((?:[~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>]*?){8})",
+      "@lt 4",
+      "@rx (?i)in[sv]*?(+[sv]*?select|(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)[sv+0-9A-Z_a-z]+(?:regexp[sv]*?(|sounds[sv]+like[sv]*?[\\"'`]|[0-9=]+x)|[\\"'`](?:[sv]*?(?:[0-9][sv]*?(?:--|#)|is[sv]*?(?:[0-9].+[\\"'`]?[0-9A-Z_a-z]|[.0-9]+[sv]*?[^0-9A-Z_a-z].*?[\\"'`]))|[%-&<->^]+[0-9][sv]*?(?:=|x?or|div|like|between|and)|(?:[^0-9A-Z_a-z]+[+-0-9A-Z_a-z]+[sv]*?=[sv]*?[0-9][^0-9A-Z_a-z]+||?[-0-9A-Z_a-z]{3,}[^sv,.0-9A-Z_a-z]+)[\\"'`]|[sv]*(?:(?:(?i:N)?AND|(?i:X)?(?i:X)?OR|DIV|LIKE|BETWEEN|NOT)[sv]+|(?:|||&&)[sv]*)(?:array[sv]*[|[0-9A-Z_a-z]+(?:[sv]*!?~|[sv]+(?:not[sv]+)?similar[sv]+to[sv]+)|(?:tru|fals)eb))|bexcept[sv]+(?:selectb|values[sv]*?()",
+      "@rx (?i:b0x[a-fd]{3,})",
+      "@rx (?i)b(?:json(?:_[0-9A-Z_a-z]+)?|a(?:bs|(?:cos|sin)h?|tan[2h]?|vg)|c(?:eil(?:ing)?|h(?:a(?:nges|r(?:set)?)|r)|o(?:alesce|sh?|unt)|ast)|d(?:e(?:grees|fault)|a(?:te|y))|exp|f(?:loor(?:avg)?|ormat|ield)|g(?:lob|roup_concat)|h(?:ex|our)|i(?:f(?:null)?|if|n(?:str)?)|l(?:ast(?:_insert_rowid)?|ength|ike(?:l(?:ihood|y))?|n|o(?:ad_extension|g(?:10|2)?|wer(?:pi)?|cal)|trim)|m(?:ax|in(?:ute)?|o(?:d|nth))|n(?:ullif|ow)|p(?:i|ow(?:er)?|rintf|assword)|quote|r(?:a(?:dians|ndom(?:blob)?)|e(?:p(?:lace|eat)|verse)|ound|trim|ight)|s(?:i(?:gn|nh?)|oundex|q(?:lite_(?:compileoption_(?:get|used)|offset|source_id|version)|rt)|u(?:bstr(?:ing)?|m)|econd|leep)|t(?:anh?|otal(?:_changes)?|r(?:im|unc)|ypeof|ime)|u(?:n(?:icode|likely)|(?:pp|s)er)|zeroblob|bin|v(?:alues|ersion)|week|year)[^0-9A-Z_a-z]*(",
+      "!@streq %{TX.2}",
+      "@rx ';",
+      "@rx (?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?",
+      "@lt 2",
+      "@rx ^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$",
+      "@rx (?i)!=|&&||||>[=->]|<(?:<|=>?|>(?:[sv]+binary)?)|b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[\\"'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[sv]*()|r(?:egexp|like)[sv]+binary|not[sv]+between[sv]+(?:0[sv]+and|(?:'[^']*'|\\"[^\\"]*\\")[sv]+and[sv]+(?:'[^']*'|\\"[^\\"]*\\"))|is[sv]+null|like[sv]+(?:null|[0-9A-Z_a-z]+[sv]+escapeb)|(?:^|[^0-9A-Z_a-z])in[sv+]*([sv\\"0-9]+[^(-)]*)|[!<->]{1,2}[sv]*allb",
+      "@rx (?i)bandb(?:[sv]+(?:[0-9]{1,10}[sv]*?[<->]|'[^=]{1,10}')| ?(?:[0-9]{1,10}|[\\"'][^=]{1,10}[\\"']) ?[<->]+)",
+      "@rx (?i)(?:([sv]*?select[sv]*?[0-9A-Z_a-z]+|coalesce|order[sv]+by[sv]+if[0-9A-Z_a-z]*?)[sv]*?(|*/from|+[sv]*?[0-9]+[sv]*?+[sv]*?@|[0-9A-Z_a-z][\\"'`][sv]*?(?:(?:[+-=@|]+[sv]+?)+|[+-=@|]+)[(0-9]|@@[0-9A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]|[^0-9A-Z_a-z]!+[\\"'`][0-9A-Z_a-z]|[\\"'`](?:;[sv]*?(?:if|while|begin)|[sv0-9]+=[sv]*?[0-9])|[sv(]+case[0-9]*?[^0-9A-Z_a-z].+[tw]hen[sv(]",
+      "@rx (?:'(?:(?:[ws=_-+{}()<@]){2,29}|(?:[A-Za-z0-9+/]{4})+(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)')",
+      "@rx W{4}",
+      "@rx (?i)b(?:a(?:(?:b|co)s|dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:in|cii(?:str)?)|tan2?|vg)|b(?:enchmark|i(?:n(?:_to_num)?|t_(?:and|count|length|x?or)))|c(?:ast|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|o(?:alesce|ercibility|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|(?:un)?t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|time(?:stamp)?|user)))|d(?:a(?:t(?:abase|e(?:_(?:add|format|sub)|diff)?)|y(?:name|of(?:month|week|year))?)|count|e(?:code|(?:faul|s_(?:de|en)cryp)t|grees)|ump)|e(?:lt|nc(?:ode|rypt)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:eld(?:_in_set)?|nd_in_set)|loor|o(?:rmat|und_rows)|rom_(?:base64|days|unixtime))|g(?:et_(?:format|lock)|r(?:eates|oup_conca)t)|h(?:ex(?:toraw)?|our)|i(?:f(?:null)?|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)?|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull))|null)?)|l(?:ast(?:_(?:day|insert_id))?|case|e(?:(?:as|f)t|ngth)|n|o(?:ad_file|ca(?:l(?:timestamp)?|te)|g(?:10|2)?|wer)|pad|trim)|m(?:a(?:ke(?:date|_set)|ster_pos_wait|x)|d5|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:d|nth(?:name)?))|n(?:ame_const|o(?:t_in|w)|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:assword|eriod_(?:add|diff)|g_sleep|i|o(?:sition|w(?:er)?)|rocedure_analyse)|qu(?:arter|ote)|r(?:a(?:dians|nd|wto(?:hex|nhex(?:toraw)?))|e(?:lease_lock|p(?:eat|lace)|verse)|ight|o(?:und|w_count)|pad|trim)|s(?:chema|e(?:c(?:ond|_to_time)|ssion_user)|ha[1-2]?|ig?n|leep|oundex|pace|qrt|t(?:d(?:dev(?:_(?:po|sam)p)?)?|r(?:cmp|_to_date))|u(?:b(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|m)|ys(?:date|tem_user))|t(?:an|ime(?:diff|_(?:format|to_sec)|stamp(?:add|diff)?)?|o_(?:base64|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|ix_timestamp)|p(?:datexml|per)|ser|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|v(?:a(?:lues|r(?:iance|_(?:po|sam)p))|ersion)|we(?:ek(?:day|ofyear)?|ight_string)|xmltype|year(?:week)?)[^0-9A-Z_a-z]*?(",
+      "@rx [\\"'`][sd]*?[^ws]W*?dW*?.*?[\\"'`d]",
+      "@rx (?i)W+d*?s*?bhavingbs*?[^s-]",
+      "@rx (?i)[\\"'`](?:[sv]*![sv]*[\\"'0-9A-Z_-z]|;?[sv]*(?:having|select|unionb[sv]*(?:all|(?:distin|sele)ct))b[sv]*[^sv])|b(?:(?:(?:c(?:onnection_id|urrent_user)|database|schema|user)[sv]*?|select.*?[0-9A-Z_a-z]?user)(|exec(?:ute)?[sv]+master.|from[^0-9A-Z_a-z]+information_schema[^0-9A-Z_a-z]|into[sv+]+(?:dump|out)file[sv]*?[\\"'`]|union(?:[sv]select[sv]@|[sv(0-9A-Z_a-z]*?select))|[sv]*?exec(?:ute)?.*?[^0-9A-Z_a-z]xp_cmdshell|[^0-9A-Z_a-z]iif[sv]*?(",
+      "@rx (?i)b(?:(?:d(?:bms_[0-9A-Z_a-z]+.|eleteb[^0-9A-Z_a-z]*?bfrom)|(?:groupb.*?bbyb.{1,100}?bhav|overlayb[^0-9A-Z_a-z]*?(.*?b[^0-9A-Z_a-z]*?plac)ing|in(?:nerb[^0-9A-Z_a-z]*?bjoin|sertb[^0-9A-Z_a-z]*?binto|tob[^0-9A-Z_a-z]*?b(?:dump|out)file)|loadb[^0-9A-Z_a-z]*?bdatab.*?binfile|s(?:electb.{1,100}?b(?:(?:.*?bdumpb.*|(?:count|length)b.{1,100}?)bfrom|(?:data_typ|fromb.{1,100}?bwher)e|instr|to(?:_(?:cha|numbe)r|pb.{1,100}?bfrom))|ys_context)|u(?:nionb.{1,100}?bselect|tl_inaddr))b|printb[^0-9A-Z_a-z]*?@@)|(?:collation[^0-9A-Z_a-z]*?(a|@@version|;[^0-9A-Z_a-z]*?b(?:drop|shutdown))b|'(?:dbo|msdasql|s(?:a|qloledb))'",
+      "@rx (?i),.*?[\\"')0-9`-f][\\"'`](?:[\\"'`].*?[\\"'`]|(?:r?n)?z|[^\\"'`]+)|[^0-9A-Z_a-z]select.+[^0-9A-Z_a-z]*?from|(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]*?([sv]*?space[sv]*?(",
+      "@rx (?i)[sv(-)]case[sv]+when.*?then|)[sv]*?like[sv]*?(|select.*?having[sv]*?[^sv]+[sv]*?[^sv0-9A-Z_a-z]|if[sv]?([0-9A-Z_a-z]+[sv]*?[<->~]",
+      "@rx (?i)1.e[(-),]",
+      "@rx (?i)b(?:orb(?:[sv]?(?:[0-9]{1,10}|[\\"'][^=]{1,10}[\\"'])[sv]?[<->]+|[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|xorb[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')(?:[sv]*?[<->])?)|'[sv]+x?or[sv]+.{1,20}[!+-<->]",
+      "@rx ((?:[~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>]*?){6})",
+      "@rx (?i)^(?:[^']*?(?:'[^']*?'[^']*?)*?'|[^\\"]*?(?:\\"[^\\"]*?\\"[^\\"]*?)*?\\"|[^`]*?(?:`[^`]*?`[^`]*?)*?`)[sv]*([0-9A-Z_a-z]+)b",
+      "@streq %{TX.2}",
+      "@rx (?i))[sv]*?when[sv]*?[0-9]+[sv]*?then|[\\"'`][sv]*?(?:[#{]|--)|/*![sv]?[0-9]+|b(?:(?:binary|cha?r)[sv]*?([sv]*?[0-9]|(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between|r(?:egexp|like))[sv]+[0-9A-Z_a-z]+()|(?:|||&&)[sv]*?[0-9A-Z_a-z]+(",
+      "@rx (?i)[\\"'`][sv]*?b(?:x?or|div|like|between|and)b[sv]*?[\\"'`]?[0-9]|x5cx(?:2[37]|3d)|^(?:.?[\\"'`]$|[\\"'x5c`]*?(?:[\\"'0-9`]+|[^\\"'`]+[\\"'`])[sv]*?b(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)b[sv]*?[\\"'0-9A-Z_-z][!&(-)+-.@])|[^sv0-9A-Z_a-z][0-9A-Z_a-z]+[sv]*?[-|][sv]*?[\\"'`][sv]*?[0-9A-Z_a-z]|@(?:[0-9A-Z_a-z]+[sv]+(?:and|x?or|div|like|between)b[sv]*?[\\"'0-9`]+|[-0-9A-Z_a-z]+[sv](?:and|x?or|div|like|between)b[sv]*?[^sv0-9A-Z_a-z])|[^sv0-:A-Z_a-z][sv]*?[0-9][^0-9A-Z_a-z]+[^sv0-9A-Z_a-z][sv]*?[\\"'`].|[^0-9A-Z_a-z]information_schema|table_name[^0-9A-Z_a-z]",
+      "@rx (?i)b(?:havingb(?:[sv]+(?:[0-9]{1,10}|'[^=]{1,10}')[sv]*?[<->]| ?(?:[0-9]{1,10} ?[<->]+|[\\"'][^=]{1,10}[ \\"'<-?[]+))|ex(?:ecute(?:(|[sv]{1,5}[$.0-9A-Z_a-z]{1,5}[sv]{0,3})|ists[sv]*?([sv]*?selectb)|(?:create[sv]+?table.{0,20}?|like[^0-9A-Z_a-z]*?char[^0-9A-Z_a-z]*?)()|select.*?case|from.*?limit|order[sv]by|exists[sv](?:[sv]select|s(?:elect[^sv](?:if(?:null)?[sv](|top|concat)|ystem[sv]()|bhavingb[sv]+[0-9]{1,10}|'[^=]{1,10}')",
+      "@rx (?i)b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)b[sv]*(?|end[sv]*?);)|[sv(]load_file[sv]*?(|[\\"'`][sv]+regexp[^0-9A-Z_a-z]|[\\"'0-9A-Z_-z][sv]+asb[sv]*[\\"'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:(?:(?:(?:cre|trunc)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[sv]+[0-9A-Z_a-z]+|u(?:pdate[sv]+[0-9A-Z_a-z]+|nion[sv]*(?:all|(?:sele|distin)ct)b)|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject))b)",
+      "@rx ((?:[~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>]*?){12})",
+      "@rx ^.*?x5c['\\"`](?:.*?['\\"`])?s*(?:and|or)b",
+      "@lt 3",
+      "@rx (?i)create[sv]+function[sv].+[sv]returns|;[sv]*?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)b[sv]*?[([]?[0-9A-Z_a-z]{2,}",
+      "@rx (?i)[\\"'`][sv]*?(?:(?:and|n(?:and|ot)|(?:xx?)?or|div|like|between||||&&)[sv]+[sv0-9A-Z_a-z]+=[sv]*?[0-9A-Z_a-z]+[sv]*?having[sv]+|like[^0-9A-Z_a-z]*?[\\"'0-9`])|[0-9A-Z_a-z][sv]+like[sv]+[\\"'`]|like[sv]*?[\\"'`]%|select[sv]+?[sv\\"'-),-.0-9A-[]_-z]+from[sv]+",
+      "@rx (?i)(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[sv]+(?:char|group_concat|load_file)[sv]?(?|end[sv]*?);|[sv(]load_file[sv]*?(|[\\"'`][sv]+regexp[^0-9A-Z_a-z]|[^A-Z_a-z][sv]+asb[sv]*[\\"'0-9A-Z_-z]+[sv]*bfrom|^[^A-Z_a-z]+[sv]*?(?:create[sv]+[0-9A-Z_a-z]+|(?:d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load|(?:renam|truncat)e|u(?:pdate|nion[sv]*(?:all|(?:sele|distin)ct))|alter[sv]*(?:a(?:(?:ggregat|pplication[sv]*rol)e|s(?:sembl|ymmetric[sv]*ke)y|u(?:dit|thorization)|vailability[sv]*group)|b(?:roker[sv]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[sv]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[sv]*group|in)))|m(?:a(?:s(?:k|ter[sv]*key)|terialized)|e(?:ssage[sv]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[sv]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[sv]*schema|srobject)))b)",
+      "@rx (?i)b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*(|(?:information_schema|m(?:aster..sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql.db)|northwind|pg_(?:catalog|toast)|tempdb)b|s(?:chema(?:_nameb|[^0-9A-Z_a-z]*()|(?:qlite_(?:temp_)?master|ys(?:aux|.database_name))b))",
+      "@rx (?i)(?:/*)+[\\"'`]+[sv]?(?:--|[#{]|/*)?|[\\"'`](?:[sv]*(?:(?:x?or|and|div|like|between)[sv-0-9A-Z_a-z]+[(-)+--<->][sv]*[\\"'0-9`]|[!=|](?:[sv -!+-0-9=]+.*?[\\"'-(`].*?|[sv -!0-9=]+.*?[0-9]+)$|(?:like|print)[^0-9A-Z_a-z]+[\\"'-(0-9A-Z_-z]|;)|(?:[<>~]+|[sv]*[^sv0-9A-Z_a-z]?=[sv]*|[^0-9A-Z_a-z]*?[+=]+[^0-9A-Z_a-z]*?)[\\"'`])|[0-9][\\"'`][sv]+[\\"'`][sv]+[0-9]|^admin[sv]*?[\\"'`]|[sv\\"'-(`][sv]*?glob[^0-9A-Z_a-z]+[\\"'-(0-9A-Z_-z]|[sv]is[sv]*?0[^0-9A-Z_a-z]|where[sv][sv,-.0-9A-Z_a-z]+[sv]=",
+      "@rx (?i)[\\"'`](?:[sv]*?(?:(?:*.+(?:x?or|div|like|between|(?:an|i)d)[^0-9A-Z_a-z]*?[\\"'`]|(?:x?or|div|like|between|and)[sv][^0-9]+[-0-9A-Z_a-z]+.*?)[0-9]|[^sv0-9?A-Z_a-z]+[sv]*?[^sv0-9A-Z_a-z]+[sv]*?[\\"'`]|[^sv0-9A-Z_a-z]+[sv]*?[^A-Z_a-z].*?(?:#|--))|.*?*[sv]*?[0-9])|^[\\"'`]|[%(-+-<>][-0-9A-Z_a-z]+[^sv0-9A-Z_a-z]+[\\"'`][^,]",
+      "@rx (?i)(?:&&||||and|between|div|like|n(?:and|ot)|(?:xx?)?or)[sv(]+[0-9A-Z_a-z]+[sv)]*?[!+=]+[sv0-9]*?[\\"'-)=`]|[0-9](?:[sv]*?(?:and|between|div|like|x?or)[sv]*?[0-9]+[sv]*?[+-]|[sv]+group[sv]+by.+()|/[0-9A-Z_a-z]+;?[sv]+(?:and|between|div|having|like|x?or|select)[^0-9A-Z_a-z]|(?:[#;]|--)[sv]*?(?:alter|drop|(?:insert|update)[sv]*?[0-9A-Z_a-z]{2,})|@.+=[sv]*?([sv]*?select|[^0-9A-Z_a-z]SET[sv]*?@[0-9A-Z_a-z]+",
+      "@rx [\\"'`][[{].*[]}][\\"'`].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|?[&|]?|#>>?|[<>]|<-)[\\"'`][[{].*[]}][\\"'`]|json_extract.*(.*)",
+      "@rx (?i)alter[sv]*?[0-9A-Z_a-z]+.*?char(?:acter)?[sv]+set[sv]+[0-9A-Z_a-z]+|[\\"'`](?:;*?[sv]*?waitfor[sv]+(?:time|delay)[sv]+[\\"'`]|;.*?:[sv]*?goto)",
+      "@rx ((?:[~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>][^~!@#$%^&*()-+={}[]|:;\\"'´’‘`<>]*?){2})",
+      "@rx (?:^s*[\\"'`;]+|[\\"'`]+s*$)",
+      "!@rx ^ey[-0-9A-Z_a-z]+.ey[-0-9A-Z_a-z]+.[-0-9A-Z_a-z]+$",
+      "@lt 1",
+      "@rx (?i)autonomous_transaction|(?:current_use|n?varcha|tbcreato)r|db(?:a_users|ms_java)|open(?:owa_util|query|rowset)|s(?:p_(?:(?:addextendedpro|sqlexe)c|execute(?:sql)?|help|is_srvrolemember|makewebtask|oacreate|p(?:assword|repare)|replwritetovarbin)|ql_(?:longvarchar|variant))|utl_(?:file|http)|xp_(?:availablemedia|(?:cmdshel|servicecontro)l|dirtree|e(?:numdsn|xecresultset)|filelist|loginconfig|makecab|ntsec(?:_enumdomains)?|reg(?:addmultistring|delete(?:key|value)|enum(?:key|value)s|re(?:ad|movemultistring)|write)|terminate(?:_process)?)",
+      "@rx (?i)select[sv]*?pg_sleep|waitfor[sv]*?delay[sv]?[\\"'`]+[sv]?[0-9]|;[sv]*?shutdown[sv]*?(?:[#;{]|/*|--)",
+      "@rx (?i)[sv\\"'-)`]*?b([0-9A-Z_a-z]+)b[sv\\"'-)`]*?(?:![<->]|<[=->]?|>=?|^|is[sv]+not|not[sv]+(?:like|r(?:like|egexp)))[sv\\"'-)`]*?b([0-9A-Z_a-z]+)b",
+      "@rx (?i)b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[1-2]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*("
+    ]
+
 [http.middlewares.bad_bot_block_FIXATION]
   [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@rx ^(?:ht|f)tps?://(.*?)/"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["!@endsWith %{request_headers.host}"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_FIXATION]
-  [http.middlewares.bad_bot_block_FIXATION.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@lt 2",
+      "@lt 3",
+      "!@endsWith %{request_headers.host}",
+      "@eq 0",
+      "@lt 1",
+      "@rx ^(?:ht|f)tps?://(.*?)/",
+      "@lt 4",
+      "@rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)",
+      "@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$"
+    ]
+
 [http.middlewares.bad_bot_block_JAVA]
   [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx java.lang.(?:runtime|processbuilder)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:runtime|processbuilder)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:unmarshaller|base64data|java.)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:runtime|processbuilder)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@pmFromFile java-classes.data"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx .*.(?:jsp|jspx).*$"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx xacxedx00x05"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:rO0ABQ|KztAAU|Cs7QAF)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx javab.+(?:runtime|processbuilder)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)"]
+    userAgent = [
+      "@rx (?:rO0ABQ|KztAAU|Cs7QAF)",
+      "@rx java.lang.(?:runtime|processbuilder)",
+      "@rx xacxedx00x05",
+      "@pmFromFile java-classes.data",
+      "@lt 4",
+      "@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)",
+      "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)",
+      "@rx (?:runtime|processbuilder)",
+      "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)",
+      "@lt 2",
+      "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)",
+      "@rx .*.(?:jsp|jspx).*$",
+      "@pmFromFile java-errors.data",
+      "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)",
+      "@lt 3",
+      "@rx (?i)(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|&dollar;?)(?:{|&l(?:brace|cub);?)|jndi|ctx)",
+      "@pmFromFile java-code-leakages.data",
+      "@rx javab.+(?:runtime|processbuilder)",
+      "@lt 1",
+      "@rx (?:unmarshaller|base64data|java.)"
+    ]
+
 [http.middlewares.bad_bot_block_EVALUATION]
   [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge %{tx.inbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge %{tx.inbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@ge 3",
+      "@ge %{tx.inbound_anomaly_score_threshold}",
+      "@lt 2",
+      "@lt 3",
+      "@ge %{tx.outbound_anomaly_score_threshold}",
+      "@ge 4",
+      "@ge 1",
+      "@eq 1",
+      "@lt 1",
+      "@ge 2",
+      "@lt 4"
+    ]
+
 [http.middlewares.bad_bot_block_LEAKAGES]
   [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@rx ^#!s?/"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@rx ^5d{2}$"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_LEAKAGES]
-  [http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)",
+      "@lt 4",
+      "@lt 2",
+      "@rx ^5d{2}$",
+      "@lt 1",
+      "@lt 3",
+      "@rx ^#!s?/"
+    ]
+
 [http.middlewares.bad_bot_block_SQL]
   [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["!@pmFromFile sql-errors.data"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)Dynamic SQL Error"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)Exception (?:condition )?d+. Transaction rollback."]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)org.hsqldb.jdbc"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_SQL]
-  [http.middlewares.bad_bot_block_SQL.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@pmFromFile java-code-leakages.data"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@pmFromFile java-errors.data"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_JAVA]
-  [http.middlewares.bad_bot_block_JAVA.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-errors.data"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@rx (?i)<?(?:=|php)?s+"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@pmFromFile php-errors-pl2.data"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_PHP]
-  [http.middlewares.bad_bot_block_PHP.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx (?i)Dynamic SQL Error",
+      "@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)",
+      "@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)",
+      "!@pmFromFile sql-errors.data",
+      "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)",
+      "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)",
+      "@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)",
+      "@lt 4",
+      "@lt 2",
+      "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er",
+      "@rx (?i)org.hsqldb.jdbc",
+      "@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()",
+      "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)",
+      "@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)",
+      "@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):",
+      "@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])",
+      "@rx (?i)Exception (?:condition )?d+. Transaction rollback.",
+      "@lt 3",
+      "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)",
+      "@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)",
+      "@lt 1"
+    ]
+
 [http.middlewares.bad_bot_block_IIS]
   [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@rx [a-z]:x5cinetpubb"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@pmFromFile iis-errors.data"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["!@rx ^404$"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@rx bServer Error in.{0,50}?bApplicationb"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_IIS]
-  [http.middlewares.bad_bot_block_IIS.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)",
+      "@pmFromFile iis-errors.data",
+      "@rx bServer Error in.{0,50}?bApplicationb",
+      "@lt 2",
+      "@lt 1",
+      "@lt 3",
+      "@lt 4",
+      "@rx [a-z]:x5cinetpubb",
+      "!@rx ^404$"
+    ]
+
 [http.middlewares.bad_bot_block_SHELLS]
   [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@pmFromFile web-shells-php.data"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>Mini Shell</title>.*Developed By LameHacker"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>Symlink_Sa [0-9.]+</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>CasuS [0-9.]+ by MafiABoY</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>lama's'hell v. [0-9.]+</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html>n<head>n<div align="left"><font size="1">Input command :</font></div>n<form name="cmd" method="POST" enctype="multipart/form-data">"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html>n<head>n<title>Ru24PostWebShell -"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html>rn<head>rn<meta http-equiv="Content-Type" content="text/html; charset=gb2312">rn<title>PhpSpy Ver [0-9]+</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@contains <title>punkholicshell</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href="]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@contains <h1 style="margin-bottom: 0">webadmin.php</h1>"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_SHELLS]
-  [http.middlewares.bad_bot_block_SHELLS.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge %{tx.outbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@eq 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@ge %{tx.outbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_EVALUATION]
-  [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -",
+      "@rx <title>lama's'hell v. [0-9.]+</title>",
+      "@pmFromFile web-shells-php.data",
+      "@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)",
+      "@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>",
+      "@rx <title>Symlink_Sa [0-9.]+</title>",
+      "@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->",
+      "@lt 4",
+      "@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+",
+      "@contains <title>punkholicshell</title>",
+      "@lt 2",
+      "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>",
+      "@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>",
+      "@rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+",
+      "@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>",
+      "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=",
+      "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>",
+      "@rx <title>CasuS [0-9.]+ by MafiABoY</title>",
+      "@rx ^<html>n<head>n<title>Ru24PostWebShell -",
+      "@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>",
+      "@rx ^<html>rn<head>rn<meta http-equiv=\\"Content-Type\\" content=\\"text/html; charset=gb2312\\">rn<title>PhpSpy Ver [0-9]+</title>",
+      "@lt 3",
+      "@rx ^<html>n<head>n<div align=\\"left\\"><font size=\\"1\\">Input command :</font></div>n<form name=\\"cmd\\" method=\\"POST\\" enctype=\\"multipart/form-data\\">",
+      "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$",
+      "@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -",
+      "@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>",
+      "@lt 1",
+      "@contains <h1 style=\\"margin-bottom: 0\\">webadmin.php</h1>",
+      "@rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>",
+      "@rx <title>Mini Shell</title>.*Developed By LameHacker"
+    ]
+
 [http.middlewares.bad_bot_block_CORRELATION]
   [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@ge 5"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@eq 0"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@ge %{tx.inbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@ge %{tx.outbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@ge %{tx.inbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@ge %{tx.outbound_anomaly_score_threshold}"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@gt 0"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 1"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 2"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 3"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 4"]
-[http.middlewares.bad_bot_block_CORRELATION]
-  [http.middlewares.bad_bot_block_CORRELATION.plugin.badbot]
-    userAgent = ["@lt 4"]
+    userAgent = [
+      "@ge %{tx.inbound_anomaly_score_threshold}",
+      "@lt 2",
+      "@ge %{tx.outbound_anomaly_score_threshold}",
+      "@eq 0",
+      "@ge 5",
+      "@lt 1",
+      "@lt 3",
+      "@lt 4",
+      "@gt 0"
+    ]
+