Delete waf_patterns/caddy directory

waf_patterns/caddy/README.md

@@ -1 +0,0 @@
-

waf_patterns/caddy/attack.conf

@@ -1,4 +0,0 @@
-@block_attack {
-    path_regexp attack "(?i)(@lt 1|@lt 1|@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d|@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w|@rx (?:bhttp/d|<(?:html|meta)b)|@rx [nr]|@rx [nr]|@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:|@rx [nr]|@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)|@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)|@rx unix:[^|]*||@lt 2|@lt 2|@rx [nr]|@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b|@lt 3|@lt 3|@gt 0|@rx .|@gt 1|@rx TX:paramcounter_(.*)|@rx (][^]]+$|][^]]+[)|@lt 4|@lt 4|@rx [|!@eq 0|!@within |%{tx.allowed_request_content_type_charset}||@rx ^content-types*:s*(.*)$|!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$|@rx content-transfer-encoding:(.*))"
-}
-respond @block_attack 403

waf_patterns/caddy/correlation.conf

@@ -1,4 +0,0 @@
-@block_correlation {
-    path_regexp correlation "(?i)(@eq 0|@ge 5|@eq 0|@ge %{tx.inbound_anomaly_score_threshold}|@ge %{tx.outbound_anomaly_score_threshold}|@lt 2|@ge %{tx.inbound_anomaly_score_threshold}|@ge %{tx.outbound_anomaly_score_threshold}|@lt 3|@gt 0|@lt 4|@lt 1|@lt 1|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_correlation 403

waf_patterns/caddy/detection.conf

@@ -1,4 +0,0 @@
-@block_detection {
-    path_regexp detection "(?i)(@lt 1|@lt 1|@pmFromFile scanners-user-agents.data|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_detection 403

waf_patterns/caddy/enforcement.conf

@@ -1,4 +0,0 @@
-@block_enforcement {
-    path_regexp enforcement "(?i)(@lt 1|@lt 1|!@within %{tx.allowed_methods}|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4|@lt 1|@lt 1|!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$|!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^"';=])*$|!@rx ^d+$|@rx ^(?:GET|HEAD)$|!@rx ^0?$|@rx ^(?:GET|HEAD)$|!@eq 0|!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0|@streq POST|@eq 0|@eq 0|!@eq 0|!@eq 0|@rx (d+)-(d+)|@lt %{tx.1}|@rx b(?:keep-alive|close),s?(?:keep-alive|close)b|@rx x25|@validateUrlEncoding|@rx ^(?i)application/x-www-form-urlencoded|@rx x25|@validateUrlEncoding|@eq 1|@validateUtf8Encoding|@rx %u[fF]{2}[0-9a-fA-F]{2}|@validateByteRange 1-255|@eq 0|@rx ^$|@rx ^$|!@rx ^OPTIONS$|!@pm AppleWebKit Android Business Enterprise Entreprise|@rx ^$|!@rx ^OPTIONS$|@eq 0|@rx ^$|!@rx ^0$|@eq 0|@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)|@eq 1|@gt %{tx.max_num_args}|@eq 1|@gt %{tx.arg_name_length}|@eq 1|@gt %{tx.arg_length}|@eq 1|@gt %{tx.total_arg_length}|@eq 1|@rx ^(?i)multipart/form-data|@gt %{tx.max_file_size}|@eq 1|@gt %{tx.combined_file_sizes}|!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['"w.()+,/:=?<>@#*-]+)*$|@rx ^[^;s]+|!@within %{tx.allowed_request_content_type}|@rx charsets*=s*["']?([^;"'s]+)|!@within %{tx.allowed_request_content_type_charset}|@rx charset.*?charset|!@within %{tx.allowed_http_versions}|@rx .([^.]+)$|@within %{tx.restricted_extensions}|@rx .[^.~]+~(?:/.*|)$|@rx ^.*$|@within %{tx.restricted_headers_basic}|@gt 50|!@rx ^(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$|!@streq JSON|@rx (?i)x5cu[0-9a-f]{4}|@contains #|@gt 1|@lt 2|@lt 2|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}|!@endsWith .pdf|@endsWith .pdf|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}|@rx %[0-9a-fA-F]{2}|@validateByteRange 9,10,13,32-126,128-255|@eq 0|@rx ['";=]|!@rx ^0$|@eq 0|@rx ^.*$|@within %{tx.restricted_headers_extended}|@lt 3|@lt 3|@validateByteRange 32-36,38-126|@eq 0|!@rx ^(?:OPTIONS|CONNECT)$|!@pm AppleWebKit Android|@ge 1|@rx ^(?i)up|@gt 0|!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$|!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)|@lt 4|@lt 4|@endsWith .pdf|@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}|@validateByteRange 38,44-46,48-58,61,65-90,95,97-122|@validateByteRange 32,34,38,42-59,61,65-90,95,97-122|!@rx ^(?:?[01])?$|@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789])"
-}
-respond @block_enforcement 403

waf_patterns/caddy/evaluation.conf

@@ -1,4 +0,0 @@
-@block_evaluation {
-    path_regexp evaluation "(?i)(@ge 1|@ge 1|@ge 2|@ge 2|@ge 3|@ge 3|@ge 4|@ge 4|@ge 1|@ge 1|@ge 2|@ge 2|@ge 3|@ge 3|@ge 4|@ge 4|@ge %{tx.inbound_anomaly_score_threshold}|@eq 1|@ge %{tx.inbound_anomaly_score_threshold}|@lt 1|@lt 1|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4|@ge 1|@ge 1|@ge 2|@ge 2|@ge 3|@ge 3|@ge 4|@ge 4|@ge 1|@ge 1|@ge 2|@ge 2|@ge 3|@ge 3|@ge 4|@ge 4|@ge %{tx.outbound_anomaly_score_threshold}|@eq 1|@ge %{tx.outbound_anomaly_score_threshold}|@lt 1|@lt 1|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_evaluation 403

waf_patterns/caddy/exceptions.conf

@@ -1,4 +0,0 @@
-@block_exceptions {
-    path_regexp exceptions "(?i)(@streq GET /|@ipMatch 127.0.0.1,::1|@ipMatch 127.0.0.1,::1|@endsWith (internal dummy connection)|@rx ^(?:GET /|OPTIONS *) HTTP/[12].[01]$)"
-}
-respond @block_exceptions 403

waf_patterns/caddy/fixation.conf

@@ -1,4 +0,0 @@
-@block_fixation {
-    path_regexp fixation "(?i)(@lt 1|@lt 1|@rx (?i:.cookieb.*?;W*?(?:expires|domain)W*?=|bhttp-equivW+set-cookieb)|@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$|@rx ^(?:ht|f)tps?://(.*?)/|!@endsWith %{request_headers.host}|@rx ^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$|@eq 0|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_fixation 403

waf_patterns/caddy/generic.conf

@@ -1,4 +0,0 @@
-@block_generic {
-    path_regexp generic "(?i)(@lt 1|@lt 1|@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[["'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)["'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[["'`](?:debug|error|info|trace|warn)["'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[["'`](?:(?:resolv|cach)e|main|extensions)["'`]])|@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(|@pmFromFile ssrf.data|@rx (?:__proto__|constructors*(?:.|[)s*prototype)|@rx Process[sv]*.[sv]*spawn[sv]*(|@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|"[^"]+"|'[^']+'|`[^`]+`)).*)|@rx ^data:(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-"(-),/:-?[-]{}]+)/(?:*|[^!-"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*"?(?:iso-8859-15?|utf-8|windows-1252)b"?|(?:[^sv -"(-),/:-?[-]c{}]|c(?:[^!-"(-),/:-?[-]h{}]|h(?:[^!-"(-),/:-?[-]a{}]|a(?:[^!-"(-),/:-?[-]r{}]|r(?:[^!-"(-),/:-?[-]s{}]|s(?:[^!-"(-),/:-?[-]e{}]|e[^!-"(-),/:-?[-]t{}]))))))[^!-"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*|@lt 2|@lt 2|@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))|@rx [s*constructors*]|@rx @{.*}|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_generic 403

waf_patterns/caddy/iis.conf

@@ -1,4 +0,0 @@
-@block_iis {
-    path_regexp iis "(?i)(@lt 1|@lt 1|@rx [a-z]:x5cinetpubb|@rx (?:Microsoft OLE DB Provider for SQL Server(?:</font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| (0x80040e31)<br>Timeout expired<br>)|<h1>internal server error</h1>.*?<h2>part of the server has crashed or it has a configuration error.</h2>|cannot connect to the server: timed out)|@pmFromFile iis-errors.data|!@rx ^404$|@rx bServer Error in.{0,50}?bApplicationb|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_iis 403

waf_patterns/caddy/initialization.conf

@@ -1,4 +0,0 @@
-@block_initialization {
-    path_regexp initialization "(?i)(@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 0|@eq 1|@rx ^.*$|!@rx (?:URLENCODED|MULTIPART|XML|JSON)|@eq 1|!@rx (?:URLENCODED|MULTIPART|XML|JSON)|@eq 100|@rx ^[a-f]*([0-9])[a-f]*([0-9])|!@lt %{tx.sampling_percentage}|@lt %{tx.blocking_paranoia_level})"
-}
-respond @block_initialization 403

waf_patterns/caddy/java.conf

@@ -1,4 +0,0 @@
-@block_java {
-    path_regexp java "(?i)(@lt 1|@lt 1|@rx java.lang.(?:runtime|processbuilder)|@rx (?:runtime|processbuilder)|@rx (?:unmarshaller|base64data|java.)|@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)|@rx (?:runtime|processbuilder)|@pmFromFile java-classes.data|@rx .*.(?:jsp|jspx).*$|@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)|@lt 2|@lt 2|@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)|@rx xacxedx00x05|@rx (?:rO0ABQ|KztAAU|Cs7QAF)|@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)|@rx javab.+(?:runtime|processbuilder)|@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)|@lt 3|@lt 3|@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)|@lt 4|@lt 4|@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)|@lt 1|@lt 1|@pmFromFile java-code-leakages.data|@pmFromFile java-errors.data|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_java 403

waf_patterns/caddy/leakages.conf

@@ -1,4 +0,0 @@
-@block_leakages {
-    path_regexp leakages "(?i)(@lt 1|@lt 1|@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)|@rx ^#!s?/|@lt 2|@lt 2|@rx ^5d{2}$|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_leakages 403

waf_patterns/caddy/lfi.conf

@@ -1,4 +0,0 @@
-@block_lfi {
-    path_regexp lfi "(?i)(@lt 1|@lt 1|@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))|@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))|@pmFromFile lfi-os-files.data|@pmFromFile restricted-files.data|@lt 2|@lt 2|@pmFromFile lfi-os-files.data|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_lfi 403

waf_patterns/caddy/php.conf

@@ -1,4 +0,0 @@
-@block_php {
-    path_regexp php "(?i)(@lt 1|@lt 1|@rx (?:<?(?:[^x]|x[^m]|xm[^l]|xml[^s]|xml$|$)|<?php|[(?:/|x5c)?php])|@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$|@pmFromFile php-config-directives.data|@pm =|@pmFromFile php-variables.data|@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)|@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://|@pmFromFile php-function-names-933150.data|@rx (?i)b(?["']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:*.**/|/.*)|#.*[sv]|")*["']*)?[sv]*(.*)|@rx [oOcC]:d+:".+?":d+:{.*}|@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)|@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+));|@lt 2|@lt 2|@pmFromFile php-function-names-933151.data|@pm (|@lt 3|@lt 3|@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI|@rx (?i)b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[sv]|/*.**/|(?:#|//).*)*(.*)|@rx .*.(?:phpd*|phtml)..*$|@pm ?>|@rx (?:((?:.+)(?:["'][-0-9A-Z_a-z]+["'])?(.+|[^)]*string[^)]*)[sv"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|["'][-0-9A-Zx5c_a-z]+["'])(.+))(?:;|$)?|@lt 4|@lt 4|@lt 1|@lt 1|@pmFromFile php-errors.data|@rx (?:b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|$_(?:(?:pos|ge)t|session))b|@rx (?i)<?(?:=|php)?s+|@lt 2|@lt 2|@pmFromFile php-errors-pl2.data|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_php 403

waf_patterns/caddy/rfi.conf

@@ -1,4 +0,0 @@
-@block_rfi {
-    path_regexp rfi "(?i)(@lt 1|@lt 1|@rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})|@rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://|@rx ^(?i:file|ftps?|https?).*??+$|@lt 2|@lt 2|@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)|!@endsWith .%{request_headers.host}|@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)|!@endsWith .%{request_headers.host}|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_rfi 403

waf_patterns/caddy/shells.conf

@@ -1,4 +0,0 @@
-@block_shells {
-    path_regexp shells "(?i)(@lt 1|@lt 1|@pmFromFile web-shells-php.data|@rx (<title>r57 Shell Version [0-9.]+</title>|<title>r57 shell</title>)|@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+</title>|@rx B4TM4N SH3LL</title>.*<meta name='author' content='k4mpr3t'/>|@rx <title>Mini Shell</title>.*Developed By LameHacker|@rx <title>.:: .* ~ Ashiyane V [0-9.]+ ::.</title>|@rx <title>Symlink_Sa [0-9.]+</title>|@rx <title>CasuS [0-9.]+ by MafiABoY</title>|@rx ^<html>rn<head>rn<title>GRP WebShell [0-9.]+|@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>n$|@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ -|@rx ^<!DOCTYPE html>n<html>n<!-- By Artyum .*<title>Web Shell</title>|@rx <title>lama's'hell v. [0-9.]+</title>|@rx ^ *<html>n[ ]+<head>n[ ]+<title>lostDC -|@rx ^<title>PHP Web Shell</title>rn<html>rn<body>rn    <!-- Replaces command with Base64-encoded Data -->|@rx ^<html>n<head>n<div align="left"><font size="1">Input command :</font></div>n<form name="cmd" method="POST" enctype="multipart/form-data">|@rx ^<html>n<head>n<title>Ru24PostWebShell -|@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King</title>|@rx ^<html>rn<head>rn<meta http-equiv="Content-Type" content="text/html; charset=gb2312">rn<title>PhpSpy Ver [0-9]+</title>|@rx ^ <html>nn<head>nn<title>g00nshell v[0-9.]+|@contains <title>punkholicshell</title>|@rx ^<html>n      <head>n             <title>azrail [0-9.]+ by C-W-M</title>|@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=|@rx ^<html>n<title>.*? ~ Shell I</title>n<head>n<style>|@rx ^ <html><head><title>:: b374k m1n1 [0-9.]+ ::</title>|@lt 2|@lt 2|@contains <h1 style="margin-bottom: 0">webadmin.php</h1>|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_shells 403

waf_patterns/caddy/sql.conf

@@ -1,4 +0,0 @@
-@block_sql {
-    path_regexp sql "(?i)(@lt 1|@lt 1|!@pmFromFile sql-errors.data|@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])|@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)|@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()|@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)|@rx (?i)Dynamic SQL Error|@rx (?i)Exception (?:condition )?d+. Transaction rollback.|@rx (?i)org.hsqldb.jdbc|@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)|@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)|@rx (?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)|@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)|@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)|@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):|@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er|@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)|@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)|@lt 2|@lt 2|@lt 3|@lt 3|@lt 4|@lt 4)"
-}
-respond @block_sql 403