[http.middlewares] [http.middlewares.bad_bot_block_INITIALIZATION] [http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot] userAgent = [ "@eq 100", "!@lt %{tx.sampling_percentage}", "@eq 1", "@rx ^.*$", "!@rx (?:URLENCODED|MULTIPART|XML|JSON)", "@rx ^[a-f]*([0-9])[a-f]*([0-9])", "@eq 0", "@lt %{tx.blocking_paranoia_level}" ] [http.middlewares.bad_bot_block_EXCEPTIONS] [http.middlewares.bad_bot_block_EXCEPTIONS.plugin.badbot] userAgent = [ "@rx ^(?:GET /|OPTIONS *) HTTP/[12].[01]$", "@streq GET /", "@endsWith (internal dummy connection)", "@ipMatch 127.0.0.1,::1" ] [http.middlewares.bad_bot_block_ENFORCEMENT] [http.middlewares.bad_bot_block_ENFORCEMENT.plugin.badbot] userAgent = [ "@rx charset.*?charset", "@lt 3", "!@pm AppleWebKit Android", "!@endsWith .pdf", "@validateByteRange 9,10,13,32-126,128-255", "@lt 1", "@eq 1", "@gt %{tx.arg_length}", "@rx .[^.~]+~(?:/.*|)$", "@rx (?i)x5cu[0-9a-f]{4}", "!@rx ^[w/.+*-]+(?:s?;s?(?:action|boundary|charset|component|start(?:-info)?|type|version)s?=s?['\\"w.()+,/:=?<>@#*-]+)*$", "@within %{tx.restricted_extensions}", "@streq POST", "!@rx ^d+$", "@within %{tx.restricted_headers_basic}", "@gt 1", "@ge 1", "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:s*,s*|$)){1,7}$", "@rx ^(?:GET|HEAD)$", "@rx b(?:keep-alive|close),s?(?:keep-alive|close)b", "@gt %{tx.arg_name_length}", "@rx ^$", "@validateByteRange 32-36,38-126", "@rx charsets*=s*[\\"']?([^;\\"'s]+)", "@rx ^(?i)up", "@rx %[0-9a-fA-F]{2}", "@validateByteRange 1-255", "!@rx (?i)^(?:&(?:(?:[acegiln-or-suz]acut|[aeiou]grav|[ain-o]tild)e|[c-elnr-tz]caron|(?:[cgk-lnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^\\"';=])*$", "!@rx ^(?:?[01])?$", "@contains #", "@rx ^(?i)application/x-www-form-urlencoded", "@rx %u[fF]{2}[0-9a-fA-F]{2}", "!@pm AppleWebKit Android Business Enterprise Entreprise", "@rx .([^.]+)$", "@rx x25", "!@rx ^OPTIONS$", "@rx ^(?i)multipart/form-data", "@gt 50", "@gt %{tx.total_arg_length}", "@endsWith .pdf", "@rx (?:^|[^x5c])x5c[cdeghijklmpqwxyz123456789]", "@lt 4", "@lt %{tx.1}", "!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)", "@lt 2", "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){6}", "@rx ^bytes=(?:(?:d+)?-(?:d+)?s*,?s*){63}", "@within %{tx.restricted_headers_extended}", "@eq 0", "!@within %{tx.allowed_request_content_type_charset}", "!@eq 0", "@validateUtf8Encoding", "@rx (?:^([d.]+|[[da-f:]+]|[da-f:]+)(:[d]+)?$)", "!@rx ^(?:OPTIONS|CONNECT)$", "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0", "@gt %{tx.max_file_size}", "@rx ['\\";=]", "@rx ^[^;s]+", "!@streq JSON", "!@rx (?i)^(?:get /[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[sv]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z]*(?::[0-9]+)?)?/[^#?]*(?:?[^sv#]*)?(?:#[^sv]*)?)[sv]+[.-9A-Z_a-z]+)$", "@gt %{tx.combined_file_sizes}", "@validateUrlEncoding", "!@within %{tx.allowed_request_content_type}", "@validateByteRange 38,44-46,48-58,61,65-90,95,97-122", "!@rx ^0?$", "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122", "!@rx ^0$", "!@within %{tx.allowed_methods}", "@rx (d+)-(d+)", "@rx ^.*$", "@gt %{tx.max_num_args}", "@gt 0", "!@rx ^(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$", "!@within %{tx.allowed_http_versions}" ] [http.middlewares.bad_bot_block_RFI] [http.middlewares.bad_bot_block_RFI.plugin.badbot] userAgent = [ "@lt 3", "@lt 4", "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)", "@rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})", "@lt 1", "@lt 2", "@rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://", "!@endsWith .%{request_headers.host}", "@rx ^(?i:file|ftps?|https?).*??+$" ] [http.middlewares.bad_bot_block_ATTACK] [http.middlewares.bad_bot_block_ATTACK.plugin.badbot] userAgent = [ "@lt 3", "@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)", "@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)", "!@rx ^(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$", "@lt 1", "@rx (][^]]+$|][^]]+[)", "@gt 1", "@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w", "@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b", "@rx [", "@rx content-transfer-encoding:(.*)", "@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d", "@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:", "@lt 4", "@lt 2", "@rx ^content-types*:s*(.*)$", "!@eq 0", "@rx TX:paramcounter_(.*)", "@rx (?:bhttp/d|<(?:html|meta)b)", "@rx unix:[^|]*|", "@rx [nr]", "!@within |%{tx.allowed_request_content_type_charset}|", "@gt 0", "@rx ." ] [http.middlewares.bad_bot_block_JAVA] [http.middlewares.bad_bot_block_JAVA.plugin.badbot] userAgent = [ "@lt 3", "@lt 1", "@pmFromFile java-classes.data", "@rx (?:rO0ABQ|KztAAU|Cs7QAF)", "@rx javab.+(?:runtime|processbuilder)", "@pmFromFile java-code-leakages.data", "@rx (?:class.module.classLoader.resources.context.parent.pipeline|springframework.context.support.FileSystemXmlApplicationContext)", "@rx xacxedx00x05", "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)", "@pmFromFile java-errors.data", "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]{0,15}(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)", "@rx java.lang.(?:runtime|processbuilder)", "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^}]*(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)", "@lt 4", "@rx (?:unmarshaller|base64data|java.)", "@lt 2", "@rx (?:runtime|processbuilder)", "@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)", "@rx (?i)(?:$|$?)(?:{|&l(?:brace|cub);?)", "@rx .*.(?:jsp|jspx).*$" ] [http.middlewares.bad_bot_block_PHP] [http.middlewares.bad_bot_block_PHP.plugin.badbot] userAgent = [ "@rx (?:((?:.+)(?:[\\"'][-0-9A-Z_a-z]+[\\"'])?(.+|[^)]*string[^)]*)[sv\\"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|[\\"'][-0-9A-Zx5c_a-z]+[\\"'])(.+))(?:;|$)?", "@lt 3", "@rx .*.ph(?:pd*|tml|ar|ps|t|pt).*$", "@lt 1", "@pm (", "@rx (?:((?:.+)(?:[\\"'][-0-9A-Z_a-z]+[\\"'])?(.+|[^)]*string[^)]*)[sv\\"'--.0-9A-[]_a-{}]+([^)]*)|(?:[[0-9]+]|{[0-9]+}|$[^(-),.-/;x5c]+|[\\"'][-0-9A-Zx5c_a-z]+[\\"'])(.+));", "@pm =", "@rx $+(?:[a-zA-Z_x7f-xff][a-zA-Z0-9_x7f-xff]*|s*{.+})(?:s|[.+]|{.+}|/*.**/|//.*|#.*)*(.*)", "@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)", "@pmFromFile php-function-names-933151.data", "@pm ?>", "@rx (?:Index of.*?Index of.*?Index of|>[To Parent Directory]
)", "@rx ^5d{2}$" ] [http.middlewares.bad_bot_block_GENERIC] [http.middlewares.bad_bot_block_GENERIC.plugin.badbot] userAgent = [ "@pmFromFile ssrf.data", "@rx (?:__proto__|constructors*(?:.|[)s*prototype)", "@lt 3", "@rx ^data:(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*", "@lt 4", "@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))", "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(", "@rx @{.*}", "@lt 1", "@lt 2", "@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[\\"'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)[\\"'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[[\\"'`](?:debug|error|info|trace|warn)[\\"'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[[\\"'`](?:(?:resolv|cach)e|main|extensions)[\\"'`]])", "@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\\"[^\\"]+\\"|'[^']+'|`[^`]+`)).*)", "@rx Process[sv]*.[sv]*spawn[sv]*(", "@rx [s*constructors*]" ] [http.middlewares.bad_bot_block_EVALUATION] [http.middlewares.bad_bot_block_EVALUATION.plugin.badbot] userAgent = [ "@lt 3", "@lt 4", "@ge %{tx.inbound_anomaly_score_threshold}", "@ge 2", "@eq 1", "@lt 1", "@ge 1", "@lt 2", "@ge 4", "@ge %{tx.outbound_anomaly_score_threshold}", "@ge 3" ] [http.middlewares.bad_bot_block_XSS] [http.middlewares.bad_bot_block_XSS.plugin.badbot] userAgent = [ "@lt 3", "@rx <[?]?import[s/+S]*?implementation[s/+]*?=", "@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe", "@rx (?i)))|@W*?iW*?mW*?pW*?oW*?rW*?tW*?(?:/*[sS]*?)?(?:[\\"']|W*?uW*?rW*?l[sS]*?()|[^-]*?-W*?mW*?oW*?zW*?-W*?bW*?iW*?nW*?dW*?iW*?nW*?g[^:]*?:W*?uW*?rW*?l[sS]*?(", "@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=", "@rx (?i).*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))", "@contains -->", "@rx (?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).", "@rx (?i)[\\"'][ ]*(?:[^a-z0-9~_:' ]|in).+?[.].+?=", "@rx (?i:<.*[:]?vmlframe.*?[s/+]*?src[s/+]*=)", "@lt 4", "@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa)[sv]*(", "@rx (?i)]*>[sS]*?", "@rx (?i)]", "@rx (?i)[s\\"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]", "@rx {{.*?}}", "@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-", "@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding ", "@rx ^n.*? ~ Shell Inn