Editing: 15_bad_requests.conf
# both.conf # Contains rules which are designed to block disruptive behavior such as stress # testing and security scans # Block benchmark functions in the url SecRule ARGS "benchmark\([0-9]{5,1000}\," \ "deny,log,auditlog,status:406,t:none,t:lowercase,t:htmlEntityDecode,\ t:removeWhitespace,msg:'Benchmark function call in request args',id:'13425',\ tag:'WEB_ATTACK/SQL INJECTION',severity:'4'" # Block attempts to abuse download plugins for php files in parent directories SecRule ARGS_GET "(?:\/|)\.{2}\/.+\.php" \ "log,deny,status:406,auditlog,id:14205,rev:1,severity:2,\ msg:'Attempting to access php files from parent dir'" # Block attempts to access httpoxy exploit SecRule &REQUEST_HEADERS:Proxy "@gt 0" \ "id:1000005,log,deny,status:406,msg:'httpoxy denied'"
Save
Back