mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-17 09:45:34 +00:00
8 lines
828 B
Plaintext
8 lines
828 B
Plaintext
# Apache ModSecurity rules for IIS
|
|
SecRuleEngine On
|
|
|
|
SecRule REQUEST_URI "bServer\ Error\ in\.\{0,50\}\?bApplicationb" "id:1297,phase:1,deny,status:403,log,msg:'iis attack detected'"
|
|
SecRule REQUEST_URI "!@rx\ \^404\$" "id:1296,phase:1,deny,status:403,log,msg:'iis attack detected'"
|
|
SecRule REQUEST_URI "\[a\-z\]:x5cinetpubb" "id:1294,phase:1,deny,status:403,log,msg:'iis attack detected'"
|
|
SecRule REQUEST_URI "\(\?:Microsoft\ OLE\ DB\ Provider\ for\ SQL\ Server\(\?:</font>\.\{1,20\}\?error\ '800\(\?:04005\|40e31\)'\.\{1,40\}\?Timeout\ expired\|\ \(0x80040e31\)<br>Timeout\ expired<br>\)\|<h1>internal\ server\ error</h1>\.\*\?<h2>part\ of\ the\ server\ has\ crashed\ or\ it\ has\ a\ configuration\ error\.</h2>\|cannot\ connect\ to\ the\ server:\ timed\ out\)" "id:1295,phase:1,deny,status:403,log,msg:'iis attack detected'"
|