[http.middlewares]
[http.middlewares.bad_bot_block_INITIALIZATION]
[http.middlewares.bad_bot_block_INITIALIZATION.plugin.badbot]
userAgent = [
"@eq 1",
"@eq 100",
"!@rx (?:URLENCODED|MULTIPART|XML|JSON)",
"@rx ^[a-f]*([0-9])[a-f]*([0-9])",
"@lt %{tx.blocking_paranoia_level}",
"!@lt %{tx.sampling_percentage}",
"@eq 0",
"@rx ^.*$"
]
[http.middlewares.bad_bot_block_LFI]
[http.middlewares.bad_bot_block_LFI.plugin.badbot]
userAgent = [
"@lt 1",
"@rx (?:(?:^|[x5c/;]).{2,3}[x5c/;]|[x5c/;].{2,3}(?:[x5c/;]|$))",
"@pmFromFile restricted-files.data",
"@lt 3",
"@lt 4",
"@pmFromFile lfi-os-files.data",
"@lt 2",
"@rx (?i)(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[0-1]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[25-6ae-f]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[5-6]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))"
]
[http.middlewares.bad_bot_block_DETECTION]
[http.middlewares.bad_bot_block_DETECTION.plugin.badbot]
userAgent = [
"@pmFromFile scanners-user-agents.data",
"@lt 1",
"@lt 3",
"@lt 2",
"@lt 4"
]
[http.middlewares.bad_bot_block_EVALUATION]
[http.middlewares.bad_bot_block_EVALUATION.plugin.badbot]
userAgent = [
"@eq 1",
"@lt 1",
"@ge 2",
"@ge 4",
"@ge %{tx.outbound_anomaly_score_threshold}",
"@lt 3",
"@ge %{tx.inbound_anomaly_score_threshold}",
"@ge 3",
"@lt 2",
"@ge 1",
"@lt 4"
]
[http.middlewares.bad_bot_block_PHP]
[http.middlewares.bad_bot_block_PHP.plugin.badbot]
userAgent = [
"@lt 1",
"@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
"@pmFromFile php-function-names-933150.data",
"@pmFromFile php-errors.data",
"@pm ?>",
"@pmFromFile php-function-names-933151.data",
"@lt 2",
"@rx (?:@#*-]+)*$",
"@validateByteRange 9,10,13,32-126,128-255",
"!@rx br|compress|deflate|(?:pack200-)?gzip|identity|*|^$|aes128gcm|exi|zstd|x-(?:compress|gzip)",
"!@rx ^d+$",
"@rx ^$",
"@rx %u[fF]{2}[0-9a-fA-F]{2}",
"@gt 0",
"@validateUtf8Encoding",
"@lt 4"
]
[http.middlewares.bad_bot_block_ATTACK]
[http.middlewares.bad_bot_block_ATTACK.plugin.badbot]
userAgent = [
"@lt 1",
"@rx [",
"@rx [nr]",
"@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d",
"@rx (][^]]+$|][^]]+[)",
"!@rx ^(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*$",
"@gt 1",
"@lt 2",
"@rx content-transfer-encoding:(.*)",
"@rx (?:bhttp/d|<(?:html|meta)b)",
"@rx unix:[^|]*|",
"!@within |%{tx.allowed_request_content_type_charset}|",
"@rx ^[^sv,;]+[sv,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b",
"@rx ^[^sv,;]+[sv,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)",
"@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w",
"@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:",
"@rx ^content-types*:s*(.*)$",
"@rx TX:paramcounter_(.*)",
"@lt 3",
"!@eq 0",
"@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)",
"@gt 0",
"@rx .",
"@lt 4"
]
[http.middlewares.bad_bot_block_SQL]
[http.middlewares.bad_bot_block_SQL.plugin.badbot]
userAgent = [
"@lt 1",
"@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[a-z]*Error)|pg_(?:query|exec)() [:|Warning.{1,20}bpg_.*|valid PostgreSQL result|Npgsql.|Supplied argument is not a valid PostgreSQL .*? resource|(?:Unable to connect to PostgreSQL serv|invalid input syntax for integ)er",
"@rx (?i)Exception (?:condition )?d+. Transaction rollback.",
"@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*Server message.*)",
"@rx (?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])",
"@lt 2",
"@rx (?i)(?:supplied argument is not a valid |SQL syntax.*)MySQL|Column count doesn't match(?: value count at row)?|mysql_fetch_array()|on MySQL result index|You have an error in your SQL syntax(?:;| near)|MyS(?:QL server version for the right syntax to use|qlClient.)|[MySQL][ODBC|(?:Table '[^']+' doesn't exis|valid MySQL resul)t|Warning.{1,10}mysql_(?:[(-)_a-z]{1,26})?|(?:ERROR [0-9]{4} ([0-9a-z]{5})|XPATH syntax error):",
"@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)",
"!@pmFromFile sql-errors.data",
"@rx (?i)Dynamic SQL Error",
"@rx (?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)",
"@rx (?i)org.hsqldb.jdbc",
"@rx (?i:Warning: ibase_|Unexpected end of command in statement)",
"@rx (?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)",
"@rx (?i:ORA-[0-9][0-9][0-9][0-9]|java.sql.SQLException|Oracle error|Oracle.*Driver|Warning.*oci_.*|Warning.*ora_.*)",
"@rx (?i:DB2 SQL error:|[IBM][CLI Driver][DB2/6000]|CLI Driver.*DB2|DB2 SQL error|db2_w+()",
"@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)",
"@lt 3",
"@rx (?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)",
"@rx (?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)",
"@lt 4"
]
[http.middlewares.bad_bot_block_GENERIC]
[http.middlewares.bad_bot_block_GENERIC.plugin.badbot]
userAgent = [
"@lt 1",
"@rx (?i)((?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[0-9]{10}|(?:0x[0-9a-f]{2}.){3}0x[0-9a-f]{2}|0x(?:[0-9a-f]{8}|[0-9a-f]{16})|(?:0{1,4}[0-9]{1,3}.){3}0{1,4}[0-9]{1,3}|[0-9]{1,3}.(?:[0-9]{1,3}.[0-9]{5}|[0-9]{8})|(?:x5cx5c[-0-9a-z].?_?)+|[[0-:a-f]+(?:[.0-9]+|%[0-9A-Z_a-z]+)?]|[a-z][--.0-9A-Z_a-z]{1,255}:[0-9]{1,5}(?:#?[sv]*&?@(?:(?:[0-9]{1,3}.){3}[0-9]{1,3}|[a-z][--.0-9A-Z_a-z]{1,255}):[0-9]{1,5}/?)+|[.0-9]{0,11}(?:xe2(?:x91[xa0-xbf]|x92[x80-xbf]|x93[x80-xa9xab-xbf])|xe3x80x82)+))",
"@rx (?:__proto__|constructors*(?:.|[)s*prototype)",
"@rx [s*constructors*]",
"@lt 3",
"@rx Process[sv]*.[sv]*spawn[sv]*(",
"@rx while[sv]*([sv(]*(?:!+(?:false|null|undefined|NaN|[+-]?0|\\"{2}|'{2}|`{2})|(?:!!)*(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9]*)|new [A-Za-z][0-9A-Z_a-z]*|window|String|(?:Boolea|Functio)n|Object|Array)b|{.*}|[.*]|\\"[^\\"]+\\"|'[^']+'|`[^`]+`)).*)",
"@rx _(?:$$ND_FUNC$$_|_js_function)|(?:beval|new[sv]+Function[sv]*)(|String.fromCharCode|function(){|this.constructor|module.exports=|([sv]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][sv]*)|process(?:.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:.call)?(|binding|constructor|env|global|main(?:Module)?|process|require)|[[\\"'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)[\\"'`]])|(?:binding|constructor|env|global|main(?:Module)?|process|require)[|console(?:.(?:debug|error|info|trace|warn)(?:.call)?(|[[\\"'`](?:debug|error|info|trace|warn)[\\"'`]])|require(?:.(?:resolve(?:.call)?(|main|extensions|cache)|[[\\"'`](?:(?:resolv|cach)e|main|extensions)[\\"'`]])",
"@rx @{.*}",
"@lt 2",
"@pmFromFile ssrf.data",
"@rx ^data:(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*(?:[sv]*,[sv]*(?:(?:*|[^!-\\"(-),/:-?[-]{}]+)/(?:*|[^!-\\"(-),/:-?[-]{}]+)|*)(?:[sv]*;[sv]*(?:charset[sv]*=[sv]*\\"?(?:iso-8859-15?|utf-8|windows-1252)b\\"?|(?:[^sv -\\"(-),/:-?[-]c{}]|c(?:[^!-\\"(-),/:-?[-]h{}]|h(?:[^!-\\"(-),/:-?[-]a{}]|a(?:[^!-\\"(-),/:-?[-]r{}]|r(?:[^!-\\"(-),/:-?[-]s{}]|s(?:[^!-\\"(-),/:-?[-]e{}]|e[^!-\\"(-),/:-?[-]t{}]))))))[^!-\\"(-),/:-?[-]{}]*[sv]*=[sv]*[^!(-),/:-?[-]{}]+);?)*)*",
"@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[sv]*(",
"@lt 4"
]
[http.middlewares.bad_bot_block_RFI]
[http.middlewares.bad_bot_block_RFI.plugin.badbot]
userAgent = [
"@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)",
"@lt 1",
"@rx ^(?i:file|ftps?|https?).*??+$",
"@lt 3",
"@rx (?i)(?:bincludes*([^)]*|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://",
"@rx ^(?i:file|ftps?|https?)://(?:d{1,3}.d{1,3}.d{1,3}.d{1,3})",
"@lt 2",
"!@endsWith .%{request_headers.host}",
"@lt 4"
]
[http.middlewares.bad_bot_block_LEAKAGES]
[http.middlewares.bad_bot_block_LEAKAGES.plugin.badbot]
userAgent = [
"@lt 1",
"@rx ^5d{2}$",
"@lt 3",
"@rx ^#!s?/",
"@lt 2",
"@rx (?:<(?:TITLE>Index of.*?Index of.*?Index of|>[To Parent Directory]
)",
"@lt 4"
]
[http.middlewares.bad_bot_block_XSS]
[http.middlewares.bad_bot_block_XSS.plugin.badbot]
userAgent = [
"@rx (?i)b(?:s(?:tyle|rc)|href)b[sS]*?=",
"@lt 1",
"@rx +ADw-.*(?:+AD4-|>)|<.*+AD4-",
"@rx (?i).*?(?:@[ix5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(x5c]|&#x?0*(?:40|28|92|5C);?)))",
"@rx (?i)b(?:eval|set(?:timeout|interval)|new[sv]+Function|a(?:lert|tob)|btoa)[sv]*(",
"@rx (?i:[\\"'][ ]*(?:[^a-z0-9~_:' ]|in).*?(?:(?:l|x5cu006C)(?:o|x5cu006F)(?:c|x5cu0063)(?:a|x5cu0061)(?:t|x5cu0074)(?:i|x5cu0069)(?:o|x5cu006F)(?:n|x5cu006E)|(?:n|x5cu006E)(?:a|x5cu0061)(?:m|x5cu006D)(?:e|x5cu0065)|(?:o|x5cu006F)(?:n|x5cu006E)(?:e|x5cu0065)(?:r|x5cu0072)(?:r|x5cu0072)(?:o|x5cu006F)(?:r|x5cu0072)|(?:v|x5cu0076)(?:a|x5cu0061)(?:l|x5cu006C)(?:u|x5cu0075)(?:e|x5cu0065)(?:O|x5cu004F)(?:f|x5cu0066)).*?=)",
"@rx (?i)(?:v|&#(?:0*8|x0*5)[36];)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*6[26]|x0*(?:98|42));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[t-nr]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;)).",
"@lt 2",
"@rx (?i)]",
"@rx {{.*?}}",
"@rx <(?:a|abbr|acronym|address|applet|area|audioscope|b|base|basefront|bdo|bgsound|big|blackface|blink|blockquote|body|bq|br|button|caption|center|cite|code|col|colgroup|comment|dd|del|dfn|dir|div|dl|dt|em|embed|fieldset|fn|font|form|frame|frameset|h1|head|hr|html|i|iframe|ilayer|img|input|ins|isindex|kdb|keygen|label|layer|legend|li|limittext|link|listing|map|marquee|menu|meta|multicol|nobr|noembed|noframes|noscript|nosmartquotes|object|ol|optgroup|option|p|param|plaintext|pre|q|rt|ruby|s|samp|script|select|server|shadow|sidebar|small|spacer|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|title|tr|tt|u|ul|var|wbr|xml|xmp)W",
"@contains -->",
"@rx xbc[^xbe>]*[xbe>]|<[^xbe]*xbe",
"@rx (?i)[s\\"'`;/0-9=x0Bx09x0Cx3Bx2Cx28x3B]on[a-zA-Z]{3,25}[sx0Bx09x0Cx3Bx2Cx28x3B]*?=[^=]",
"@rx (?i).(?:b(?:x(?:link:href|html|mlns)|data:text/html|formaction|patternb.*?=)|!ENTITY[sv]+(?:%[sv]+)?[^sv]+[sv]+(?:SYSTEM|PUBLIC)|@import|;base64)b",
"!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122",
"@rx (?:self|document|this|top|window)s*(?:/*|[[)]).+?(?:]|*/)",
"@pm document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding ",
"@rx ^nnRu24PostWebShell -",
"@rx <title>CasuS [0-9.]+ by MafiABoY",
"@rx B4TM4N SH3LL.*",
"@contains punkholicshell",
"@lt 3",
"@rx ^nnInput command :
n