fileTypes conf name ModSecurity patterns captures 1 name keyword.headers.modsecurity.directive.marker 3 name string.quoted.modsecurity.marker 4 name string.quoted.modsecurity.marker 5 name string.quoted.modsecurity.marker comment SecMarker directive match ^\s*(SecMarker)\s+("([\w:\.\-_/]+)"|([\w:\.\-_/]+)|'([\w:\.\-_/]+)')\s*$ name complex.modsecurity.secmarker comment ModSecurity directive match (?i)^\s*(SecAction|SecArgumentSeparator|SecAuditEngine|SecAuditLog|SecAuditLog2|SecAuditLogDirMode|SecAuditLogFormat|SecAuditLogFileMode|SecAuditLogParts|SecAuditLogRelevantStatus|SecAuditLogStorageDir|SecAuditLogType|SecCacheTransformations|SecChrootDir|SecCollectionTimeout|SecComponentSignature|SecConnEngine|SecContentInjection|SecCookieFormat|SecCookieV0Separator|SecDataDir|SecDebugLog|SecDebugLogLevel|SecDefaultAction|SecDisableBackendCompression|SecHashEngine|SecHashKey|SecHashParam|SecHashMethodRx|SecHashMethodPm|SecGeoLookupDb|SecGsbLookupDb|SecGuardianLog|SecHttpBlKey|SecInterceptOnError|SecMarker|SecPcreMatchLimit|SecPcreMatchLimitRecursion|SecPdfProtect|SecPdfProtectMethod|SecPdfProtectSecret|SecPdfProtectTimeout|SecPdfProtectTokenName|SecReadStateLimit|SecConnReadStateLimit|SecSensorId|SecWriteStateLimit|SecConnWriteStateLimit|SecRemoteRules|SecRemoteRulesFailAction|SecRequestBodyAccess|SecRequestBodyInMemoryLimit|SecRequestBodyLimit|SecRequestBodyNoFilesLimit|SecRequestBodyLimitAction|SecResponseBodyLimit|SecResponseBodyLimitAction|SecResponseBodyMimeType|SecResponseBodyMimeTypesClear|SecResponseBodyAccess|SecRule|SecRuleInheritance|SecRuleEngine|SecRulePerfTime|SecRuleRemoveById|SecRuleRemoveByMsg|SecRuleRemoveByTag|SecRuleScript|SecRuleUpdateActionById|SecRuleUpdateTargetById|SecRuleUpdateTargetByMsg|SecRuleUpdateTargetByTag|SecServerSignature|SecStatusEngine|SecStreamInBodyInspection|SecStreamOutBodyInspection|SecTmpDir|SecUnicodeMapFile|SecUnicodeCodePage|SecUploadDir|SecUploadFileLimit|SecUploadFileMode|SecUploadKeepFiles|SecWebAppId|SecXmlExternalEntity)\b name keyword.headers.modsecurity.directive comment Common typos match (?i)(ARGS[:\.]ARGS[:\.]|TX[:\.]TX[:\.]) name invalid.illegal.modsecurity comment Bare variables, e.g. ARGS, TX:PARANOIA_LEVEL, XML:/* match (?i)!?\b(XML|WEBSERVER_ERROR_LOG|WEBAPPID|USERAGENT_IP|USERID|URLENCODED_ERROR|UNIQUE_ID|TX|TIME_YEAR|TIME_WDAY|TIME_SEC|TIME_MON|TIME_MIN|TIME_HOUR|TIME_EPOCH|TIME_DAY|TIME|STREAM_OUTPUT_BODY|STREAM_INPUT_BODY|SESSIONID|STATUS_LINE|SESSION|SERVER_PORT|SERVER_NAME|SERVER_ADDR|SDBM_DELETE_ERROR|SCRIPT_USERNAME|SCRIPT_UID|SCRIPT_MODE|SCRIPT_GROUPNAME|SCRIPT_GID|SCRIPT_FILENAME|SCRIPT_BASENAME|RULE|RESPONSE_STATUS|RESPONSE_PROTOCOL|RESPONSE_HEADERS_NAMES|RESPONSE_HEADERS|RESPONSE_CONTENT_TYPE|RESPONSE_CONTENT_LENGTH|RESPONSE_BODY|REQUEST_URI_RAW|REQUEST_URI|REQUEST_PROTOCOL|REQUEST_METHOD|REQUEST_LINE|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|REQUEST_FILENAME|REQUEST_COOKIES_NAMES|REQUEST_COOKIES|REQUEST_BODY_LENGTH|REQUEST_BODY|REQUEST_BASENAME|REQBODY_PROCESSOR|REQBODY_ERROR_MSG|REQBODY_ERROR|REMOTE_USER|REMOTE_PORT|REMOTE_HOST|REMOTE_ADDR|QUERY_STRING|PERF_SWRITE|PERF_SREAD|PERF_RULES|PERF_PHASE5|PERF_PHASE4|PERF_PHASE3|PERF_PHASE2|PERF_PHASE1|PERF_LOGGING|PERF_GC|PERF_COMBINED|PERF_ALL|PATH_INFO|OUTBOUND_DATA_ERROR|MULTIPART_UNMATCHED_BOUNDARY|MULTIPART_STRICT_ERROR|MULTIPART_NAME|MULTIPART_FILENAME|MULTIPART_CRLF_LF_LINES|MODSEC_BUILD|MATCHED_VARS_NAMES|MATCHED_VAR_NAME|MATCHED_VARS|MATCHED_VAR|INBOUND_DATA_ERROR|HIGHEST_SEVERITY|GEO|FILES_TMP_CONTENT|FILES_TMPNAMES|FILES_SIZES|FULL_REQUEST_LENGTH|FULL_REQUEST|FILES_NAMES|FILES_COMBINED_SIZE|FILES|ENV|DURATION|AUTH_TYPE|ARGS_POST_NAMES|ARGS_POST|ARGS_NAMES|ARGS_GET_NAMES|ARGS_GET|ARGS_COMBINED_SIZE|ARGS)([:\.][A-Za-z0-9/\-_\[\]\*]+|\b) name variable.parameter.modsecurity captures 1 name variable.parameter.modsecurity comment Macro expanded variables, e.g. %{tx.0} match \%\{([^\}]*)\} name keyword.macro.modsecurity captures 2 name keyword.other.modsecurity.action.ctl 3 name keyword.other.modsecurity.action.ctl.name 5 name constant.numeric.modsecurity.action.ctl.parameter 6 name string.quoted.modsecurity.action.ctl.parameter comment Rule action - runtime configuration, e.g. ctl:ruleEngine=DetectionOnly match (?i)(^|,|\"|\s)(ctl:)(auditEngine|auditLogParts|debugLogLevel|forceRequestBodyVariable|requestBodyAccess|requestBodyLimit|requestBodyProcessor|responseBodyAccess|responseBodyLimit|ruleEngine|ruleRemoveById|ruleRemoveByMsg|ruleRemoveByTag|ruleRemoveTargetById|ruleRemoveTargetByMsg|ruleRemoveTargetByTag|hashEngine|hashEnforcement)=((\d+)|([\w\s:\.\-_/+]+)) name complex.modsecurity.action.ctl captures 2 name keyword.operator.modsecurity.action.transform 3 name constant.language.modsecurity.action.transform_name comment Rule action - transform, e.g. t:base64Decode match (?i)(^|,|\"|\s)(t):'?(base64DecodeExt|base64Decode|sqlHexDecode|base64Encode|cmdLine|compressWhitespace|cssDecode|escapeSeqDecode|hexDecode|hexEncode|htmlEntityDecode|jsDecode|length|lowercase|md5|none|normalisePathWin|normalisePath|normalizePathWin|normalizePath|parityEven7bit|parityOdd7bit|parityZero7bit|removeNulls|removeWhitespace|replaceComments|removeCommentsChar|removeComments|replaceNulls|urlDecodeUni|urlDecode|uppercase|urlEncode|utf8toUnicode|sha1|trimLeft|trimRight|trim)'? name complex.modsecurity.action.transform captures 2 name keyword.operator.modsecurity.action.phase 3 name constant.language.modsecurity.action.phase_name comment Rule action - phase, e.g. phase:request match (?i)(^|,|\"|\s)(phase):'?(response|request|1|2|3|4|5)'? name complex.modsecurity.action.phase captures 2 name keyword.operator.modsecurity.action.severity 3 name constant.language.modsecurity.action.severity_name comment Rule action - severity, e.g. severity:WARNING match (?i)(^|,|\"|\s)(severity):'?(NOTICE|WARNING|ERROR|CRITICAL|1|2|3|4|5)'? name complex.modsecurity.action.severity captures 2 name keyword.other.modsecurity.action 4 name constant.numeric.modsecurity.action_parameter 5 name constant.numeric.modsecurity.action_parameter 6 name string.quoted.modsecurity.action_parameter 7 name string.quoted.modsecurity.action_parameter comment Rule action - with parameter match (?i)(^|,|\"|\s)(accuracy|append|deprecatevar|exec|expirevar|id|initcol|logdata|maturity|msg|pause|prepend|rev|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|setuid|setrsc|setsid|setenv|skip|skipAfter|status|tag|ver|xmlns):('(\d+)'|(\d+)|'([\w\s:\.\-_/\(\),]+)'|([\w\s:\.\-_/\(\)]+)) name complex.modsecurity.action.with_parameter captures 2 name keyword.other.modsecurity.action comment Rule action - with parameter not yet entered, or unmatched (e.g. setvar with macros) match (?i)(^|,|\"|\s)(accuracy|append|deprecatevar|exec|expirevar|id|initcol|logdata|maturity|msg|pause|phase|prepend|ev|sanitiseArg|sanitiseMatched|sanitiseMatchedBytes|sanitiseRequestHeader|sanitiseResponseHeader|severity|setuid|setrsc|setsid|setenv|setvar|skip|skipAfter|status|tag|ver|xmlns): name complex.modsecurity.action.with_parameter.other captures 2 name entity.name.function.modsecurity.action.disruptive_pass comment Rule action - with parameter - disruptive actions match (?i)(^|,|\"|\s)(proxy|redirect): name complex.modsecurity.action.with_parameter.disruptive captures 2 name entity.name.function.modsecurity.action.disruptive_pass comment Rule action - without parameters - disruptive actions, pass, capture, and chain match (?i)(^|,|\"|\s)(allow|block|deny|drop|pass|chain)\b name complex.modsecurity.action.without_parameter.disruptive_pass captures 2 name keyword.other.modsecurity.action comment Rule action - without parameters match (?i)(^|,|\"|\s)(auditlog|capture|log|multiMatch|noauditlog|nolog)\b name complex.modsecurity.action.without_parameter captures 1 name keyword.operator.modsecurity 2 name string.regexp.modsecurity comment Regexp operator and operand, e.g. "@rx foo" match (?i)"(@rx)\s+([^"]*) name complex.modsecurity.operator_operand.rx captures 1 name keyword.operator.modsecurity 2 name string.unquoted.modsecurity comment pm operator and operand, e.g. "@pm foo" match (?i)"(@pm)\s+([^"]*) name complex.modsecurity.operator_operand.pm comment Operator, e.g. @contains match (?i)@(beginsWith|contains|containsWord|detectSQLi|detectXSS|endsWith|fuzzyHash|eq|ge|geoLookup|gsbLookup|gt|inspectFile|ipMatch|ipMatchF|ipMatchFromFile|le|lt|noMatch|pmf|pmFromFile|rbl|rsub|streq|strmatch|unconditionalMatch|validateByteRange|validateDTD|validateHash|validateSchema|validateUrlEncoding|validateUtf8Encoding|verifyCC|verifyCPF|verifySSN|within)\b name keyword.operator.modsecurity captures 1 name string.regexp.modsecurity comment Implicit regexp operator by double-quoted string, e.g. "foo" match (?i)"([^@][^"]*) name complex.modsecurity.operator_operand.rx.implicit comment IP address/network match \b\d+\.\d+\.\d+\.\d+(/\d+)?\b name constant.other.modsecurity.ip comment Numbers, e.g. rule ids match \b\d+(\.\d+)? name constant.numeric.modsecurity captures 1 name punctuation.definition.comment.apacheconf match ^(\s)*(#).*$\n? name comment.line.hash.ini captures 1 name punctuation.definition.tag.apacheconf 2 name entity.tag.apacheconf 4 name string.value.apacheconf 5 name punctuation.definition.tag.apacheconf match (<)(Proxy|ProxyMatch|IfVersion|Directory|DirectoryMatch|Files|FilesMatch|IfDefine|IfModule|Limit|LimitExcept|Location|LocationMatch|VirtualHost|Macro|If|Else|ElseIf)(\s(.+?))?(>) captures 1 name punctuation.definition.tag.apacheconf 2 name entity.tag.apacheconf 3 name punctuation.definition.tag.apacheconf match (</)(Proxy|ProxyMatch|IfVersion|Directory|DirectoryMatch|Files|FilesMatch|IfDefine|IfModule|Limit|LimitExcept|Location|LocationMatch|VirtualHost|Macro|If|Else|ElseIf)(>) captures 3 name string.regexp.apacheconf 4 name string.replacement.apacheconf match (?<=(Rewrite(Rule|Cond)))\s+(.+?)\s+(.+?)($|\s) captures 2 name entity.status.apacheconf 3 name string.regexp.apacheconf 5 name string.path.apacheconf match (?<=RedirectMatch)(\s+(\d\d\d|permanent|temp|seeother|gone))?\s+(.+?)\s+((.+?)($|\s))? captures 2 name entity.status.apacheconf 3 name string.path.apacheconf 5 name string.path.apacheconf match (?<=Redirect)(\s+(\d\d\d|permanent|temp|seeother|gone))?\s+(.+?)\s+((.+?)($|\s))? captures 1 name string.regexp.apacheconf 3 name string.path.apacheconf match (?<=ScriptAliasMatch|AliasMatch)\s+(.+?)\s+((.+?)\s)? captures 1 name string.path.apacheconf 3 name string.path.apacheconf match (?<=RedirectPermanent|RedirectTemp|ScriptAlias|Alias)\s+(.+?)\s+((.+?)($|\s))? captures 1 name keyword.core.apacheconf match \b(AcceptPathInfo|AccessFileName|AddDefaultCharset|AddOutputFilterByType|AllowEncodedSlashes|AllowOverride|AuthName|AuthType|CGIMapExtension|ContentDigest|DefaultType|Define|DocumentRoot|EnableMMAP|EnableSendfile|ErrorDocument|ErrorLog|FileETag|ForceType|HostnameLookups|IdentityCheck|Include(Optional)?|KeepAlive|KeepAliveTimeout|LimitInternalRecursion|LimitRequestBody|LimitRequestFields|LimitRequestFieldSize|LimitRequestLine|LimitXMLRequestBody|LogLevel|MaxKeepAliveRequests|Mutex|NameVirtualHost|Options|Require|RLimitCPU|RLimitMEM|RLimitNPROC|Satisfy|ScriptInterpreterSource|ServerAdmin|ServerAlias|ServerName|ServerPath|ServerRoot|ServerSignature|ServerTokens|SetHandler|SetInputFilter|SetOutputFilter|Time(O|o)ut|TraceEnable|UseCanonicalName|Use)\b captures 1 name keyword.mpm.apacheconf match \b(AcceptMutex|AssignUserID|BS2000Account|ChildPerUserID|CoreDumpDirectory|EnableExceptionHook|Group|Listen|ListenBacklog|LockFile|MaxClients|MaxConnectionsPerChild|MaxMemFree|MaxRequestsPerChild|MaxRequestsPerThread|MaxRequestWorkers|MaxSpareServers|MaxSpareThreads|MaxThreads|MaxThreadsPerChild|MinSpareServers|MinSpareThreads|NumServers|PidFile|ReceiveBufferSize|ScoreBoardFile|SendBufferSize|ServerLimit|StartServers|StartThreads|ThreadLimit|ThreadsPerChild|ThreadStackSize|User|Win32DisableAcceptEx)\b captures 1 name keyword.access.apacheconf match \b(Allow|Deny|Order)\b captures 1 name keyword.actions.apacheconf match \b(Action|Script)\b captures 1 name keyword.alias.apacheconf match \b(Alias|AliasMatch|Redirect|RedirectMatch|RedirectPermanent|RedirectTemp|ScriptAlias|ScriptAliasMatch)\b captures 1 name keyword.auth.apacheconf match \b(AuthAuthoritative|AuthGroupFile|AuthUserFile|AuthBasicProvider|AuthBasicFake|AuthBasicAuthoritative|AuthBasicUseDigestAlgorithm)\b captures 1 name keyword.auth_anon.apacheconf match \b(Anonymous|Anonymous_Authoritative|Anonymous_LogEmail|Anonymous_MustGiveEmail|Anonymous_NoUserID|Anonymous_VerifyEmail)\b captures 1 name keyword.auth_dbm.apacheconf match \b(AuthDBMAuthoritative|AuthDBMGroupFile|AuthDBMType|AuthDBMUserFile)\b captures 1 name keyword.auth_digest.apacheconf match \b(AuthDigestAlgorithm|AuthDigestDomain|AuthDigestFile|AuthDigestGroupFile|AuthDigestNcCheck|AuthDigestNonceFormat|AuthDigestNonceLifetime|AuthDigestQop|AuthDigestShmemSize|AuthDigestProvider)\b captures 1 name keyword.auth_ldap.apacheconf match \b(AuthLDAPAuthoritative|AuthLDAPBindDN|AuthLDAPBindPassword|AuthLDAPCharsetConfig|AuthLDAPCompareDNOnServer|AuthLDAPDereferenceAliases|AuthLDAPEnabled|AuthLDAPFrontPageHack|AuthLDAPGroupAttribute|AuthLDAPGroupAttributeIsDN|AuthLDAPRemoteUserIsDN|AuthLDAPUrl)\b captures 1 name keyword.autoindex.apacheconf match \b(AddAlt|AddAltByEncoding|AddAltByType|AddDescription|AddIcon|AddIconByEncoding|AddIconByType|DefaultIcon|HeaderName|IndexIgnore|IndexOptions|IndexOrderDefault|ReadmeName)\b captures 1 name keyword.cache.apacheconf match \b(CacheDefaultExpire|CacheDisable|CacheEnable|CacheForceCompletion|CacheIgnoreCacheControl|CacheIgnoreHeaders|CacheIgnoreNoLastMod|CacheLastModifiedFactor|CacheMaxExpire)\b captures 1 name keyword.cern_meta.apacheconf match \b(MetaDir|MetaFiles|MetaSuffix)\b captures 1 name keyword.cgi.apacheconf match \b(ScriptLog|ScriptLogBuffer|ScriptLogLength)\b captures 1 name keyword.cgid.apacheconf match \b(ScriptLog|ScriptLogBuffer|ScriptLogLength|ScriptSock)\b captures 1 name keyword.charset_lite.apacheconf match \b(CharsetDefault|CharsetOptions|CharsetSourceEnc)\b captures 1 name keyword.dav.apacheconf match \b(Dav|DavDepthInfinity|DavMinTimeout|DavLockDB)\b captures 1 name keyword.deflate.apacheconf match \b(DeflateBufferSize|DeflateCompressionLevel|DeflateFilterNote|DeflateMemLevel|DeflateWindowSize)\b captures 1 name keyword.dir.apacheconf match \b(DirectoryIndex|DirectorySlash|FallbackResource)\b captures 1 name keyword.disk_cache.apacheconf match \b(CacheDirLength|CacheDirLevels|CacheExpiryCheck|CacheGcClean|CacheGcDaily|CacheGcInterval|CacheGcMemUsage|CacheGcUnused|CacheMaxFileSize|CacheMinFileSize|CacheRoot|CacheSize|CacheTimeMargin)\b captures 1 name keyword.dumpio.apacheconf match \b(DumpIOInput|DumpIOOutput)\b captures 1 name keyword.env.apacheconf match \b(PassEnv|SetEnv|UnsetEnv)\b captures 1 name keyword.expires.apacheconf match \b(ExpiresActive|ExpiresByType|ExpiresDefault)\b captures 1 name keyword.ext_filter.apacheconf match \b(ExtFilterDefine|ExtFilterOptions)\b captures 1 name keyword.file_cache.apacheconf match \b(CacheFile|MMapFile)\b captures 1 name keyword.headers.apacheconf match \b(Header|RequestHeader)\b captures 1 name keyword.imap.apacheconf match \b(ImapBase|ImapDefault|ImapMenu)\b captures 1 name keyword.include.apacheconf match \b(SSIEndTag|SSIErrorMsg|SSIStartTag|SSITimeFormat|SSIUndefinedEcho|XBitHack)\b captures 1 name keyword.isapi.apacheconf match \b(ISAPIAppendLogToErrors|ISAPIAppendLogToQuery|ISAPICacheFile|ISAPIFakeAsync|ISAPILogNotSupported|ISAPIReadAheadBuffer)\b captures 1 name keyword.ldap.apacheconf match \b(LDAPCacheEntries|LDAPCacheTTL|LDAPConnectionTimeout|LDAPOpCacheEntries|LDAPOpCacheTTL|LDAPSharedCacheFile|LDAPSharedCacheSize|LDAPTrustedCA|LDAPTrustedCAType)\b captures 1 name keyword.log.apacheconf match \b(BufferedLogs|CookieLog|CustomLog|LogFormat|TransferLog|ForensicLog)\b captures 1 name keyword.mem_cache.apacheconf match \b(MCacheMaxObjectCount|MCacheMaxObjectSize|MCacheMaxStreamingBuffer|MCacheMinObjectSize|MCacheRemovalAlgorithm|MCacheSize)\b captures 1 name keyword.mime.apacheconf match \b(AddCharset|AddEncoding|AddHandler|AddInputFilter|AddLanguage|AddOutputFilter|AddType|DefaultLanguage|ModMimeUsePathInfo|MultiviewsMatch|RemoveCharset|RemoveEncoding|RemoveHandler|RemoveInputFilter|RemoveLanguage|RemoveOutputFilter|RemoveType|TypesConfig)\b captures 1 name keyword.misc.apacheconf match \b(ProtocolEcho|Example|AddModuleInfo|MimeMagicFile|CheckSpelling|ExtendedStatus|SuexecUserGroup|UserDir)\b captures 1 name keyword.negotiation.apacheconf match \b(CacheNegotiatedDocs|ForceLanguagePriority|LanguagePriority)\b captures 1 name keyword.nw_ssl.apacheconf match \b(NWSSLTrustedCerts|NWSSLUpgradeable|SecureListen)\b captures 1 name keyword.proxy.apacheconf match \b(AllowCONNECT|NoProxy|ProxyBadHeader|ProxyBlock|ProxyDomain|ProxyErrorOverride|ProxyFtpDirCharset|ProxyIOBufferSize|ProxyMaxForwards|ProxyPass|ProxyPassMatch|ProxyPassReverse|ProxyPreserveHost|ProxyReceiveBufferSize|ProxyRemote|ProxyRemoteMatch|ProxyRequests|ProxyTimeout|ProxyVia)\b captures 1 name keyword.rewrite.apacheconf match \b(RewriteBase|RewriteCond|RewriteEngine|RewriteLock|RewriteLog|RewriteLogLevel|RewriteMap|RewriteOptions|RewriteRule)\b captures 1 name keyword.setenvif.apacheconf match \b(BrowserMatch|BrowserMatchNoCase|SetEnvIf|SetEnvIfNoCase)\b captures 1 name keyword.so.apacheconf match \b(LoadFile|LoadModule)\b captures 1 name keyword.ssl.apacheconf match \b(SSLCACertificateFile|SSLCACertificatePath|SSLCARevocationFile|SSLCARevocationPath|SSLCertificateChainFile|SSLCertificateFile|SSLCertificateKeyFile|SSLCipherSuite|SSLEngine|SSLMutex|SSLOptions|SSLPassPhraseDialog|SSLProtocol|SSLProxyCACertificateFile|SSLProxyCACertificatePath|SSLProxyCARevocationFile|SSLProxyCARevocationPath|SSLProxyCipherSuite|SSLProxyEngine|SSLProxyMachineCertificateFile|SSLProxyMachineCertificatePath|SSLProxyProtocol|SSLProxyVerify|SSLProxyVerifyDepth|SSLRandomSeed|SSLRequire|SSLRequireSSL|SSLSessionCache|SSLSessionCacheTimeout|SSLUserName|SSLVerifyClient|SSLVerifyDepth)\b captures 1 name keyword.usertrack.apacheconf match \b(CookieDomain|CookieExpires|CookieName|CookieStyle|CookieTracking)\b captures 1 name keyword.vhost_alias.apacheconf match \b(VirtualDocumentRoot|VirtualDocumentRootIP|VirtualScriptAlias|VirtualScriptAliasIP)\b captures 1 name keyword.php.apacheconf 3 name entity.property.apacheconf 5 name string.value.apacheconf match \b(php_value|php_flag|php_admin_value|php_admin_flag)\b(\s+(.+?)(\s+(".+?"|.+?))?)?\s captures 1 name punctuation.variable.apacheconf 3 name variable.env.apacheconf 4 name variable.misc.apacheconf 5 name punctuation.variable.apacheconf match (%\{)((HTTP_USER_AGENT|HTTP_REFERER|HTTP_COOKIE|HTTP_FORWARDED|HTTP_HOST|HTTP_PROXY_CONNECTION|HTTP_ACCEPT|REMOTE_ADDR|REMOTE_HOST|REMOTE_PORT|REMOTE_USER|REMOTE_IDENT|REQUEST_METHOD|SCRIPT_FILENAME|PATH_INFO|QUERY_STRING|AUTH_TYPE|DOCUMENT_ROOT|SERVER_ADMIN|SERVER_NAME|SERVER_ADDR|SERVER_PORT|SERVER_PROTOCOL|SERVER_SOFTWARE|TIME_YEAR|TIME_MON|TIME_DAY|TIME_HOUR|TIME_MIN|TIME_SEC|TIME_WDAY|TIME|API_VERSION|THE_REQUEST|REQUEST_URI|REQUEST_FILENAME|IS_SUBREQ|HTTPS)|(.*?))(\}) captures 1 name entity.mime-type.apacheconf match \b((text|image|application|video|audio)/.+?)\s captures 1 name entity.helper.apacheconf match \b(?i)(export|from|unset|set|on|off)\b captures 1 name constant.integer.apacheconf match \b(\d+)\b captures 1 name punctuation.definition.flag.apacheconf 2 name string.flag.apacheconf 3 name punctuation.definition.flag.apacheconf match \s(\[)(.*?)(\])\s scopeName source.modsecurity uuid b3e060ed-6a2e-4986-8f65-a5283c5a6a33