# Apache ModSecurity rules for LFI
SecRuleEngine On

SecRule REQUEST_URI "\(\?:\(\?:\^\|\[x5c/;\]\)\.\{2,3\}\[x5c/;\]\|\[x5c/;\]\.\{2,3\}\(\?:\[x5c/;\]\|\$\)\)" "id:1118,phase:1,deny,status:403,log,msg:'lfi attack detected'"