# Nginx WAF Maps Definitions # Automatically generated from OWASP rules. http { map $request_uri $waf_block_initialization { default 0; "~*@eq\ 0" 1; "~*!@rx\ $\?:URLENCODED\|MULTIPART\|XML\|JSON$" 1; "~*\^\.\*\$" 1; "~*@eq\ 1" 1; "~*\^\[a\-f\]\*$\[0\-9\]$\[a\-f\]\*$\[0\-9\]$" 1; "~*@eq\ 100" 1; } map $request_uri $waf_block_fixation { default 0; "~*@eq\ 0" 1; "~*\^$\?:ht\|f$tps\?://$\.\*\?$/" 1; "~*!@endsWith\ %\{request_headers\.host\}" 1; "~*\^$\?:jsessionid\|aspsessionid\|asp\.net_sessionid\|phpsession\|phpsessid\|weblogicsession\|session_id\|session\-id\|cfid\|cftoken\|cfsid\|jservsession\|jwsession$\$" 1; "~*$\?i:\.cookieb\.\*\?;W\*\?\(\?:expires\|domain$W\*\?=\|bhttp\-equivW\+set\-cookieb\)" 1; } map $request_uri $waf_block_evaluation { default 0; "~*@ge\ %\{tx\.outbound_anomaly_score_threshold\}" 1; "~*@ge\ 2" 1; "~*@ge\ %\{tx\.inbound_anomaly_score_threshold\}" 1; "~*@eq\ 1" 1; "~*@ge\ 1" 1; "~*@ge\ 3" 1; "~*@ge\ 4" 1; } map $request_uri $waf_block_sql { default 0; "~*$\?i:SQL\ error\.\*POS\[0\-9\]\+\.\*\|Warning\.\*maxdb\.\*$" 1; "~*$\?i:\[DM_QUERY_E_SYNTAX\]\|has\ occurred\ in\ the\ vicinity\ of:$" 1; "~*$\?i:Warning\.\*ingres_\|Ingres\ SQLSTATE\|IngresW\.\*Driver$" 1; "~*$\?i:Warning:\ ibase_\|Unexpected\ end\ of\ command\ in\ statement$" 1; "~*$\?i$org\.hsqldb\.jdbc" 1; "~*$\?i$Dynamic\ SQL\ Error" 1; "~*$\?i:An\ illegal\ character\ has\ been\ found\ in\ the\ statement\|com\.informix\.jdbc\|Exception\.\*Informix$" 1; "~*$\?i:JET\ Database\ Engine\|Access\ Database\ Engine\|\[Microsoft\]\[ODBC\ Microsoft\ Access\ Driver\]$" 1; "~*$\?i$$\?:Warning\.\*sqlite_\.\*\|Warning\.\*SQLite3::\|SQLite/JDBCDriver\|SQLite\.Exception\|System\.Data\.SQLite\.SQLiteException$" 1; "~*$\?i$$\?:System\.Data\.OleDb\.OleDbException\|\[Microsoft\]\[ODBC\ SQL\ Server\ Driver\]\|\[Macromedia\]\[SQLServer\ JDBC\ Driver\]\|\[SqlException\|System\.Data\.SqlClient\.SqlException\|Unclosed\ quotation\ mark\ after\ the\ character\ string\|'80040e14'\|mssql_query\($\|Microsoft\ OLE\ DB\ Provider\ for\ ODBC\ Drivers\|Microsoft\ OLE\ DB\ Provider\ for\ SQL\ Server\|Incorrect\ syntax\ near\|Sintaxis\ incorrecta\ cerca\ de\|Syntax\ error\ in\ string\ in\ query\ expression\|Procedure\ or\ function\ \.\*\ expects\ parameter\|Unclosed\ quotation\ mark\ before\ the\ character\ string\|Syntax\ error\ \.\*\ in\ query\ expression\|Data\ type\ mismatch\ in\ criteria\ expression\.\|ADODB\.Field\ $0x800A0BCD$\|the\ used\ select\ statements\ have\ different\ number\ of\ columns\|OLE\ DB\.\*SQL\ Server\|Warning\.\*mssql_\.\*\|Driver\.\*SQL\[\ _\-\]\*Server\|SQL\ Server\.\*Driver\|SQL\ Server\.\*\[0\-9a\-fA\-F\]\{8\}\|Exception\.\*WSystem\.Data\.SqlClient\.\|Conversion\ failed\ when\ converting\ the\ varchar\ value\ \.\*\?\ to\ data\ type\ int\.\)" 1; "~*$\?i$Exception\ $\?:condition\ $\?d\+\.\ Transaction\ rollback\." 1; "~*$\?i$$\?:Sybase\ message:\|Warning\.\{2,20\}sybase\|Sybase\.\*Server\ message\.\*$" 1; "~*$\?i:ORA\-\[0\-9\]\[0\-9\]\[0\-9\]\[0\-9\]\|java\.sql\.SQLException\|Oracle\ error\|Oracle\.\*Driver\|Warning\.\*oci_\.\*\|Warning\.\*ora_\.\*$" 1; } map $request_uri $waf_block_attack { default 0; "~*TX:paramcounter_$\.\*$" 1; "~*\^\[\^sv,;\]\+\[sv,;\]\.\*\?b$\?:\(\(\?:tex\|multipar$t\|application\)\|$\(\?:audi\|vide$o\|image\|cs\[sv\]\|$\?:vn\|relate$d\|p$\?:df\|lain$\|json\|$\?:soa\|cs$p\|x$\?:ml\|\-www\-form\-urlencoded$\|form\-data\|x\-amf\|$\?:octe\|repor$t\|stream\)\|$\[\+/\]$\)b" 1; "~*$\?:bhttp/d\|<\(\?:html\|meta$b\)" 1; "~*\." 1; "~*$\?:get\|post\|head\|options\|connect\|put\|delete\|trace\|track\|patch\|propfind\|propatch\|mkcol\|copy\|move\|lock\|unlock$s\+\[\^s\]\+s\+http/d" 1; "~*@gt\ 0" 1; "~*\[nr\]" 1; "~*\^content\-types\*:s\*$\.\*$\$" 1; "~*\[nr\]\+$\?:s\|location\|refresh\|\(\?:set\-$\?cookie\|$\?:x\-$\?$\?:forwarded\-\(\?:for\|host\|server$\|host\|via\|remote\-ip\|remote\-addr\|originating\-IP\)\)s\*:" 1; "~*unix:\[\^\|\]\*\|" 1; "~*\^\[\^sv,;\]\+\[sv,;\]\.\*\?$\?:application/\(\?:\.\+\+$\?json\|$\?:application/\(\?:soap\+$\?\|text/\)xml\)" 1; "~*\[rn\]W\*\?$\?:content\-\(\?:type\|length$\|set\-cookie\|location\):s\*w" 1; "~*content\-transfer\-encoding:$\.\*$" 1; "~*@gt\ 1" 1; } map $request_uri $waf_block_lfi { default 0; "~*$\?:\(\?:\^\|\[x5c/;\]$\.\{2,3\}\[x5c/;\]\|\[x5c/;\]\.\{2,3\}$\?:\[x5c/;\]\|\$$\)" 1; } map $request_uri $waf_block_exceptions { default 0; "~*@endsWith\ $internal\ dummy\ connection$" 1; "~*@ipMatch\ 127\.0\.0\.1,::1" 1; "~*@streq\ GET\ /" 1; "~*\^$\?:GET\ /\|OPTIONS\ \*$\ HTTP/\[12\]\.\[01\]\$" 1; } map $request_uri $waf_block_java { default 0; "~*$\?:unmarshaller\|base64data\|java\.$" 1; "~*$\?i$$\?:\$\|\$\?$$\?:\{\|\&l\(\?:brace\|cub$;\?\)$\?:\[\^\}\]\{0,15\}\(\?:\$\|\$\?$$\?:\{\|\&l\(\?:brace\|cub$;\?\)\|jndi\|ctx\)" 1; "~*$\?:rO0ABQ\|KztAAU\|Cs7QAF$" 1; "~*java\.lang\.$\?:runtime\|processbuilder$" 1; "~*$\?:cnVudGltZQ\|HJ1bnRpbWU\|BydW50aW1l\|cHJvY2Vzc2J1aWxkZXI\|HByb2Nlc3NidWlsZGVy\|Bwcm9jZXNzYnVpbGRlcg\|Y2xvbmV0cmFuc2Zvcm1lcg\|GNsb25ldHJhbnNmb3JtZXI\|BjbG9uZXRyYW5zZm9ybWVy\|Zm9yY2xvc3VyZQ\|GZvcmNsb3N1cmU\|Bmb3JjbG9zdXJl\|aW5zdGFudGlhdGVmYWN0b3J5\|Gluc3RhbnRpYXRlZmFjdG9yeQ\|BpbnN0YW50aWF0ZWZhY3Rvcnk\|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\|aW52b2tlcnRyYW5zZm9ybWVy\|Gludm9rZXJ0cmFuc2Zvcm1lcg\|BpbnZva2VydHJhbnNmb3JtZXI\|cHJvdG90eXBlY2xvbmVmYWN0b3J5\|HByb3RvdHlwZWNsb25lZmFjdG9yeQ\|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\|d2hpbGVjbG9zdXJl\|HdoaWxlY2xvc3VyZQ\|B3aGlsZWNsb3N1cmU$" 1; "~*$\?:class\.module\.classLoader\.resources\.context\.parent\.pipeline\|springframework\.context\.support\.FileSystemXmlApplicationContext$" 1; "~*$\?i$$\?:\$\|\$\?$$\?:\{\|\&l\(\?:brace\|cub$;\?\)" 1; "~*xacxedx00x05" 1; "~*javab\.\+$\?:runtime\|processbuilder$" 1; "~*$\?:runtime\|processbuilder$" 1; "~*$\?i$$\?:\$\|\$\?$$\?:\{\|\&l\(\?:brace\|cub$;\?\)$\?:\[\^\}\]\*\(\?:\$\|\$\?$$\?:\{\|\&l\(\?:brace\|cub$;\?\)\|jndi\|ctx\)" 1; "~*$\?:clonetransformer\|forclosure\|instantiatefactory\|instantiatetransformer\|invokertransformer\|prototypeclonefactory\|prototypeserializationfactory\|whileclosure\|getproperty\|filewriter\|xmldecoder$" 1; "~*\.\*\.$\?:jsp\|jspx$\.\*\$" 1; } map $request_uri $waf_block_xss { default 0; "~*$\?i$A\-Z_a\-z\]\*$\?:\[\^sv\"'<>\]\*:$\?\[\^0\-9<>A\-Z_a\-z\]\*\[\^0\-9A\-Z_a\-z\]\*\?$\?:s\[\^0\-9A\-Z_a\-z\]\*\?\(\?:c\[\^0\-9A\-Z_a\-z\]\*\?r\[\^0\-9A\-Z_a\-z\]\*\?i\[\^0\-9A\-Z_a\-z\]\*\?p\[\^0\-9A\-Z_a\-z\]\*\?t\|t\[\^0\-9A\-Z_a\-z\]\*\?y\[\^0\-9A\-Z_a\-z\]\*\?l\[\^0\-9A\-Z_a\-z\]\*\?e\|v\[\^0\-9A\-Z_a\-z\]\*\?g\|e\[\^0\-9A\-Z_a\-z\]\*\?t\[\^0\-9>A\-Z_a\-z\]$\|f\[\^0\-9A\-Z_a\-z\]\*\?o\[\^0\-9A\-Z_a\-z\]\*\?r\[\^0\-9A\-Z_a\-z\]\*\?m\|m\[\^0\-9A\-Z_a\-z\]\*\?$\?:a\[\^0\-9A\-Z_a\-z\]\*\?r\[\^0\-9A\-Z_a\-z\]\*\?q\[\^0\-9A\-Z_a\-z\]\*\?u\[\^0\-9A\-Z_a\-z\]\*\?e\[\^0\-9A\-Z_a\-z\]\*\?e\|e\[\^0\-9A\-Z_a\-z\]\*\?t\[\^0\-9A\-Z_a\-z\]\*\?a\[\^0\-9>A\-Z_a\-z\]$\|$\?:l\[\^0\-9A\-Z_a\-z\]\*\?i\[\^0\-9A\-Z_a\-z\]\*\?n\[\^0\-9A\-Z_a\-z\]\*\?k\|o\[\^0\-9A\-Z_a\-z\]\*\?b\[\^0\-9A\-Z_a\-z\]\*\?j\[\^0\-9A\-Z_a\-z\]\*\?e\[\^0\-9A\-Z_a\-z\]\*\?c\[\^0\-9A\-Z_a\-z\]\*\?t\|e\[\^0\-9A\-Z_a\-z\]\*\?m\[\^0\-9A\-Z_a\-z\]\*\?b\[\^0\-9A\-Z_a\-z\]\*\?e\[\^0\-9A\-Z_a\-z\]\*\?d\|a\[\^0\-9A\-Z_a\-z\]\*\?\(\?:p\[\^0\-9A\-Z_a\-z\]\*\?p\[\^0\-9A\-Z_a\-z\]\*\?l\[\^0\-9A\-Z_a\-z\]\*\?e\[\^0\-9A\-Z_a\-z\]\*\?t\|u\[\^0\-9A\-Z_a\-z\]\*\?d\[\^0\-9A\-Z_a\-z\]\*\?i\[\^0\-9A\-Z_a\-z\]\*\?o\|n\[\^0\-9A\-Z_a\-z\]\*\?i\[\^0\-9A\-Z_a\-z\]\*\?m\[\^0\-9A\-Z_a\-z\]\*\?a\[\^0\-9A\-Z_a\-z\]\*\?t\[\^0\-9A\-Z_a\-z\]\*\?e$\|p\[\^0\-9A\-Z_a\-z\]\*\?a\[\^0\-9A\-Z_a\-z\]\*\?r\[\^0\-9A\-Z_a\-z\]\*\?a\[\^0\-9A\-Z_a\-z\]\*\?m\|i\?\[\^0\-9A\-Z_a\-z\]\*\?f\[\^0\-9A\-Z_a\-z\]\*\?r\[\^0\-9A\-Z_a\-z\]\*\?a\[\^0\-9A\-Z_a\-z\]\*\?m\[\^0\-9A\-Z_a\-z\]\*\?e\|b\[\^0\-9A\-Z_a\-z\]\*\?$\?:a\[\^0\-9A\-Z_a\-z\]\*\?s\[\^0\-9A\-Z_a\-z\]\*\?e\|o\[\^0\-9A\-Z_a\-z\]\*\?d\[\^0\-9A\-Z_a\-z\]\*\?y\|i\[\^0\-9A\-Z_a\-z\]\*\?n\[\^0\-9A\-Z_a\-z\]\*\?d\[\^0\-9A\-Z_a\-z\]\*\?i\[\^0\-9A\-Z_a\-z\]\*\?n\[\^0\-9A\-Z_a\-z\]\*\?g\[\^0\-9A\-Z_a\-z\]\*\?s$\|i\[\^0\-9A\-Z_a\-z\]\*\?m\[\^0\-9A\-Z_a\-z\]\*\?a\?\[\^0\-9A\-Z_a\-z\]\*\?g\[\^0\-9A\-Z_a\-z\]\*\?e\?\|v\[\^0\-9A\-Z_a\-z\]\*\?i\[\^0\-9A\-Z_a\-z\]\*\?d\[\^0\-9A\-Z_a\-z\]\*\?e\[\^0\-9A\-Z_a\-z\]\*\?o\)\[\^0\-9>A\-Z_a\-z\]\)\|$\?:<\[0\-9A\-Z_a\-z\]\.\*\[sv/\]\|\[\"'\]\(\?:\.\*\[sv/\]$\?\)$\?:background\|formaction\|lowsrc\|on\(\?:a\(\?:bort\|ctivate\|d\(\?:apteradded\|dtrack$\|fter$\?:print\|\(\?:scriptexecu\|upda$te\)\|lerting\|n$\?:imation\(\?:cancel\|end\|iteration\|start$\|tennastatechange\)\|ppcommand\|u$\?:dio\(\?:end\|process\|start$\|xclick\)\)\|b$\?:e\(\?:fore\(\?:\(\?:\(\?:\(\?:de$\?activa\|scriptexecu\)t\|toggl\)e\|c$\?:opy\|ut$\|editfocus\|input\|p$\?:aste\|rint$\|u$\?:nload\|pdate$\)\|gin$\?:Event$\?\)\|l$\?:ocked\|ur$\|oun$\?:ce\|dary$\|roadcast\|usy\)\|c$\?:a\(\?:\(\?:ch\|llschang$ed\|nplay$\?:through$\?\|rdstatechange\)\|$\?:ell\|fstate$change\|h$\?:a\(\?:rging\(\?:time$\?cha\)\?nge\|ecking\)\|l$\?:ick\|ose$\|o$\?:m\(\?:mand\(\?:update$\?\|p$\?:lete\|osition\(\?:end\|start\|update$\)\)\|n$\?:nect\(\?:ed\|ing$\|t$\?:extmenu\|rolselect$\)\|py\)\|u$\?:echange\|t$\)\|d$\?:ata\(\?:\(\?:availabl\|chang$e\|error\|setc$\?:hanged\|omplete$\)\|blclick\|e$\?:activate\|livery\(\?:error\|success$\|vice$\?:found\|light\|\(\?:mo\|orienta$tion\|proximity\)\)\|i$\?:aling\|s\(\?:abled\|c\(\?:hargingtimechange\|onnect\(\?:ed\|ing$\)\)\)\|o$\?:m\(\?:a\(\?:ctivate\|ttrmodified$\|$\?:characterdata\|subtree$modified\|focus$\?:in\|out$\|mousescroll\|node$\?:inserted\(\?:intodocument$\?\|removed$\?:fromdocument$\?\)\)\|wnloading\)\|r$\?:ag\(\?:drop\|e\(\?:n\(\?:d\|ter$\|xit\)\|$\?:gestur\|leav$e\|over\|start\)\|op\)\|urationchange\)\|e$\?:mptied\|n\(\?:abled\|d\(\?:ed\|Event$\?\|ter\)\|rror$\?:update$\?\|xit\)\|f$\?:ailed\|i\(\?:lterchange\|nish$\|o$\?:cus\(\?:in\|out$\?\|rm$\?:change\|input$\)\|ullscreenchange\)\|g$\?:amepad\(\?:axismove\|button\(\?:down\|up$\|$\?:dis$\?connected\)\|et\)\|h$\?:ashchange\|e\(\?:adphoneschange\|l\[dp\]$\|olding\)\|i$\?:cc\(\?:cardlockerror\|infochange$\|n$\?:coming\|put\|valid$\)\|key$\?:down\|press\|up$\|l$\?:evelchange\|o\(\?:ad\(\?:e\(\?:d\(\?:meta$\?data\|nd\)\|start\)\?\|secapture\)\|y\)\|m$\?:ark\|essage\|o\(\?:use\(\?:down\|enter\|\(\?:lea\|mo$ve\|o$\?:ut\|ver$\|up\|wheel\)\|ve$\?:end\|start$\?\|z$\?:a\(\?:fterpaint\|udioavailable$\|$\?:beforeresiz\|orientationchang\|t\(\?:apgestur\|imechang$\)e\|$\?:edgeui\(\?:c\(\?:ancel\|omplet$\|start\)e\|network$\?:down\|up$loa\)d\|fullscreen$\?:change\|error$\|m$\?:agnifygesture\(\?:start\|update$\?\|ouse$\?:hittest\|pixelscroll$\)\|p$\?:ointerlock\(\?:change\|error$\|resstapgesture\)\|rotategesture$\?:start\|update$\?\|s$\?:crolledareachanged\|wipegesture\(\?:end\|start\|update$\?\)\)\)\)\|no$\?:match\|update$\|o$\?:\(\?:bsolet\|\(\?:ff\|n$lin\)e\|pen\|verflow$\?:changed$\?\)\|p$\?:a\(\?:ge\(\?:hide\|show$\|int\|$\?:st\|us$e\)\|lay$\?:ing$\?\|o$\?:inter\(\?:down\|enter\|\(\?:\(\?:lea\|mo$v\|rawupdat\)e\|o$\?:ut\|ver$\|up\)\|p$\?:state\|up\(\?:hid\(\?:den\|ing$\|show$\?:ing\|n$\)\)\)\|ro$\?:gress\|pertychange$\)\|r$\?:atechange\|e\(\?:adystatechange\|ceived\|movetrack\|peat\(\?:Event$\?\|quest\|s$\?:et\|ize\|u\(\?:lt\|m\(\?:e\|ing$\)\)\|trieving\)\|ow$\?:e\(\?:nter\|xit$\|s$\?:delete\|inserted$\)\)\|s$\?:croll\(\?:end$\?\|e$\?:arch\|ek\(\?:complete\|ed\|ing$\|lect$\?:ionchange\|start$\?\|n$\?:ding\|t$\|t\)\|how\|$\?:ound\|peech$$\?:end\|start$\|t$\?:a\(\?:lled\|rt\|t\(\?:echange\|uschanged$\)\|k$\?:comma\|sessione$nd\|op\)\|u$\?:bmit\|ccess\|spend$\|vg$\?:abort\|error\|\(\?:un$\?load\|resize\|scroll\|zoom\)\)\|t$\?:ext\|ime\(\?:out\|update$\|o$\?:ggle\|uch\(\?:cancel\|en\(\?:d\|ter$\|$\?:lea\|mo$ve\|start\)\)\|ransition$\?:cancel\|end\|run\|start$\)\|u$\?:n\(\?:derflow\|handledrejection\|load$\|p$\?:dateready\|gradeneeded$\|s$\?:erproximity\|sdreceived$\)\|v$\?:ersion\|o\(\?:ic\|lum$e\)change\|w$\?:a\(\?:it\|rn$ing\|ebkit$\?:animation\(\?:end\|iteration\|start$\|transitionend\)\|heel\)\|zoom\)\|ping\|s$\?:rc\|tyle$\)\[x08\-nf\-r\ \]\*\?=" 1; "~*$\?i:\.\*\?\(\?:@\[ix5c\]\|\(\?:\[:=\]\|\&\#x\?0\*\(\?:58\|3A\|61\|3D$;\?\)\.\*\?$\?:\[\(x5c\]\|\&\#x\?0\*\(\?:40\|28\|92\|5C$;\?\)\)\)" 1; "~*<\[\?\]\?import\[s/\+S\]\*\?implementation\[s/\+\]\*\?=" 1; "~*$\?i:" 1; "~*xbc\[\^xbe>\]\*\[xbe>\]\|<\[\^xbe\]\*xbe" 1; "~*\(\?:xbcs\*/s\*\[\^xbe>\]\*\[xbe>\]$\|$\?:\]\*>\[sS\]\*\?" 1; "~*\(\?i$\]" 1; } map $request_uri $waf_block_rfi { default 0; "~*!@endsWith\ \.%\{request_headers\.host\}" 1; "~*\^$\?i:file\|ftps\?\|https\?$://$\?:d\{1,3\}\.d\{1,3\}\.d\{1,3\}\.d\{1,3\}$" 1; } map $request_uri $waf_block_leakages { default 0; "~*$\?:<\(\?:TITLE>Index\ of\.\*\?Index\ of\.\*\?Index\ of\|>\[To\ Parent\ Directory\]
$" 1; "~*\^5d\{2\}\$" 1; "~*\^\#!s\?/" 1; } map $request_uri $waf_block_php { default 0; "~*@pm\ =" 1; "~*$\?:bzip2\|expect\|glob\|ogg\|\(\?:ph\|r$ar\|ssh2$\?:\.\(\?:s\(\?:hell\|\(\?:ft\|c$p\)\|exec\|tunnel\)\)\?\|z$\?:ip\|lib$\)://" 1; "~*AUTH_TYPE\|HTTP_$\?:ACCEPT\(\?:_\(\?:CHARSET\|ENCODING\|LANGUAGE$\)\?\|CONNECTION\|$\?:HOS\|USER_AGEN$T\|KEEP_ALIVE\|$\?:REFERE\|X_FORWARDED_FO$R\)\|ORIG_PATH_INFO\|PATH_$\?:INFO\|TRANSLATED$\|QUERY_STRING\|REQUEST_URI" 1; "~*@pm\ \?>" 1; "~*$\?:b\(\?:f\(\?:tp_\(\?:nb_$\?f\?$\?:ge\|pu$t\|get$\?:s\?s\|c$\|scanf\|write\|open\|read\)\|gz$\?:\(\?:encod\|writ$e\|compress\|open\|read\)\|s$\?:ession_start\|candir$\|read$\?:\(\?:gz$\?file\|dir\)\|move_uploaded_file\|$\?:proc_\|bz$open\|call_user_func\)\|\$_$\?:\(\?:pos\|ge$t\|session\)\)b" 1; "~*\[oOcC\]:d\+:\"\.\+\?\":d\+:\{\.\*\}" 1; "~*\.\*\.$\?:phpd\*\|phtml$\.\.\*\$" 1; "~*$\?i$<\?$\?:=\|php$\?s\+" 1; "~*\.\*\.ph$\?:pd\*\|tml\|ar\|ps\|t\|pt$\.\*\$" 1; "~*$\?i$php://$\?:std\(\?:in\|out\|err$\|$\?:in\|out$put\|fd\|memory\|temp\|filter\)" 1; "~*$\?:<\?\(\?:\[\^x\]\|x\[\^m\]\|xm\[\^l\]\|xml\[\^s\]\|xml\$\|\$$\|<\?php\|\[$\?:/\|x5c$\?php\]\)" 1; } map $request_uri $waf_block_enforcement { default 0; "~*@validateByteRange\ 32\-36,38\-126" 1; "~*!@rx\ \^d\+\$" 1; "~*$d\+$\-$d\+$" 1; "~*\^\[\^;s\]\+" 1; "~*@gt\ 0" 1; "~*\^$\?:GET\|HEAD$\$" 1; "~*@validateByteRange\ 9,10,13,32\-126,128\-255" 1; "~*x25" 1; "~*@gt\ 50" 1; "~*b$\?:keep\-alive\|close$,s\?$\?:keep\-alive\|close$b" 1; "~*@gt\ %\{tx\.arg_length\}" 1; "~*charset\.\*\?charset" 1; "~*@contains\ \#" 1; "~*charsets\*=s\*\[\"'\]\?$\[\^;\"'s\]\+$" 1; "~*\.\[\^\.\~\]\+\~$\?:/\.\*\|$\$" 1; "~*@streq\ POST" 1; "~*!@rx\ \^$\?:OPTIONS\|CONNECT$\$" 1; "~*%\[0\-9a\-fA\-F\]\{2\}" 1; "~*\^bytes=$\?:\(\?:d\+$\?\-$\?:d\+$\?s\*,\?s\*\)\{6\}" 1; "~*@within\ %\{tx\.restricted_headers_extended\}" 1; "~*@validateUrlEncoding" 1; "~*\^\$" 1; "~*@eq\ 1" 1; "~*@endsWith\ \.pdf" 1; "~*!@rx\ \^$\?:\(\?:max\-age=\[0\-9\]\+\|min\-fresh=\[0\-9\]\+\|no\-cache\|no\-store\|no\-transform\|only\-if\-cached\|max\-stale\(\?:=\[0\-9\]\+$\?\)$\?:s\*,s\*\|\$$\)\{1,7\}\$" 1; "~*@validateUtf8Encoding" 1; "~*@gt\ %\{tx\.max_num_args\}" 1; "~*@within\ %\{tx\.restricted_headers_basic\}" 1; "~*@eq\ 0" 1; "~*!@rx\ \^0\$" 1; "~*@gt\ %\{tx\.max_file_size\}" 1; "~*!@pm\ AppleWebKit\ Android" 1; "~*!@streq\ JSON" 1; "~*$\?:\^\(\[d\.\]\+\|\[\[da\-f:\]\+\]\|\[da\-f:\]\+$$:\[d\]\+$\?\$\)" 1; "~*%u\[fF\]\{2\}\[0\-9a\-fA\-F\]\{2\}" 1; "~*\^\.\*\$" 1; "~*@within\ %\{tx\.restricted_extensions\}" 1; "~*$\?i$x5cu\[0\-9a\-f\]\{4\}" 1; "~*@gt\ %\{tx\.arg_name_length\}" 1; "~*@validateByteRange\ 1\-255" 1; "~*!@rx\ \^\[w/\.\+\*\-\]\+$\?:s\?;s\?\(\?:action\|boundary\|charset\|component\|start\(\?:\-info$\?\|type\|version\)s\?=s\?\['\"w\.\+,/:=\?<>@\#\*\-\]\+\)\*\$" 1; "~*\['\";=\]" 1; "~*@gt\ 1" 1; "~*$\?:\^\|\[\^x5c\]$x5c\[cdeghijklmpqwxyz123456789\]" 1; "~*\^bytes=$\?:\(\?:d\+$\?\-$\?:d\+$\?s\*,\?s\*\)\{63\}" 1; "~*!@rx\ \^0\?\$" 1; "~*\.$\[\^\.\]\+$\$" 1; "~*@validateByteRange\ 38,44\-46,48\-58,61,65\-90,95,97\-122" 1; "~*@validateByteRange\ 32,34,38,42\-59,61,65\-90,95,97\-122" 1; "~*!@rx\ \^OPTIONS\$" 1; "~*@gt\ %\{tx\.combined_file_sizes\}" 1; "~*!@endsWith\ \.pdf" 1; "~*!@pm\ AppleWebKit\ Android\ Business\ Enterprise\ Entreprise" 1; "~*@gt\ %\{tx\.total_arg_length\}" 1; "~*@ge\ 1" 1; } map $request_uri $waf_block_generic { default 0; "~*while\[sv\]\*$\[sv\(\]\*\(\?:!\+\(\?:false\|null\|undefined\|NaN\|\[\+\-\]\?0\|\"\{2\}\|'\{2\}\|`\{2\}$\|$\?:!!$\*$\?:\(\?:t\(\?:rue\|his$\|\[\+\-\]\?$\?:Infinity\|\[1\-9\]\[0\-9\]\*$\|new\ \[A\-Za\-z\]\[0\-9A\-Z_a\-z\]\*\|window\|String\|$\?:Boolea\|Functio$n\|Object\|Array\)b\|\{\.\*\}\|\[\.\*\]\|\"\[\^\"\]\+\"\|'\[\^'\]\+'\|`\[\^`\]\+`\)\)\.\*\)" 1; "~*\[s\*constructors\*\]" 1; "~*@\{\.\*\}" 1; } map $request_uri $waf_block_sqli { default 0; "~*$\?i$\^$\?:\[\^'\]\*\?\(\?:'\[\^'\]\*\?'\[\^'\]\*\?$\*\?'\|\[\^\"\]\*\?$\?:\"\[\^\"\]\*\?\"\[\^\"\]\*\?$\*\?\"\|\[\^`\]\*\?$\?:`\[\^`\]\*\?`\[\^`\]\*\?$\*\?`\)\[sv\]\*$\[0\-9A\-Z_a\-z\]\+$b" 1; "~*\^$\?i:\-0000023456\|4294967295\|4294967296\|2147483648\|2147483647\|0000012345\|\-2147483648\|\-2147483649\|0000023456\|2\.2250738585072007e\-308\|2\.2250738585072011e\-308\|1e309$\$" 1; "~*$\?i:b0x\[a\-fd\]\{3,\}$" 1; "~*$\?i$\[sv\"'\-\)`\]\*\?b$\[0\-9A\-Z_a\-z\]\+$b\[sv\"'\-\)`\]\*\?$\?:!\[<\->\]\|<\[=\->\]\?\|>=\?\|\^\|is\[sv\]\+not\|not\[sv\]\+\(\?:like\|r\(\?:like\|egexp$\)\)\[sv\"'\-\)`\]\*\?b$\[0\-9A\-Z_a\-z\]\+$b" 1; "~*@streq\ %\{TX\.2\}" 1; "~*$\?i$union\.\*\?select\.\*\?from" 1; "~*$\?i$b$\?:orb\(\?:\[sv\]\?\(\?:\[0\-9\]\{1,10\}\|\[\"'\]\[\^=\]\{1,10\}\[\"'\]$\[sv\]\?\[<\->\]\+\|\[sv\]\+$\?:\[0\-9\]\{1,10\}\|'\[\^=\]\{1,10\}'$$\?:\[sv\]\*\?\[<\->\]$\?\)\|xorb\[sv\]\+$\?:\[0\-9\]\{1,10\}\|'\[\^=\]\{1,10\}'$$\?:\[sv\]\*\?\[<\->\]$\?\)\|'\[sv\]\+x\?or\[sv\]\+\.\{1,20\}\[!\+\-<\->\]" 1; "~*$\?i$1\.e\[$\-$,\]" 1; "~*\[\"'`\]\[sd\]\*\?\[\^ws\]W\*\?dW\*\?\.\*\?\[\"'`d\]" 1; "~*$\?i:sleep\(s\*\?d\*\?s\*\?$\|benchmark$\.\*\?,\.\*\?$\)" 1; "~*';" 1; "~*@detectSQLi" 1; "~*!@streq\ %\{TX\.2\}" 1; "~*$\?i$autonomous_transaction\|$\?:current_use\|n\?varcha\|tbcreato$r\|db$\?:a_users\|ms_java$\|open$\?:owa_util\|query\|rowset$\|s$\?:p_\(\?:\(\?:addextendedpro\|sqlexe$c\|execute$\?:sql$\?\|help\|is_srvrolemember\|makewebtask\|oacreate\|p$\?:assword\|repare$\|replwritetovarbin\)\|ql_$\?:longvarchar\|variant$\)\|utl_$\?:file\|http$\|xp_$\?:availablemedia\|\(\?:cmdshel\|servicecontro$l\|dirtree\|e$\?:numdsn\|xecresultset$\|filelist\|loginconfig\|makecab\|ntsec$\?:_enumdomains$\?\|reg$\?:addmultistring\|delete\(\?:key\|value$\|enum$\?:key\|value$s\|re$\?:ad\|movemultistring$\|write\)\|terminate$\?:_process$\?\)" 1; "~*W\{4\}" 1; "~*$\?i$\[sv\"'\-\)`\]\*\?b$\[0\-9A\-Z_a\-z\]\+$b\[sv\"'\-\)`\]\*\?$\?:=\|<=>\|\(\?:sounds\[sv\]\+$\?like\|glob\|r$\?:like\|egexp$\)\[sv\"'\-\)`\]\*\?b$\[0\-9A\-Z_a\-z\]\+$b" 1; "~*$\?i$alter\[sv\]\*\?\[0\-9A\-Z_a\-z\]\+\.\*\?char$\?:acter$\?\[sv\]\+set\[sv\]\+\[0\-9A\-Z_a\-z\]\+\|\[\"'`\]$\?:;\*\?\[sv\]\*\?waitfor\[sv\]\+\(\?:time\|delay$\[sv\]\+\[\"'`\]\|;\.\*\?:\[sv\]\*\?goto\)" 1; "~*\^$\?:\[\^'\]\*'\|\[\^\"\]\*\"\|\[\^`\]\*`$\[sv\]\*;" 1; "~*$\(\?:\[\~!@\#\$%\^\&\*\($\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\[\^\~!@\#\$%\^\&\*\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\*\?\)\{12\}\)" 1; "~*$\?i$\[\"'`\]\[sv\]\*\?b$\?:x\?or\|div\|like\|between\|and$b\[sv\]\*\?\[\"'`\]\?\[0\-9\]\|x5cx$\?:2\[37\]\|3d$\|\^$\?:\.\?\[\"'`\]\$\|\[\"'x5c`\]\*\?\(\?:\[\"'0\-9`\]\+\|\[\^\"'`\]\+\[\"'`\]$\[sv\]\*\?b$\?:and\|n\(\?:and\|ot$\|$\?:xx\?$\?or\|div\|like\|between\|\|\|\|\&\&\)b\[sv\]\*\?\[\"'0\-9A\-Z_\-z\]\[!\&$\-$\+\-\.@\]\)\|\[\^sv0\-9A\-Z_a\-z\]\[0\-9A\-Z_a\-z\]\+\[sv\]\*\?\[\-\|\]\[sv\]\*\?\[\"'`\]\[sv\]\*\?\[0\-9A\-Z_a\-z\]\|@$\?:\[0\-9A\-Z_a\-z\]\+\[sv\]\+\(\?:and\|x\?or\|div\|like\|between$b\[sv\]\*\?\[\"'0\-9`\]\+\|\[\-0\-9A\-Z_a\-z\]\+\[sv\]$\?:and\|x\?or\|div\|like\|between$b\[sv\]\*\?\[\^sv0\-9A\-Z_a\-z\]\)\|\[\^sv0\-:A\-Z_a\-z\]\[sv\]\*\?\[0\-9\]\[\^0\-9A\-Z_a\-z\]\+\[\^sv0\-9A\-Z_a\-z\]\[sv\]\*\?\[\"'`\]\.\|\[\^0\-9A\-Z_a\-z\]information_schema\|table_name\[\^0\-9A\-Z_a\-z\]" 1; "~*!@rx\ \^ey\[\-0\-9A\-Z_a\-z\]\+\.ey\[\-0\-9A\-Z_a\-z\]\+\.\[\-0\-9A\-Z_a\-z\]\+\$" 1; "~*$\(\?:\[\~!@\#\$%\^\&\*\($\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\[\^\~!@\#\$%\^\&\*\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\*\?\)\{6\}\)" 1; "~*$\?i$\[\"'`\]\[sv\]\*\?$\?:\(\?:and\|n\(\?:and\|ot$\|$\?:xx\?$\?or\|div\|like\|between\|\|\|\|\&\&\)\[sv\]\+\[sv0\-9A\-Z_a\-z\]\+=\[sv\]\*\?\[0\-9A\-Z_a\-z\]\+\[sv\]\*\?having\[sv\]\+\|like\[\^0\-9A\-Z_a\-z\]\*\?\[\"'0\-9`\]\)\|\[0\-9A\-Z_a\-z\]\[sv\]\+like\[sv\]\+\[\"'`\]\|like\[sv\]\*\?\[\"'`\]%\|select\[sv\]\+\?\[sv\"'\-\),\-\.0\-9A\-\[\]_\-z\]\+from\[sv\]\+" 1; "~*$\?i$bandb$\?:\[sv\]\+\(\?:\[0\-9\]\{1,10\}\[sv\]\*\?\[<\->\]\|'\[\^=\]\{1,10\}'$\|\ \?$\?:\[0\-9\]\{1,10\}\|\[\"'\]\[\^=\]\{1,10\}\[\"'\]$\ \?\[<\->\]\+\)" 1; "~*$\?i$create\[sv\]\+function\[sv\]\.\+\[sv\]returns\|;\[sv\]\*\?$\?:alter\|\(\?:\(\?:cre\|trunc\|upd$at\|renam\)e\|d$\?:e\(\?:lete\|sc$\|rop\)\|$\?:inser\|selec$t\|load\)b\[sv\]\*\?\[$\[\]\?\[0\-9A\-Z_a\-z\]\{2,\}" 1; "~*\(\(\?:\[\~!@\#\$%\^\&\*\($\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\[\^\~!@\#\$%\^\&\*\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\*\?\)\{8\}\)" 1; "~*$\?i$select\[sv\]\*\?pg_sleep\|waitfor\[sv\]\*\?delay\[sv\]\?\[\"'`\]\+\[sv\]\?\[0\-9\]\|;\[sv\]\*\?shutdown\[sv\]\*\?$\?:\[\#;\{\]\|/\*\|\-\-$" 1; "~*\^$\?:and\|or$\$" 1; "~*\^\.\*\?x5c\['\"`\]$\?:\.\*\?\['\"`\]$\?s\*$\?:and\|or$b" 1; "~*$\?i$\[\"'`\]\[sv\]\*\?$\?:\(\?:is\[sv\]\+not\|not\[sv\]\+\(\?:like\|glob\|\(\?:betwee\|i$n\|null\|regexp\|match\)\|mod\|div\|sounds\[sv\]\+like\)b\|\[%\-\&\*\-\+\-/<\->\^\|\]\)" 1; "~*$\?i:\^\[Wd\]\+s\*\?\(\?:alter\|union$b\)" 1; "~*$\(\?:\[\~!@\#\$%\^\&\*\($\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\[\^\~!@\#\$%\^\&\*\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\*\?\)\{3\}\)" 1; "~*$\(\?:\[\~!@\#\$%\^\&\*\($\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\[\^\~!@\#\$%\^\&\*\-\+=\{\}\[\]\|:;\"'´’‘`<>\]\*\?\)\{2\}\)" 1; "~*$\?:\^s\*\[\"'`;\]\+\|\[\"'`\]\+s\*\$$" 1; "~*$\?i$W\+d\*\?s\*\?bhavingbs\*\?\[\^s\-\]" 1; } map $request_uri $waf_block_rce { default 0; "~*!@rx\ \[0\-9\]s\*'s\*\[0\-9\]" 1; "~*\^\[\^\.\]\+\.\[\^;\?\]\+\[;\?\]$\.\*\(\['\*\?x5c`\]\[\^n/\]\+/\|/\[\^/\]\+\?\['\*\?x5c`\]\|\$\[!\#\-\$\(\*\-0\-9\?\-\[_a\-\{\]$\)" 1; "~*/$\?:\[\?\*\]\+\[a\-z/\]\+\|\[a\-z/\]\+\[\?\*\]\+$" 1; "~*rn$\?s:\.$\*\?b$\?:\(\?:QUI\|STA\|RSE$$\?i:T$\|NOOP\|CAPA\)" 1; "~*!$\?:d\|!$" 1; "~*$\?is$rn\.\*\?b$\?:\(\?:LIST\|TOP\ \[0\-9\]\+$$\?:\ \[0\-9\]\+$\?\|U$\?:SER\ \.\+\?\|IDL\(\?:\ \[0\-9\]\+$\?\)\|PASS\ \.\+\?\|$\?:RETR\|DELE$\ \[0\-9\]\+\?\|A$\?:POP\ \[0\-9A\-Z_a\-z\]\+\ \[0\-9a\-f\]\{32\}\|UTH\ \[\-0\-9A\-Z_\]\{1,20\}\ \(\?:\(\?:\[\+/\-9A\-Z_a\-z\]\{4\}$\*$\?:\[\+/\-9A\-Z_a\-z\]\{2\}=\|\[\+/\-9A\-Z_a\-z\]\{3\}$\)\?=\)\)" 1; "~*!\-d" 1; "~*$\?is$rn\[0\-9A\-Z_a\-z\]\{1,50\}b\ $\?:C\(\?:\(\?:REATE\|OPY\ \[\*,0\-:\]\+$\ \[\"\-\#%\-\&\*\-\-9A\-Zx5c_a\-z\]\+\|APABILITY\|HECK\|LOSE\)\|DELETE\ \[\"\-\#%\-\&\*\-\-\.0\-9A\-Zx5c_a\-z\]\+\|EX$\?:AMINE\ \[\"\-\#%\-\&\*\-\-\.0\-9A\-Zx5c_a\-z\]\+\|PUNGE$\|FETCH\ \[\*,0\-:\]\+\|L$\?:IST\ \[\"\-\#\*\-\-9A\-Zx5c_a\-z\~\]\+\?\ \[\"\-\#%\-\&\*\-\-9A\-Zx5c_a\-z\]\+\|OG\(\?:IN\ \[\-\-\.0\-9@_a\-z\]\{1,40\}\ \.\*\?\|OUT$\)\|RENAME\ \[\"\-\#%\-\&\*\-\-9A\-Zx5c_a\-z\]\+\?\ \[\"\-\#%\-\&\*\-\-9A\-Zx5c_a\-z\]\+\|S$\?:E\(\?:LECT\ \[\"\-\#%\-\&\*\-\-9A\-Zx5c_a\-z\]\+\|ARCH\(\?:\ CHARSET\ \[\-\-\.0\-9A\-Z_a\-z\]\{1,40\}$\?\ $\?:\(KEYWORD\ x5c$\?$\?:A\(\?:LL\|NSWERED$\|BCC\|D$\?:ELETED\|RAFT$\|$\?:FLAGGE\|OL$D\|RECENT\|SEEN\|UN$\?:\(\?:ANSWER\|FLAGG$ED\|D$\?:ELETED\|RAFT$\|SEEN\)\|NEW\)\|$\?:BODY\|CC\|FROM\|HEADER\ \.\{1,100\}\|NOT\|OR\ \.\{1,255\}\|T\(\?:EXT\|O$\)\ \.\{1,255\}\|LARGER\ \[0\-9\]\{1,20\}\|\[\*,0\-:\]\+\|$\?:BEFORE\|ON\|S\(\?:ENT\(\?:\(\?:BEFOR\|SINC$E\|ON\)\|INCE\)\)\ \"\?\[0\-9\]\{1,2\}\-\[0\-9A\-Z_a\-z\]\{3\}\-\[0\-9\]\{4\}\"\?\|S$\?:MALLER\ \[0\-9\]\{1,20\}\|UBJECT\ \.\{1,255\}$\|U$\?:ID\ \[\*,0\-:\]\+\?\|NKEYWORD\ x5c\(Seen\|\(\?:Answer\|Flagg$ed\|D$\?:eleted\|raft$\|Recent\)\)\)\)\|T$\?:ORE\ \[\*,0\-:\]\+\?\ \[\+\-\]\?FLAGS\(\?:\.SILENT$\?\ $\?:\(x5c\[a\-z\]\{1,20\}$\)\?\|ARTTLS\)\|UBSCRIBE\ \[\"\-\#%\-\&\*\-\-9A\-Zx5c_a\-z\]\+\)\|UN$\?:SUBSCRIBE\ \[\"\-\#%\-\&\*\-\-9A\-Zx5c_a\-z\]\+\|AUTHENTICATE$\|NOOP\)" 1; "~*ba\[\"'\)\[\-x5c\]\*$\?:\(\?:\(\?:\|\|\|\&\&$\[sv\]\*\)\?\$\[!\#$\*\-0\-9\?\-@_a\-\{\]\*$\?x5c\?l\[\"'\)\[\-x5c\]\*$\?:\(\?:\(\?:\|\|\|\&\&$\[sv\]\*\)\?\$\[!\#$\*\-0\-9\?\-@_a\-\{\]\*$\?x5c\?i\[\"'\)\[\-x5c\]\*$\?:\(\?:\(\?:\|\|\|\&\&$\[sv\]\*\)\?\$\[!\#$\*\-0\-9\?\-@_a\-\{\]\*$\?x5c\?a\[\"'\)\[\-x5c\]\*$\?:\(\?:\(\?:\|\|\|\&\&$\[sv\]\*\)\?\$\[!\#$\*\-0\-9\?\-@_a\-\{\]\*$\?x5c\?sb\[sv\]\+\[!\-\"%',0\-9@\-Z_a\-z\]\+=\[\^sv\]" 1; "~*rn$\?s:\.$\*\?b$\?:DATA\|QUIT\|HELP\(\?:\ \.\{1,255\}$\?\)" 1; "~*rn$\?s:\.$\*\?b$\?:\(\?i:E$$\?:HLO\ \[\-\-\.A\-Za\-zx17fx212a\]\{1,255\}\|XPN\ \.\{1,64\}$\|HELO\ \[\-\-\.A\-Za\-zx17fx212a\]\{1,255\}\|MAIL\ FROM:<\.\{1,64\}$\?i:@$\.\{1,255\}$\?i:>$\|$\?i:R$$\?:CPT\ TO:\(\?:\(\?i:<$\.\{1,64\}$\?i:@$\.\{1,255\}$\?i:>$\|$\?i:\ $\)\?$\?i:<$\.\{1,64\}$\?i:>$\|SETb\)\|VRFY\ \.\{1,64\}$\?:\ <\.\{1,64\}\(\?i:@$\.\{1,255\}$\?i:>$\|$\?i:@$\.\{1,255\}\)\|AUTH\ \[\-0\-9A\-Z_a\-zx17fx212a\]\{1,20\}$\?i:\ $$\?:\(\?:\[\+/\-9A\-Z_a\-zx17fx212a\]\{4\}$\*$\?:\[\+/\-9A\-Z_a\-zx17fx212a\]\{2\}\(\?i:=$\|\[\+/\-9A\-Z_a\-zx17fx212a\]\{3\}\)\)\?$\?i:=$\|STARTTLSb\|NOOPb$\?:\(\?i:\ $\.\{1,255\}\)\?\)" 1; "~*;\[sv\]\*\.\[sv\]\*\[\"'\]\?$\?:a\(\?:rchive\|uth$\|b$\?:a\(\?:ckup\|il$\|inary\)\|c$\?:d\|h\(\?:anges\|eck$\|lone\|onnection\)\|d$\?:atabases\|b\(\?:config\|info$\|ump\)\|e$\?:cho\|qp\|x\(\?:cel\|it\|p\(\?:ert\|lain$\)\)\|f$\?:ilectrl\|ullschema$\|he$\?:aders\|lp$\|i$\?:mpo\(\?:rt\|ster$\|ndexes\|otrace\)\|l$\?:i\(\?:mi\|n$t\|o$\?:ad\|g$\)\|$\?:mod\|n\(\?:onc\|ullvalu$\|unmodul\)e\|o$\?:nce\|pen\|utput$\|p$\?:arameter\|r\(\?:int\|o\(\?:gress\|mpt$\)\)\|quit\|re$\?:ad\|cover\|store$\|s$\?:ave\|c\(\?:anstats\|hema$\|e$\?:lftest\|parator\|ssion$\|h$\?:a3sum\|ell\|ow$\?\|tats\|ystem\)\|t$\?:ables\|estc\(\?:ase\|trl$\|ime$\?:out\|r$\|race\)\|vfs$\?:info\|list\|name$\|width\)" 1; "~*\$$\?:\(\(\?:\.\*\|\(\.\*$\)\)\|\{\.\*\}\)\|\[<>\]$\.\*$\|/\[0\-9A\-Z_a\-z\]\*\[!\?\.\+\]" 1; "~*\^$s\*$s\+\{" 1; "~*/" 1; "~*$\?:\$\(\?:\(\(\?:\(\.\*$\|\.\*\)\)\|\{\.\*\}\)\|\[<>\]$\.\*$\|\[!\?\.\+\]\)" 1; "~*s" 1; "~*b$\?:for\(\?:/\[dflr\]\.\*$\?\ %\+\[\^\ \]\+\ in$\.\*$\[sv\]\?do\|if$\?:/i$\?$\?:\ not$\?$\?:\ \(\?:e\(\?:xist\|rrorlevel$\|defined\|cmdextversion\)b\|\[\ $\]\.\*\(\?:b\(\?:g\(\?:eq\|tr$\|equ\|neq\|l$\?:eq\|ss$\)b\|==\)\)\)" 1; "~*\^\[\^\.\]\*\?$\?:\['\*\?x5c`\]\[\^n/\]\+/\|/\[\^/\]\+\?\['\*\?x5c`\]\|\$\[!\#\-\$\(\*\-0\-9\?\-\[_a\-\{\]$" 1; "~*\['\*\?x5c`\]\[\^n/\]\+/\|/\[\^/\]\+\?\['\*\?x5c`\]\|\$\[!\#\-\$$\*\-0\-9\?\-\[_a\-\{\]" 1; } map $request_uri $waf_block_iis { default 0; "~*!@rx\ \^404\$" 1; "~*\[a\-z\]:x5cinetpubb" 1; "~*\(\?:Microsoft\ OLE\ DB\ Provider\ for\ SQL\ Server\(\?:\.\{1,20\}\?error\ '800\(\?:04005\|40e31$'\.\{1,40\}\?Timeout\ expired\|\ $0x80040e31$
Timeout\ expired
\)\|

internal\ server\ error

\.\*\?

part\ of\ the\ server\ has\ crashed\ or\ it\ has\ a\ configuration\ error\.

\|cannot\ connect\ to\ the\ server:\ timed\ out\)" 1; "~*bServer\ Error\ in\.\{0,50\}\?bApplicationb" 1; } map $request_uri $waf_block_correlation { default 0; "~*@eq\ 0" 1; "~*@ge\ 5" 1; "~*@ge\ %\{tx\.outbound_anomaly_score_threshold\}" 1; "~*@gt\ 0" 1; "~*@ge\ %\{tx\.inbound_anomaly_score_threshold\}" 1; } map $request_uri $waf_block_shells { default 0; "~*\^nnWeb\ Shell" 1; "~*s72\ Shell\ v\[0\-9\.\]\+\ Codinf\ by\ Cr@zy_King" 1; "~*lama's'hell\ v\.\ \[0\-9\.\]\+" 1; "~*\^\ \*n\[\ \]\+n\[\ \]\+lostDC\ \-" 1; "~*\^\ <html><head><title>::\ b374k\ m1n1\ \[0\-9\.\]\+\ ::" 1; "~*\^rnrnrnPhpSpy\ Ver\ \[0\-9\]\+" 1; "~*NGHshell\ \[0\-9\.\]\+\ by\ Cr4shn\$" 1; "~*B4TM4N\ SH3LL\.\*" 1; "~*Mini\ Shell\.\*Developed\ By\ LameHacker" 1; "~*\.::\ \.\*\ \~\ Ashiyane\ V\ \[0\-9\.\]\+\ ::\." 1; "~*\^n\.\*\?\ \~\ Shell\ Inn