mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-18 02:05:42 +00:00
5 lines
1.2 KiB
Plaintext
5 lines
1.2 KiB
Plaintext
@block_attack {
|
|
path_regexp attack "(?i)(@lt 1|@lt 1|@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)s+[^s]+s+http/d|@rx [rn]W*?(?:content-(?:type|length)|set-cookie|location):s*w|@rx (?:bhttp/d|<(?:html|meta)b)|@rx [nr]|@rx [nr]|@rx [nr]+(?:s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))s*:|@rx [nr]|@rx ^[^:()&|!<>~]*)s*(?:((?:[^,()=&|!<>~]+[><~]?=|s*[&!|]s*(?:)|()?s*)|)s*(s*[&|!]s*|[&!|]s*([^()=&|!<>~]+[><~]?=[^:()&|!<>~]*)|@rx ^[^sx0b,;]+[sx0b,;].*?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)|@rx unix:[^|]*||@lt 2|@lt 2|@rx [nr]|@rx ^[^sx0b,;]+[sx0b,;].*?b(?:((?:tex|multipar)t|application)|((?:audi|vide)o|image|cs[sv]|(?:vn|relate)d|p(?:df|lain)|json|(?:soa|cs)p|x(?:ml|-www-form-urlencoded)|form-data|x-amf|(?:octe|repor)t|stream)|([+/]))b|@lt 3|@lt 3|@gt 0|@rx .|@gt 1|@rx (][^]]+$|][^]]+[)|@lt 4|@lt 4|@rx [|!@eq 0|!@within %{tx.allowed_request_content_type_charset}|@rx ^content-types*:s*(.*)$|!@rx ^(?:(?:*|[^!|@rx content-transfer-encoding:(.*)|@rx [^x21-x7E][x21-x39x3B-x7E]*:)"
|
|
}
|
|
respond @block_attack 403
|