External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 09:45:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/waf_patterns/apache/evaluation.conf

42 lines
3.9 KiB
Plaintext
Raw Blame History

# Apache ModSecurity rules for EVALUATION
SecRuleEngine On
SecRule REQUEST_URI "@ge\ %\{tx\.outbound_anomaly_score_threshold\}" "id:1341,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1195,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1329,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1338,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1190,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1326,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1193,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1327,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1324,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1202,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1336,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1191,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1200,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1188,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1337,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1189,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1186,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1325,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1198,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1334,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1335,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1323,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ %\{tx\.inbound_anomaly_score_threshold\}" "id:1201,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1332,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1199,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ %\{tx\.outbound_anomaly_score_threshold\}" "id:1339,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1187,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1330,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 4" "id:1192,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1196,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1185,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1197,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1194,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 2" "id:1333,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 3" "id:1328,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ 1" "id:1331,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@eq\ 1" "id:1340,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
SecRule REQUEST_URI "@ge\ %\{tx\.inbound_anomaly_score_threshold\}" "id:1203,phase:1,deny,status:403,log,msg:'evaluation attack detected'"
Reference in New Issue View Git Blame Copy Permalink