patterns/waf_patterns/apache/leakages.conf

# Apache ModSecurity rules for LEAKAGES
SecRuleEngine On

SecRule REQUEST_URI "@lt 1" "id:1495,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@lt 1" "id:1496,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@rx (?:<(?:TITLE>Index of.*?<H|title>Index of.*?<h)1>Index of|>[To Parent Directory]</[Aa]><br>)" "id:1497,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@rx ^#!s?/" "id:1498,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1499,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@lt 2" "id:1500,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@rx ^5d{2}$" "id:1501,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1502,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@lt 3" "id:1503,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1504,phase:1,deny,status:403,log,msg:'leakages attack detected'"
SecRule REQUEST_URI "@lt 4" "id:1505,phase:1,deny,status:403,log,msg:'leakages attack detected'"