patterns/waf_patterns/apache/evaluation.conf

# Apache ModSecurity rules for EVALUATION
SecRuleEngine On

SecRule REQUEST_URI "@eq\ 1" "id:1178,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1314,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1308,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1303,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1312,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ %\{tx\.inbound_anomaly_score_threshold\}" "id:1179,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1164,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1167,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1161,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1170,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1301,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1165,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1176,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1305,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1310,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ %\{tx\.outbound_anomaly_score_threshold\}" "id:1317,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1307,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1174,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1313,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1311,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1163,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1169,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1172,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1175,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1300,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1309,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1306,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1173,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1304,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1316,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ %\{tx\.inbound_anomaly_score_threshold\}" "id:1177,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1162,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1171,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1168,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1299,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1302,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ %\{tx\.outbound_anomaly_score_threshold\}" "id:1315,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1166,phase:1,deny,status:403,log,msg:'evaluation attack detected'"