# http://www.atomicorp.com/ # Atomicorp (Gotroot.com) ModSecurity rules # Application Security Rules for modsec 2.x # # Created by Prometheus Global (http://www.prometheus-group.com) # Copyright 2005-2009 by Prometheus Global, all rights reserved. # Redistribution is strictly prohibited in any form, including whole or in part. # # Distribution of this work or derivative of this work in any form is # prohibited unless prior written permission is obtained from the # copyright holder. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. # #---ASL-CONFIG-FILE--- # SecDefaultAction "log,deny,auditlog,phase:2,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace" # Rule 340001: Don't accept transfer encodings we know we don't handle SecRule REQUEST_HEADERS:Transfer-Encoding "!^$" \ "id:340001,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Dis-allowed Transfer Encoding'" # Rule 340002: deny TRACE method SecRule REQUEST_METHOD "trac(?:e|k)" \ "phase:1,t:lowercase,id:340002,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: TRACE/TRACK method denied'" # Rule 340361: deny CONNECT method SecRule REQUEST_METHOD "connect" \ "phase:1,t:lowercase,id:340361,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: CONNECT method denied'" #block nulls and invalid characters SecRule REQUEST_URI|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer \ "@validateByteRange 1-255" \ "phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Invalid character in request or headers',rev:3,id:'390613',severity:'2',t:none,t:urlDecodeUni" SecRule ARGS|ARGS_NAMES "@validateByteRange 1-255" \ "phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Invalid character in ARGS',rev:1,id:'390614',severity:'2',t:none,t:urlDecodeUni" #block encoding attacks SecRule REQUEST_BODY|REQUEST_URI|XML:/* "\%(?!$|\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" \ "chain,phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: URL Encoding Attack Attempt',rev:1,id:'390615',severity:'4'" SecRule REQUEST_BODY|REQUEST_URI|XML:/* "@validateUrlEncoding" #protocol violation SecRule REQUEST_METHOD "^POST$" "chain,rev:2,id:'390616',phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: POST request must have a Content-Length header',severity:'4'" SecRule &REQUEST_HEADERS:Content-Length "@eq 0" t:none #GET or HEAD mascarating as a POST/with body SecRule REQUEST_METHOD "^(?:GET|HEAD)$" "chain,phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: GET or HEAD requests with bodies', severity:'2',rev:1,id:'390617'" SecRule REQUEST_HEADERS:Content-Length "!^0?$" t:none SecRule REQUEST_HEADERS:Content-Length "!^\d+$" "phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Content-Length HTTP header is not numeric', severity:'2',rev:1,id:'390618'" #HTTP smuggling attack SecRule REQUEST_HEADERS:'/(Content-Length|Transfer-Encoding)/' "," "phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: HTTP Smuggling Attack.',id:'390619',rev:1,severity:'1'" #totally bogus request #SecRule REQUEST_LINE "!^(?:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$" \ # "t:none,t:lowercase,phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus HTTP Request Line',id:'390620',rev:1,severity:'2'" #Unicode attack SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "\%u[fF]{2}[0-9a-fA-F]{2}" \ "t:none,phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Unicode Width Attack Attempt',id:'390621',rev:2,severity:'4'" # Rule 340000: Enforce proper HTTP requests # GET /robots.txt HTTP/1.0 # modsecurity does not seem to handle this correctly, its treating spaces # as delimiters and assumes the first space indicates the protocol field starts. # disabling for now #SecRule REQUEST_PROTOCOL "!(?:^|\n|\r)(?:http|HTTP)/(0\.9|1\.[01])$" \ # "t:none,id:340000,rev:7,severity:1,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bad HTTP Protocol <%{TX.0}>'" # Rule 34000X: Generic rule for allowed characters, very broken at the moment # dont use it unless you can fix it #SecRule REQUEST_URI "!^[-a-zA-z0-9\.\+_/\-\?\=]+$" "chain,id:340002,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Restricted HTTP character set'" # Rule 340003: XSS insertion into headers SecRule REQUEST_URI "!(modules/tinytinymce/tinymce/jscripts/tiny_mce/utils/validate\.js$)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,chain,id:340003,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS attack in request headers'" SecRule REQUEST_HEADERS "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)*>.*(?:script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)" # Rule 340004: Don't accept chunked encodings # modsecurity can not look at these, so this is a hole that can bypass your rules, # the rule before this oneshould cover this, but hey paranoia is cheap SecRule REQUEST_HEADERS:Transfer-Encoding "chunked" \ "id:340004,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Chunked Transfer Encoding denied'" # Rule 340262 #SecRule REQUEST_HEADERS:Content-Length "!ˆ\d+$" \ # "id:340262,rev:1,severity:2,msg:’Content-Length HTTP header violation’" # Rule 340006: generic recursion signatures SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors|phpthumb/phpthumb\.php\?src=\.\./\.\./uploads)" \ "t:normalisePath,id:340006,rev:29,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS', chain" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|!ARGS:/description/|!ARGS:videoplayer|!ARGS:css_data|!ARGS:/txt/|!ARGS:/text/|!ARGS:body|!ARGS:pagecontent|!ARGS:wysiwyg_input|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:/content/ "(?:\.\./\.\./|\.\|\./\.\|\./\.\|)" #Rule 340007: generic recursion signatures SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \ "chain,t:none,t:lowercase,id:340007,rev:18,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'" SecRule REQUEST_URI|ARGS|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" # Rule 340008: generic bogus path sigs SecRule REQUEST_URI|REQUEST_HEADERS "/\.{3,}/" \ "t:normalisePath,id:340008,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus Path denied'" # Rule 340009: generic recursion signatures SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors|phpthumb/phpthumb\.php\?src=\.\./\.\./uploads|^/etc/[a-z0-9-_]+\.(css|html?|jpe?g|gif|png|te?xt)$|^/\?cx=.*q=)" \ "t:normalisePath,id:340009,rev:16,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Protected Path Access denied in URI/ARGS', chain" SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(/etc/|/proc/|/var/tmp/)" # Rule 340012: #Proxy Protection #SecRule REQUEST_METHOD "!^(ACL|BASELINE-CONTROL|BCOPY|BDELETE|BIND|BMOVE|BPROPFIND|BPROPPATCH|CHECKIN|CHECKOUT|CONNECT|COPY|DELETE|GET|HEAD|LABEL|LINK|LOCK|MERGE|MKACTIVITY|MKCALENDAR|MKCOL|MKREDIRECTREF|MKWORKSPACE|MOVE|NOTIFY|OPTIONS|ORDERPATCH|PATCH|POLL|POST|PROPFIND|PROPPATCH|PUT|REBIND|REPORT|SEARCH|SUBSCRIBE|TRACE|UNBIND|UNCHECKOUT|UNLINK|UNLOCK|UNSUBSCRIBE|UPDATE|UPDATEREDIRECTREF|VERSION-CONTROL|X-MS-ENUMATTS)$" \ SecRule REQUEST_METHOD "^CONNECT$" \ "chain,phase:2,t:none,deny,log,auditlog,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Unauthorized Proxy access attempt',severity:'2',id:'340012',rev:2" SecRule REQUEST_URI_RAW "^\w+:/" chain SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" # Rule 340013: #Prevent SQL injection in cookies SecRule REQUEST_COOKIES "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" \ "t:replaceComments,id:340013,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection in cookie'" # Rule 340014: #Prevent command injection through cookies SecRule REQUEST_COOKIES "\; ?cmd ?=" \ "id:340014,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: CMD injection'" # Rule 340015: #Prevent SQL injection in UA SecRule REQUEST_HEADERS:User-Agent "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"\ "t:replaceComments,id:340015,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection in User Agent header'" # Rule 340016: # Generic filter to prevent SQL injection attacks # Understand that all SQL filters are very limited and are very difficult # to prevent false postives and negatives. # Please report false positives/negatives to support@atomicorp.com SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=PNphpBB2&file=posting&mode=reply.*|/phpMyAdmin/|/PNphpBB2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/_mmServerScripts/|/node/[0-9]+/edit|/_vti_bin/.*\.exe/)" \ "t:replaceComments,chain,id:340016,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'" SecRule REQUEST_URI|REQUEST_BODY "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" # Rule 340017: #Generic SQL sigs # SecRule REQUEST_URI "!(?:^/edit_page$|/node/[0-9]+/edit|^/forum/posting\.php|^/admins/wnedit\.php|/alt_doc\.php\?returnUrl=.*edit|^/admin/categories\.php\?cPath=.*|modules\.php\?name=Forums&file=posting&mode=.*|^/joomla/administrator/index2\.php|^/wiki/index\.php?.*action=submit|^/imp/compose\.php|^/horde/imp/compose\.php|ubbthreads\.php|/sql.php|/tbl_(?:change|sql)\.php|/admincp/template\.php\?do=(?:insert|update)template|admin/area/save-page\.php$|^/cgi-bin/cookmail\.exe$|^/catalog/secure_admin/categories\.php\?cPath=)" \ "chain,id:340017,rev:44,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection in ARGS'" SecRule ARGS|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?:insert into values|select from [a-z|A-Z|0-9]!( and)|bulk insert|union select|convert \(.*from)" # Rule 340018: #Generic command line attack filter SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" \ "chain,id:340018,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic command line attack filter'" SecRule REQUEST_URI|REQUEST_BODY|!ARGS:site_first "\|+.*[\x20].*[\x20].*\|" # Rule 340019: #Generic PHP bad functions protection #PHP copy() function: http://securitytracker.com/alerts/2006/Apr/1015882.html SecRule ARGS "compress\.zlib ?:" \ "id:340019,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP bad functions protection'" # Rule 340020: #XSS in referrer and UA headers SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php|/tinymce/jscripts/|swf/pageear_[a-z]\.swf\?)" \ "id:340020,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS in referrer and UA headers',chain" SecRule REQUEST_HEADERS:REFERER "!(pagead[0-9]\.googlesyndication\.com/pagead/|/gills\.swf?txt=|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)" # Rule 340021: PHP Injection Attack generic signature SecRule REQUEST_URI "(!/lightboxjs\.php\?path=http:/)" \ "t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,chain,id:340021,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection Attack 1'" SecRule REQUEST_URI "\.php" chain SecRule REQUEST_URI|REQUEST_BODY "(?:\?(?:(?:LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|path|pathtoroot|cat|pagina|path|include_location|root|page|gorumDir|site|topside|pun_root|open|seite)=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |id|cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./|whoami|killall |rm \-[a-z|A-Z]))" # Rule 340022: PHP Injection Attack generic signature SecRule REQUEST_URI "!(/lightboxjs\.php\?path=http://)" \ "chain,id:340022,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection Attack 2'" SecRule REQUEST_URI "\.php\?(?:(?:(?:LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|pagina|path|pathtoroot|cat|include_location|gorumDir|root|page|site|topside|pun_root|open|seite)=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|.*(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z]))" # Rule 340023: Generic PHP remote file inclusion attack signature SecRule REQUEST_URI "\.php\?" \ "chain,id:340023,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP remote file inclusion'" SecRule REQUEST_URI "(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain SecRule REQUEST_URI|REQUEST_BODY "(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])" # Rule 340026: Generic PHP code injection protection in URI SecRule REQUEST_FILENAME|REQUEST_URI "!(^/signup\.php|^/go\.php\?u=affilorama&t=http://|^/cgi-bin/mirror_xml\.php\?bg_image=http://|^/frame\.php\?ref=&from=http://.*&url=.*/$|^/spam/gethref\.php\?img=http://|/gethref\.php\?img=http://|/frame\.php\?.*&from=http://|/lightboxjs\.php\?path=|/wimpy\.swf\?wimpyApp=http|^/opentape/res/jw_player\.swf\?)" \ "capture,chain,id:340026,rev:49,severity:2,ctl:auditLogParts=+E,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection attempt in URI',logdata:'%{TX.0}'" SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&)).*=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain SecRule REQUEST_URI "!(?:/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=)" chain #SecRule ARGS "!@pmFromFile trusted-domains.conf" chain SecRule ARGS|!ARGS:wpu|!ARGS:target|!ARGS:store|!ARGS:txtReturn|!ARGS:eself|!ARGS:dcsref|!ARGS:/link/|!ARGS:page|!ARGS:dcsqry|!ARGS:prev|!ARGS:src|!ARGS:link|!ARGS:avatar|!ARGS:u|!ARGS:Stream|!ARGS:imgfile|!ARGS:CARTDIR|!ARGS:custom_welcome_page|!ARGS:action|!ARGS:image|!ARGS:t|!ARGS:redirect_to|!ARGS:dir|!ARGS:vthumb|!ARGS:pic|!ARGS:path|!ARGS:clickTAG|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:ureferrer|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:redirect|!ARGS:product[media_gallery][images]|!ARGS:loc|!ARGS:backurl|!ARGS:r_uri|!ARGS:oaparams|!ARGS:bg_image|!ARGS:imageFile|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:body|!ARGS:subdir[0] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" # Rule 340027: Genenric PHP body attack SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)" \ "chain,id:340027,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic php body attack attempt'" SecRule REQUEST_BODY "^PHP\:*(?:(?:cd|mkdir)[[:space:]]+(?:/|[A-Z|a-z|0-9]|\.)*|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |chmod |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])" # Rule 340029: script, perl, etc. code in REQUEST_HEADERS:Referer string SecRule REQUEST_HEADERS:Referer "\#\!.*/" \ "id:340029,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command in Referer string'" # Rule 340030: generic command line attack SecRule REQUEST_URI|ARGS "\|*id ?\; ?echo*\|" \ "id:340030,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command line attack'" # Rule 340031: remote file inclusion generic attack signature SecRule REQUEST_URI "\.(?:dat|gif|jpg|png|bmp|txt|vir|dot)\?" \ "chain,id:340031,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote file inclusion'" SecRule REQUEST_URI|REQUEST_BODY "(?:(?:pm_path|pagina|path|include_location|root|page|open)=(?:ogg|gopher|zlib|(?:ht|f)tps?)|(?:cmd|command|inc)=)" # Rule 340035: Bogus file extensions generic signature SecRule REQUEST_URI "[A-Za-z0-9]\.(?:gif|jpe?g|png|bmp)\.(?:txt|dat)" \ "id:340035,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus file extensions'" # Rule 340036: PHP remote path attach generic signature #SecRule REQUEST_URI "!(?:/cowadmin/editor/.*/editor)" \ # "id:340036,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Remote path attack',chain" #SecRule REQUEST_URI "\.ph(?:p(?:3|4)?).*path=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" # Rule 340037: generic attack sig SecRule REQUEST_URI "cd *\;(?:cd|\;|echo|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |g?cc |cpp |g\+\+ |\./| uname -a|/bin/(xterm|id|bash|sh|echo|kill|chmod|ch?sh|python|perl|nasm|ping|mail|ssh))" \ "id:340037,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic command injection'" # Rule 3400XX: Generic argument protection rule against bad meta characters #SecRule "ARGS" "!^[A-Za-z0-9.&/?@_%=:;, -]+$" # Rule 340039: generic php attack sigs SecRule REQUEST_URI "(?:&(?:cmd|command)=(?:id|uname) |cmd\?(?:cmd|command)=|(?:spy|cmd|cmd_out|sh)\.(?:gif|jpg|png|bmp|txt)\?&(?:cmd|command)=|\.php\?&(?:cmd|command)=)" \ "id:340039,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP command injection attempt'" # Rule 340041: WEB-ATTACKS /etc/shadow access SecRule REQUEST_URI "/etc/shadow"\ "t:normalisePath,id:340041,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /etc/shadow read attempt'" # Rule 340059: WEB-ATTACKS traceroute command attempt SecRule REQUEST_URI "traceroute" \ "chain,id:340059,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (traceroute)'" SecRule REQUEST_URI " (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" # Rule 340064: WEB-ATTACKS /etc/inetd.conf access SecRule REQUEST_URI "/etc/(?:x?inetd|motd|passwd|shadow)" \ "id:340064,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Access attempt (protected file)'" # Rule 340067: protected file access SecRule REQUEST_URI "!(^/amember/admin/setup\.php\?notebook=|^/\?(S|V)|^\?(S|V)).*" \ "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,chain,id:340067,rev:7,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Direct access attempt of protected file'" SecRule REQUEST_URI|REQUEST_FILENAME "@pm .www_acl .htpasswd .htaccess boot.ini httpd.conf .htgroup global.asa .wwwacl" # Rule 340069: WEB-MISC nessus 1.X 404 probe SecRule REQUEST_URI "(nessus_is_probing_you_|NessusTest)" \ "id:340069,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Nessus scan'" # Rule 340072: WEB-MISC apache directory disclosure attempt SecRule REQUEST_URI "////////" \ "id:340072,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Directory disclosure'" # Rule 340076: PHP defenses SecRule ARGS:PHPSESSID "(!^[0-9a-z]*$|!^[0-9a-z]*;www)" \ "id:340076,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Session attack'" # Rule 340077: PHP defenses SecRule ARGS|!ARGS:operate|!ARGS:search_keywords "^(?:globals(?:$|\[)|php:/)" \ "id:340077,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation'" # Rule 340078: PHP defenses #SecRule REQUEST_COOKIES:PHPSESSID "!^[0-9a-z, ]*$" \ # "id:340078,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP cookie policy violation'" # Rule 340079: PHP defenses SecRule REQUEST_COOKIES:sessionid "![0-9a-z]*$" \ "id:340079,rev:10,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation'" # Rule 340080: Web-attacks chdir SecRule REQUEST_URI "&(?:cmd|command)=chdir " \ "id:340080,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (chdir)'" # Rule 340082: SMTP redirects SecRule REQUEST_URI_RAW "^(?:(?:ht|f)tps?|connect)\:/.+:25" \ "id:340082,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SMTP redirect over http attempt'" # Rule 340083: very experimental generic remote download sig # These are VERY experiemental, please report false positives/negatives, etc. # foo IP or FQDN, or foo http/https/ftp://whatever SecRule REQUEST_URI "(?:perl|t?ftp|links|elinks|lynx|ncftp|(?:s|r)(?:cp|sh)|wget|lwp-(?:download|request|mirror|rget)|curl|cvs|svn).* (?:(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" \ "id:340083,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Command attempt'" # Rule 340084: Command inline detection SecRule REQUEST_URI "!(?:/scp/tickets\.php|/cgi-bin/stats\.cgi)" \ "chain,id:340084,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command injection attempt'" SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:(?:s|r)(?:sh|cp)) *(?:.*\@.*|(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" # Rule 340085: very experimental connect command sig SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:perl|nc|telnet|(?:rs)sh|rexec) .*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[A-Za-z|0-9]\.[a-zA-Z]{2,4}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" \ "id:340085,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command injection attempt'" # Rule 340086: Commands, also need a major rework, these also have issues SecRule REQUEST_URI "\;perl [A-Za-z|0-9]+;" \ "id:340086,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (perl)'" # Rule 340087: SecRule REQUEST_URI "echo" SecRule REQUEST_URI "(?:lynx|curl|wget|links) -dump " \ "id:340087,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (links)'" # Rule 340088: Command attempt (links) SecRule REQUEST_URI "links (?:-(?:dump-(?:charset|width)|source)|(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/)" \ "id:340088,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (links)'" # Rule 340091: cd to tmp #SecRule REQUEST_URI "mkdir" SecRule REQUEST_URI "cd /(?:tmp|/var/tmp|/etc|\.\.)" \ "id:340091,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (cd tmp)'" # Rule 340093: Access bash_history SecRule REQUEST_URI "/\.(?:history|bash_history)$" \ "id:340093,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Access attempt (.history/.bash_history)'" # Rule 340094: generic block for fwrite fopen uploads SecRule REQUEST_URI "fwrite" \ "chain,id:340094,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP fwrite/fopen attempt'" SecRule REQUEST_URI "fopen" # Rule 340095: generic sig for more bad PHP functions SecRule REQUEST_URI "chr\(?:(?:[0-9]{1,3})\)" \ "id:340095,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation (chr)'" # Rule 340096: PHP policy violation SecRule ARGS_NAMES "^php:/" \ "id:340096,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy viloation'" # Rule 340097: WEB-MISC Tomcat view source attempt SecRule REQUEST_URI "\x252ejsp" \ "id:340097,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Tomcat view source attempt'" # Rule 340098: WEB-FRONTPAGE .... request SecRule REQUEST_URI "\.\.\.\./" \ "id:340098,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: FRONTPAGE .... request'" # Rule 3400XX: experimental CSS rule #SecRule REQUEST_URI "/(?:\x3C|<)(?:\x2F|\/)*[a-z0-9\%]+(?:\x3E|>)" # Rule 340099: cross site scripting attempt IMG onerror or onload SecRule REQUEST_URI "\]expression[\s]*\(" \ "id:340106,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + EXPRESSION'" # Rule 340107: cross site scripting attempt STYLE + EXPRESSION SecRule REQUEST_URI "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>" \ "id:340107,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + EXPRESSION'" # Rule 340108: There is no 340108. # Rule 340109: cross site scripting attempt using XML SecRule REQUEST_URI "SCRIPT" \ "id:340109,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt using XML'" # Rule 340110: cross site scripting attempt executing hidden Javascript SecRule REQUEST_URI "eval[\s]*\([\s]*[^\.]\.innerHTML[\s]*\)" \ "id:340110,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt executing hidden Javascript'" # Rule 340111: cross site scripting attempt executing hidden Javascript SecRule REQUEST_URI "window\.execScript[\s]*\(" \ "id:340111,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt executing hidden Javascript'" # Rule 340112: cross site scripting attempt to execute Javascript code SecRule REQUEST_URI "(?:(?:(?:URL|SRC|HREF|LOWSRC)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*javascript[\:]" \ "id:340112,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt to execute Javascript code'" # Rule 340113: cross site scripting stealth attempt to execute Javascript code # may false alarm for some language sets SecRule REQUEST_URI "!(?:/index\.php\?module=Blocks&type=admin&func=update|/index\.php\?go=.*&edit=)"\ "chain,id:340113,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting stealth attempt to execute Javascript code'" SecRule REQUEST_URI|REQUEST_BODY "(?:(?:(?:URL|SRC|HREF|LOWSRC)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:]" \ # Rule 340114: Apache /server-info accessible SecRule REQUEST_URI "^server-info/?$" \ "chain,id:340114,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /server-info access attempt'" SecRule REMOTE_ADDR "!^127\.0\.0\.1$" # Rule 340115: Apache /server-status accessible # Modified so apache-protect can run SecRule REQUEST_URI "^server-status/?$" \ "chain,id:340115,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /server-status access attempt'" SecRule REMOTE_ADDR "!^127\.0\.0\.1$" # Rule 340116: generic Common HTTP vulnerability SecRule REQUEST_URI "/\?cwd=/" \ "id:340116,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Common HTTP vulnerability'" # Rule 340117: General [url] php forum protections (phpbb and others, to protect against script injection attacks in url links) SecRule REQUEST_URI "\.php\?" \ "chain,id:340117,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: General [url] php forum protections'" SecRule REQUEST_URI|REQUEST_BODY "\[url=(?:script|javascript|applet|about|chrome|activex)\:/.*\].*\[/url\]" # Rule 340118: Experimental XML-RPC generic attack sigs SecRule REQUEST_BODY|ARGS "(\'\,\'\'\)\)\;|\\.*\'\)\;)" \ "id:340118,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML-RPC attack'" # Rule 340120: XML-RPC generic attack sigs SecRule REQUEST_HEADERS "^Content-Type\: application/xml" \ "chain,id:340120,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML-RPC attack'" SecRule REQUEST_BODY|ARGS "(?:\" # Rule 340121: Specific XML-RPC attacks on xmlrpc.php SecRule REQUEST_URI "(?:xmlrpc|xmlrpc.*)\.php" \ "chain,id:340121,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XML-RPC attacks on xmlrpc.php'" SecRule REQUEST_BODY|ARGS "(?:\.*.*.*(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](?:from|into|table|database|index|view).*methodName\>" # Rule 340125: Remote file inclusion attempt SecRule REQUEST_URI "index\.php\?libDir=:/" \ "id:340125,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote file inclusion attempt'" # Rule 340XXX #catch smuggling attacks #SecRule "^(?:GET|POST).*Host:.*^(?:GET|POST)" # Rule 340127: Drupal remote command execution vulnerability exploit signature # This is already covered in another generic signature, but just in case you leave it out, here it is # again with a slightly tigher regexp SecRule REQUEST_BODY|ARGS "\<.*php .*\(.*\)\;system\(.*\).*php ?\>" \ "id:340127,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote command exection (system)'" # Rule 340128: Slightly stronger version of the above SecRule REQUEST_BODY "\<.*php .*\(.*\)\;(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\).*php*\>" \ "id:340128,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote command exection (generic)'" # Rule 340129: Generic PHP attack sig SecRule REQUEST_BODY|REQUEST_URI "system\(getenv\(HTTP_PHP\)\)" \ "id:340129,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP attack sig'" # Rule 340130: Generic Nessus request filter SecRule REQUEST_URI "NessusTest*\.html" \ "id:340130,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Nessus Scan'" # Rule 340131: Generic PHP payload command injection and upload vulnerabilities SecRule REQUEST_BODY "<\?php" \ "id:340131,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP payload command injection and upload vulnerabilities',chain" SecRule REQUEST_BODY "(?:(?:fputs|fread)\(.*\,.*\)\;|fsockopen\(gethostbyname|chr\(.*\)\.chr\(.*\)\.chr\(|(?:fclose|fgets)\(.*\)\;|(?:system|exec)\(.*\)\;)" chain SecRule REQUEST_BODY "\<\?php" # Rule 340132: Generic XML RPC attack sig SecRule REQUEST_BODY "\'(?:______BEGIN______|_____FIM_____)\'\;" \ "id:340132,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML RPC attack'" # Rule 340133: HTTP header PHP code injection attacks SecRule REQUEST_HEADERS:Client-Ip|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "(?:<\?php|<[[:space:]]?\?[[:space:]]?php|<\? php)" \ "id:340133,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: HTTP header PHP code injection attack'" # Rule 340134: wormsign SecRule REQUEST_HEADERS "XXXXXX+\: \+\+\+\+\+\+\+\+\+\+\+\+\+" \ "id:340134,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Worm signature'" # Rule 340135: THMC worm SecRule REQUEST_BODY "THMC\.\$dbhost\.THMC\.\$dbname\.THMC\.\$dbuser\.THMC\.\$dbpasswd\.THMC" \ "id:340135,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: THMC worm'" # Rule 340136: phpbb wormsign SecRule REQUEST_URI|REQUEST_BODY "echo _GHC/RST_" \ "id:340136,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHPBB worm'" # Rule 340137: Generic PHP avatar upload exploits SecRule REQUEST_URI "\.php" \ "id:340137,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHPBB avatar exploit',chain" SecRule REQUEST_BODY "Content-Disposition\: form-data\; name=\"avatar\"\;" chain SecRule REQUEST_BODY "\<\?php" chain SecRule REQUEST_BODY "\?>" # Rule 340138: Fake image file shell attacvk SecRule REQUEST_HEADERS:Content-Type "image/.*" \ "id:340138,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Fake image file shell attack',chain" SecRule REQUEST_BODY "chr\(.*\)" # Rule 340140: bogus graphics file SecRule REQUEST_HEADERS:Content-Disposition "\.(?:php|txt)" \ "id:340140,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus graphics file',chain" SecRule REQUEST_HEADERS:Content-Type "(?:image/gif|image/jpg|image/png|image/bmp)" \ # Rule 340141: wormsign SecRule REQUEST_URI "Hacked ?by ?member ?of" \ "id:340141,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: worm'" # Rule 340142: Special account protection SecRule REQUEST_URI "~(?:root|ftp|bin|nobody|named|guest|logs|sshd)/" \ "t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,id:340142,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Special account protection'" # Rule 340143: Generic PHP fopen sig SecRule REQUEST_URI|REQUEST_BODY "fp=fopen\(" \ "id:340143,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP fopen attack'" # Rule 340144: Generic SQL sigs SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=PNphpBB2&file=posting&mode=reply.*|/phpMyAdmin/|/PNphpBB2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/_mmServerScripts/|/node/[0-9]+/edit|/_vti_bin/.*\.exe/|/joomla/administrator/index2\.php|module=admin&act=dispLayoutAdminEdit&layout_srl=|upgrade.php?step=|^/ubbthreads/install/|^/projects/csb/milestone$)" \ "id:340144,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain" SecRule ARGS|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" # Rule 340145: Generic SQL sigs SecRule ARGS|!ARGS:content|!ARGS:/descr/|!ARGS:newcontent|!ARGS:/text/|!ARGS:/txt/|!ARGS:khxc_incphp--filename|!ARGS:/file_content/|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp|!ARGS:gbu0_prodcatdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]]1|(?:or 1=1|'.+)--')" \ "id:340145,rev:10,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'" # Rule 340146: Meta character SQL injection SecRule REQUEST_URI "\'.*(?:insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)|and.*char\(.*\)" \ "id:340146,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL metacharacter URI injection protection'" # Rule 340147: Generic XSS filter SecRule REQUEST_URI "!(/mt\.cgi|/node/[0-9]+/edit|/wizard/edit/html)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340147,rev:48,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter',chain" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" # Rule 340148: XSS injection SecRule REQUEST_URI "!(^/\?(S|V)|^\?(S|V)|/node/[0-9]+/edit|/wizard/edit/html)" \ "chain,multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340148,rev:56,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:finish_survey|ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(||\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)" # Rule 340149: XSS injection SecRule REQUEST_URI "!(^/\?(S|V)|^\?(S|V)|/node/[0-9]+/edit|/wizard/edit/html|\.(gif|jpe?g|png|bmp)$)" \ "chain,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340149,rev:66,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRule REQUEST_URI|ARGS|!ARGS:finish_survey|!ARGS:embeddump|ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" # Rule 340150: Dfind signature # w00tw00t.at.ISC.SANS.DFind SecRule REQUEST_URI "w00tw00t" \ "id:340150,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: DFind scanner attempt'" #Rule 340152: PHP Injection attack #SecRule REQUEST_URI "!(?:^/newsletter/admin/\?page=spageedit|\?c=clipart&u=http:|^\?q=node/add/page$|^\?q=(?:en|de)/node/[0-9]/edit$|^/(?:maillist|lists)/admin/\?page=(template|template&id=[0-9]+)$|^/leap/\?admin\.menus\.edit\.[0-9]+$|\?mode=addshout|\?feed=http://)" \ # "t:normalisePath,id:340152,rev:55,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 2',chain" #SecRule REQUEST_URI "/+\?" chain #SecRule ARGS "!@pmFromFile trusted-domains.conf" chain #SecRule ARGS|!ARGS:/link/|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/href/|!ARGS:dcsref|!ARGS:gb_link|!ARGS:entry_author_website|!ARGS:attribute29|!ARGS:request|!ARGS:oaparams|!ARGS:/html_content/|!ARGS:subscribemessage|!ARGS:menu[link_path]|!ARGS:en_description|!ARGS:Stream|!ARGS:footer|!ARGS:site_frontpage|!ARGS:openid.return_to|!ARGS:/^description/|!ARGS:text_block|!ARGS:template_content|!ARGS:/^edit/|!ARGS:header|!ARGS:/homepage/|!ARGS:messagebody|!ARGS:content|!ARGS:newText|!ARGS:pagedata|!ARGS:/url/|!ARGS:clickTAG|!ARGS:page|!ARGS:utmr|!ARGS:archive_chrono|!ARGS:return|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:message|!ARGS:serverurl|!ARGS:redirect_to|!ARGS:external_link|!ARGS:site_footer|!ARGS:body_html|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:attach-url|!ARGS:url2send|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:loc|!ARGS:backurl|!ARGS:referer|!ARGS:resource|!ARGS:siteurl|!ARGS:feed|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:text|!ARGS:newDescription|!ARGS:rid|!ARGS:enlace|!ARGS:video|!ARGS:body|!ARGS:g2_return|!ARGS:newComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain #SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" # Rule 340151: Generic PHP code injection protection in URI w/ anti-evasion SecRule REQUEST_FILENAME|REQUEST_URI "!(?:^/signup\.php|^/go\.php\?u=affilorama&t=http://|/slideshow/admin/p\.php)" \ "id:340151,t:normalisePath,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection attempt in URI'" SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&)).*=(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/" chain SecRule REQUEST_URI "!(?:/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http)" chain #SecRule ARGS "!@pmFromFile trusted-domains.conf" chain SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:store|!ARGS:txtReturn|!ARGS:src|!ARGS:Stream|!ARGS:eself|!ARGS:gb_link|!ARGS:action|!ARGS:redirect_to|!ARGS:/^description/|!ARGS:vthumb|!ARGS:image|!ARGS:footer|!ARGS:header|!ARGS:entry_author_website|!ARGS:/homepage/|!ARGS:clickTAG|!ARGS:page|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:enlace|!ARGS:page|!ARGS:subdir[0] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" #Rule 340153: PHP Injection attack w/ antievasion SecRule REQUEST_URI "!(?:^/newsletter/admin/\?page=spageedit|^\?q=node/add/page$|^\?q=(?:en|de)/node/[0-9]/edit$|\?mode=addshout|\?feed=http://)" \ "id:340153,t:normalisePath,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 3'" SecRule REQUEST_URI "/\?" chain #SecRule ARGS "!@pmFromFile trusted-domains.conf" chain SecRule ARGS|!ARGS:/link/|!ARGS:next|!ARGS:entry_author_website|!ARGS:gb_link|!ARGS:goto|!ARGS:/html_content/|!ARGS:openid.return_to|!ARGS:values[pageheader]|!ARGS:content|!ARGS:description|!ARGS:content|!ARGS:body|!ARGS:header|!ARGS:footer|!ARGS:utmr|!ARGS:edit[site_mission]|!ARGS:return|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:message|!ARGS:serverurl|!ARGS:redirect_to|!ARGS:external_link|!ARGS:site_footer|!ARGS:body_html|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:attach-url|!ARGS:url2send|!ARGS:ureferrer|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:referer|!ARGS:resource|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:op|!ARGS:enlace|!ARGS:page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" #Rule 340154: Enhanced XSS protection w/antievasion #SecRule ARGS|ARGS_NAMES|REQUEST_FILNAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pmFromFile xss.txt" \ # "t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:340154,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 3'" #Always SQL injection cases w/ antievasion SecRule REQUEST_URI "(!^/node/add/story)" \ "t:replaceComments,chain,id:340155,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL Injection protection'" SecRule REQUEST_HEADERS:Cookie "!(utmctr=)" chain SecRule ARGS|!ARGS:Db_submit|!ARGS:/^sql/|!ARGS:prev_sql_query|!ARGS:sql_query|ARGS_NAMES|!ARGS_NAMES:table_name|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_COOKIES:utmctr "@pmFromFile sql.txt" #Always bad SQL injection case w/ antievasion #SecRule ARGS|!ARGS:/^fulltext/|!ARGS:message|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \ SecRule ARGS|!ARGS:Db_submit|!ARGS:/^fulltext/|!ARGS:prev_sql_query|!ARGS:/^sql/|!ARGS:sql_query|!ARGS:message|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \ "id:340156,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:13,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',logdata:'%{TX.0}'" #SQL inline command attack SecRule REQUEST_URI "!(?:/ubbthreads/ubbthreads\.php|/phpBB3/install/index\.php|/index\.php\?mode=install&sub=create_table$|^/admin/test/examples/txtSQLAdmin/index\.php|^/store/images/)" \ "id:340157,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:24,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection',chain" SecRule REQUEST_URI|ARGS|!ARGS:comment|!ARGS:body|!ARGS:fulldescr|!ARGS:article_content|!ARGS:text|!ARGS:txt|!ARGS:action|!ARGS:Db_submit|!ARGS:/sql/|!ARGS:saved_data|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:steps|!ARGS:fck_body "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" # Rule 340158: #XSS in referrer SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(?:/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php)" \ "id:340158,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS in referrer',chain" SecRule REQUEST_HEADERS:REFERER "!(^pagead[0-9]\.googlesyndication\.com/pagead/)" chain SecRule REQUEST_HEADERS:REFERER "(?:\' ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|<[[:space:]]*(?:script|about|applet|activex|chrome)*>.*(?:script|about|applet|activex|chrome)[[:space:]]*>|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|exec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)" #SQL inline command attack with more AE cases SecRule REQUEST_URI "!(/ubbthreads/ubbthreads\.php|/install/index\.php|/admin/fetch_data_af\.php\?action=create_txt_file_from_af_table$|/phpmyadmin/tbl_change\.php)" \ "id:340159,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:22,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (MM)',chain" SecRule ARGS|!ARGS:/descr/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:/sql_query/|!ARGS:/^sql/|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:/^sql_/|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select | cast\b\W*?\(|xecresultset|';DECLARE\b\W*?|;set @)" multiMatch #Always SQL injection cases w/ antievasion SecRule REQUEST_URI "!(/node/add/story)" \ "chain,id:340160,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:21,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL Injection protection'" SecRule ARGS|!ARGS:/text/|!ARGS:Db_submit|!ARGS:/table/|!ARGS:/^sql/|!ARGS:EXPORTTABLE|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:message|!ARGS:previous_field|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:X-PageView|!ARGS_NAMES:cfg_xsp_password|!ARGS:body|!ARGS:runQuery|!ARGS:field_type[]|!ARGS:/^field_type/|!ARGS:/^fieldtype_/|!ARGS:wpTextbox1 "@pmFromFile sql.txt" "t:base64Decode,t:hexDecode,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,multimatch" #Simple Image file enforcement rules for PHP args that include images #advanced analysis occurs thru the scanner SecRule REQUEST_URI "!(^/products/product_view_newrel\.php\?image=product_image$|/image-details\.php\?image=|/photocart/index\.php\?image=[0-9]+|^/image\.page\.php\?image=[0-9].*\||/cms/index\.php\?image=docs$)" \ "chain,id:340161,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:25,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection protection for Image ARGS (S)'" SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&))" chain SecRule ARGS:vthumb|ARGS:imagen|ARGS:imgfile|ARGS:imageFile|ARGS:ppicture|ARGS:featured2-image|ARGS:ARGS:featured1-image|ARGS:premiumnews_banner_image|ARGS:defaultImage|ARGS:pagearBigImg|ARGS:image|ARGS:mainimage|ARGS:bg_image|ARGS:team[logo]|ARGS:userpicpersonal|ARGS:iconnew|ARGS:img_src|ARGS:vthumb|ARGS:ViewState[LargeImage]|ARGS:ViewState[SmallImage] "!(\.(?:gif|jpe?g|png|bmp|wct|pdf)|^docs$|^http://$|^[0-9]+\|?|^$|^true$|^false$|^product_image/$)" # Rule 340162: Generic PHP code injection protection in URI w/ anti-evasion SecRule REQUEST_FILENAME|REQUEST_URI "!(/[a-z0-9]+\.html\?&L=http:/|/mirrors/startdl/.*\?path=http:/|/wp-content/themes/indomagz_2/thumb.php?src=http|/pl/download\?file=http|/index\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedia|$/mysqldumper/dump\.php^|(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=http|^/xmlrpc\.php$|^/go\.php\?u=affilorama&t=http://|/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http://|/ubbthreads/ubbthreads\.php|/wimpy\.php\?action=serveMP3&theFile=http://|/lg\.php\?bannerid=.*&campaignid=.*loc=http://|\?mode=addshout|\?feed=http://|/joomla15_2/administrator/index\.php|/wp-admin/(page|post|widgets|link|options)\.php|/batch\.html\.php\?code=http|/media-upload\.php|/admin-ajax\.php|/administrator/index2?\.php|/mt-(upgrade|wizard)\.cgi\?|/email-a-friend\.php|/cgi-bin/PManage/pmanage\.cgi|ubbthreads/admin/dofeatures\.php|cgi-bin/(?:inforx|wwiinfo|mvforms)\.(?:pl|cgi)|/admin/(?:edittemplate|webpage_update)\.php|/(?:signup|cpinquiry|profile)\.php|/catalog/secure_admin/categories\.php|plugins/unique_articles/add_article\.php|/images/banners/.*\.swf\?.*url=http://|/frame\.aspx\?u=http://|/index\.php\?sc=track&action=.*&cur=http://|/mynav\?right_frame=http://|/phpBB/install/install\.php|/count\.asp\?w=.*&r=http://)" \ "capture,id:340162,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:166,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'" #SecRule ARGS "!@pmFromFile trusted-domains.conf" chain SecRule ARGS|!ARGS:/site/|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/!ARGS:/webseite/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:cmessage|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:/web/|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:img|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:ccb_newmessage|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:V_feed_email|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:img_alt|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:form_img|!ARGS:loc|!ARGS:/^description/|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:descripcion|!ARGS:body_html|!ARGS:txtSignature|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:notice_message|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:req_message|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:your-message|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:imgfile|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:openid.return_to|!ARGS:emailmessage|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:emessage|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:autoresp_message|!ARGS:babynaam|!ARGS:visitormessage|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:welcome_message|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:commontemplate[header]|!ARGS:uri|!ARGS:wp_home|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:/^message/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:reply_message|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:/^PLUGIN_FEED/|!ARGS:user_sig|!ARGS:news_message|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:footmessage|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:messagebody|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:img_src|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wpTextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:team[logo]|!ARGS:helpbox|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:message|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:html_message|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:tj_message|!ARGS:cc_message|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" # Rule 340163: Generic PHP code injection protection in URI w/ anti-evasion and multimatch SecRule REQUEST_FILENAME|REQUEST_URI "!(/[a-z0-9]+\.html\?&L=http:/|/mirrors/startdl/.*\?path=http:/|/wp-content/themes/indomagz_2/thumb.php?src=http|/pl/download\?file=http|/index\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedia|^/mysqldumper/dump\.php$|(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=http|^/xmlrpc\.php$|^/__utm.gif\?|^/go\.php\?u=affilorama&t=http://|/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http://|/ubbthreads/ubbthreads\.php|/plugin_jw_allvideos/jw_allvideos_player\.swf\?file=http://|/wimpy\.php\?action=serveMP3&theFile=http://|/lg\.php\?bannerid=.*&campaignid=.*loc=http://|\?mode=addshout|\?feed=http://|/joomla15_2/administrator/index\.php|/wp-admin/(page|post|widgets|link|options)\.php|/batch\.html\.php\?code=http|/media-upload\.php|/admin-ajax\.php|/administrator/index2?\.php|/mt-(upgrade|wizard)\.cgi\?|/email-a-friend\.php|/cgi-bin/PManage/pmanage\.cgi|ubbthreads/admin/dofeatures\.php|cgi-bin/(?:inforx|wwiinfo|mvforms)\.(?:pl|cgi)|/admin/(?:edittemplate|webpage_update)\.php|/(?:cpinquiry|signup|profile)\.php|/catalog/secure_admin/categories\.php|plugins/unique_articles/add_article\.php|/images/banners/.*\.swf\?.*url=http://|/frame\.aspx\?u=http://|/index\.php\?sc=track&action=.*&cur=http://|/mynav\?right_frame=http://|/phpBB/install/install\.php|/count\.asp\?w=.*&r=http://|/index\.php\?option=com_content&view=article&id=.*http:/)" \ "capture,id:340163,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:166,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'" #SecRule ARGS "!@pmFromFile trusted-domains.conf" chain SecRule ARGS|!ARGS:/site/|!ARGS:source_location/!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/webseite/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:clickTag1|!ARGS:rf|!ARGS:web|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:img|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:img_alt|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:form_img|!ARGS:loc|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/^topic_content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:body_html|!ARGS:txtSignature|!ARGS:wpUploadDescription|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:webpath|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:email_forward|!ARGS:bannercode|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:newDesc|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:newwebpath|!ARGS:ima|!ARGS:imgfile|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:Direccionsitioweb|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:ud_web|!ARGS:openid.return_to|!ARGS:definition|!ARGS:emailmessage|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:emessage|!ARGS:new_tng_path|!ARGS:autoresp_message|!ARGS:babynaam|!ARGS:visitormessage|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:welcome_message|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:commontemplate[header]|!ARGS:wp_home|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^message/|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:webcam|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:reply_message|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/webaddress/|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:/^PLUGIN_FEED/|!ARGS:user_sig|!ARGS:news_message|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:messagebody|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:web_site|!ARGS:img_src|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:agendWebPage|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wpTextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:message|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:data[Label][website]|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:webeditor1|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:user_website|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:html_message|!ARGS:userDetails[web_address]|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:web_address|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:tj_message|!ARGS:cc_message|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:x_website|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,chain" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" #SQL Injection cases SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/text/|!ARGS:pass|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?: cast\b\W*?\(|xecresultset|;DECLARE\b\W*?)" \ "id:340164,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Injection Attack'" #SQL Injection cases SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_COOKIES:utmctr "(?:cast\b\W*?\(|xecresultset|';DECLARE\b\W*?)" \ "id:340165,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Injection Attack'" # # Rule 340011: #slightly tighter rules with narrower focus SecRule REQUEST_URI|REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \ "id:340011,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'" # Rule 340005: Code injection via content length SecRule REQUEST_HEADERS:Content-Length "\;(?:system|passthru|exec)\(" \ "id:340005,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Code Injection in Content-Length header'" # Rule 340010: #Generic PHP exploit signatures SecRule REQUEST_BODY|REQUEST_URI "<\?php (?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \ "id:340010,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'" # Rule 340011: #Generic PHP exploit signatures SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \ "id:340011,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'" # Rule 380000: phpbb Session Cookie SecRule REQUEST_COOKIES:sessionid|REQUEST_URI|ARGS|REQUEST_BODY "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D" \ "id:380000,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'" # Rule 380002: schema overflow attempt SecRule REQUEST_URI|ARGS|REQUEST_BODY "\|3A\|///^[^\/]{14,}?\x3a\/\/" \ "id:380002,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'" # Rule 380003: HappyMall Command Execution member_html.cgi SecRule REQUEST_URI "member_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" \ "id:380003,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'" # Rule 380004: HappyMall Command Execution normal_html.cgi SecRule REQUEST_URI "normal_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" \ "id:380004,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'" # Rule 380005: phpBB Remote Code Execution Attempt SecRule REQUEST_URI "viewtopic\.php\?" \ "id:380005,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack',chain" SecRule ARGS:highlight "(\'|\%[a-f0-9]{4})(\.|\/|\\|\%[a-f0-9]{4}).+?(\'|\%[a-f0-9]{4})" # Rule 380006: XSS generic sig SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:message|!ARGS:text|!ARGS:filecontent "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" \ "id:380006,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS Generic attack'" # Rule 380007: generic SQL injection sigs using PCRE SecRule REQUEST_URI "!(/immagini/)" \ "chain,id:380007,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Inject Generic signature'" SecRule REQUEST_URI|ARGS|REQUEST_BODY "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52).*!(\.(jpe?g|png|bmp|gif|mpe?g|avi|wmv|ico)$)" \ #PDF XSS attack 1 #SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|!ARGS:message|!ARGS:/text/ "(?:ogg|gopher|zlib|(?:ht|f)tps?):\/\/[\w\.]+?\/.*?\.pdf\b[^\x0d\x0a]*#" \ # "capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PDF XSS attack 1',id:'380011',rev:6,severity:'2'" #PDF XSS attack 2 SecRule REQUEST_HEADERS|XML:/*|!ARGS:/^products_description/|ARGS:introtext|!ARGS:/^message/|!ARGS:fulldescr|!ARGS:/^data/|!ARGS:introtext "(?:ogg|gopher|zlib|(?:ht|f)tps?):\/\/[\w\.]+?\/.*?\.pdf\b[^\x0d\x0a]*#" \ "chain,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PDF XSS attack 2',id:'380012',rev:4,severity:'2'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" #prevents exposure of ASL config files on customer machine SecRule RESPONSE_BODY "---ASL-CONFIG-FILE---" \ "phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: ASL Configuration Leak Prevented',id:'380013',severity:'2',rev:1" #prevents leakage of web application source code #SecRule RESPONSE_BODY "((?:\b(?:(?:s(?:erver\.(?:(?:(?:htm|ur)lencod|execut)e|createobject|mappath)|cripting\.filesystemobject)|(?:response\.(?:binary)?writ|vbscript\.encod)e|wscript\.(?:network|shell))\b|javax\.servlet)|\.(?:(?:(?:createtex|ge)t|loadfrom)file|addheader)\b| SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340463,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (modules.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340462,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (modules.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/referrer/|!ARGS:/^gbu0_/|!ARGS:/website/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_image|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:icon|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:/comments/|!ARGS:email|!ARGS:enlace_video|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:sfhome|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:cforms_action_page|!ARGS:ecards_more_pic_target|!ARGS:message|!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/url/|!ARGS:/page/|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:/referer/|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/image_path/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340464,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (admin.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/referrer/|!ARGS:/^gbu0_/|!ARGS:/website/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_image|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:icon|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:email|!ARGS:enlace_video|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:ecards_more_pic_target|!ARGS:cforms_action_page|!ARGS:message/!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/page/|!ARGS:/url/|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:/referer/|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:/comments/|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sfhome|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/image_path/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340465,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (admin.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340466,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340467,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340468,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (save-page.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340469,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (save-page.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340470,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340471,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340472,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340473,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340474,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340475,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340157 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:comments "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \ "id:340457,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/admin/index.php exclude)'" SecRule ARGS|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:Exlink|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:/page/|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:code|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340476,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:Exlink|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:/page/|!ARGS:code|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340477,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340478,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340479,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340480,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340481,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340482,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340483,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:homepage|!ARGS:field4|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340484,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (contact.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340485,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (contact.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340486,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340487,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340488,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340489,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340490,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340491,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340144 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340492,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340493,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" # Rule 340444: Generic SQL sigs SecRule ARGS|!ARGS:message "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340444,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/forums/newreply.php)'" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340494,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340495,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340496,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/links.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340497,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/links.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340156 #Always bad SQL injection case w/ antievasion SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS:message "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \ "id:340498,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:7,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/forums/newreply.php)',logdata:'%{TX.0}'" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340499,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340500,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:re|!ARGS:_wp_http_referer \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340501,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/bb-login.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:re|!ARGS:_wp_http_referer \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340502,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/bb-login.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:/page/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340503,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:/page/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340504,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340505,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340506,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:location|!ARGS:physical_address|!ARGS:text_message_body \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340507,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/dada/mail.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:location|!ARGS:physical_address|!ARGS:text_message_body \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340508,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/dada/mail.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:emailBody \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340509,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:emailBody \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340510,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:admin_email_text \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340511,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:admin_email_text \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340512,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340157 SecRuleRemoveById 340159 #SQL inline command attack SecRule REQUEST_URI|ARGS|!ARGS:saved_data "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \ "id:344513,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/calendar/install/index.php)'" #SQL inline command attack with more AE cases SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:saved_data "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \ "id:344514,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/calendar/install/index.php)',multimatch" # SecRuleRemoveById 340144 SecRuleRemoveById 340157 SecRule ARGS|!ARGS:patch_query "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340515,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/admin/patch.php)'" SecRule REQUEST_URI|ARGS|!ARGS:patch_query "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \ "id:344516,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/admin/patch.php)'" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:a|!ARGS:u \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340517,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:a|!ARGS:u \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340518,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340519,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340520,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340521,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340522,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:text_2|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:/page/|!ARGS:ta|!ARGS:post \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340523,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:text_2|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:/page/|!ARGS:ta|!ARGS:post \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340524,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:/page/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340525,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:/page/ \ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340526,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:DirName "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340527,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/insert_image)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:DirName "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340528,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/insert_uimage)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340529,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /administration/news.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340530,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/administration/news.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340531,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340532,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340533,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340544,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340545,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340546,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340547,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340548,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340549,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340550,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340160 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340551,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340552,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:pagina "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340553,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340554,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:sitefolder "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340555,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/videos/install)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:sitefolder "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340556,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/videos/install)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/contents/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340557,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/contents/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340558,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340559,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340560,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^content_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340561,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^content_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340562,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:U "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340563,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:U "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340564,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:rules|!ARGS:terms "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340565,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:rules|!ARGS:terms "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340566,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:txtComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340567,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:txtComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340568,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340569,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340570,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340144 SecRule ARGS|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:skills "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:346144,rev:12,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/sregister2-p.php)'" SecRuleRemoveById 340156 SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring] "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \ "id:344156,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/Board/posting.php)',logdata:'%{TX.0}'" SecRuleRemoveById 340026 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:base "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340571,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:base "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340572,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:dep "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340573,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/livehelp/chat.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:dep "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340574,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/livehelp/chat.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340006 SecRule REQUEST_URI|ARGS|!ARGS:src "(?:\.\./\.\./)" \ "t:normalisePath,id:346006,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS (/modules/mod_dgm-news_ultra/img/phpThumb.php)'" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340575,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340576,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340577,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340578,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 341057 SecRuleRemoveById 340144 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:file|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340712,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'" SecRule ARGS|!ARGS:hos|!ARGS:wp_home|!ARGS:domain_in|!ARGS:ftpPath|!ARGS:f_license|!ARGS:f_site|!ARGS:/txt/|!ARGS:/text/|!ARGS:/uri/|!ARGS:/url/|!ARGS:site_addr|!ARGS:uusDatabaseHost|!ARGS:DB_SERVER|!ARGS:BosClassifiedsDatabaseHost|!ARGS:/url/|!ARGS:upload_dir|!ARGS:ftp_server|!ARGS:/WWW/|!ARGS:config|!ARGS:/http/|!ARGS:cptpl_dir|!ARGS:dbhost "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340579,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/install.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:hos|!ARGS:wp_home|!ARGS:domain_in|!ARGS:ftpPath|!ARGS:f_license|!ARGS:f_site|!ARGS:/txt/|!ARGS:/text/|!ARGS:/uri/|!ARGS:/url/|!ARGS:site_addr|!ARGS:uusDatabaseHost|!ARGS:DB_SERVER|!ARGS:BosClassifiedsDatabaseHost|!ARGS:/url/|!ARGS:upload_dir|!ARGS:ftp_server|!ARGS:/WWW/|!ARGS:config|!ARGS:/http/|!ARGS:cptpl_dir|!ARGS:dbhost "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340580,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/install.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:upload_dir "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340581,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:upload_dir "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340582,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:z "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340583,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:z "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340584,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:success "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340585,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:success "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340586,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340587,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340588,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:pictureremote "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340589,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:pictureremote "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340590,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340591,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340592,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340592,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340593,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/page/|!ARGS:/address/|!ARGS:/url/|!ARGS:/^sm_pages_ur/|!ARGS:/^campaign_feed/|!ARGS:/^IMConfig/|!ARGS:/url/|!ARGS:ddsg_xml_path|!ARGS:sm_b_style|!ARGS:regplus_login_redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,id:340594,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/page/|!ARGS:/address/|!ARGS:/url/|!ARGS:/^sm_pages_ur/|!ARGS:/^campaign_feed/|!ARGS:/^IMConfig/!ARGS:/url/|!ARGS:ddsg_xml_path|!ARGS:sm_b_style|!ARGS:regplus_login_redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340595,rev:7,severity:4,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340596,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340597,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340598,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340599,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340600,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340601,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:dict "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340602,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:dict "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340603,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340604,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340605,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:searchstring|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340605,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:searchstring|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340606,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:desc|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340607,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:desc|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340608,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340609,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340610,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340611,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340612,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340613,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340614,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340615,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340616,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340617,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340618,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340619,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340620,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:route_to "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340621,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:route_to "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340622,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/template/|!ARGS:m1_subscribe_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340623,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/template/|!ARGS:m1_subscribe_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340624,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:embed "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340625,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:embed "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340626,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:custom_promo_code "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340627,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:custom_promo_code "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340628,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:site_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340629,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:site_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340630,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340631,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340632,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340633,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340634,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340635,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340636,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:login "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340637,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:login "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340638,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^site_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340639,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^site_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340640,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340024 SecRuleRemoveById 340028 SecRuleRemoveById 340151 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340641,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340641,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:MemberSelectList "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340643,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:MemberSelectList "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340644,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340645,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340646,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:target_title "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340647,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:target_title "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340648,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^edit/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340649,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^edit/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340650,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:response "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340651,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:response "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340652,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:recipient_address "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340653,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:recipient_address "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340654,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:store "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340655,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:store "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340656,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:re "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340657,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:re "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340658,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:target1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340659,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:target1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340660,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:CARTDIR "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340661,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:CARTDIR "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:DIR_REL "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340661,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:DIR_REL "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:pagename "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340663,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:pagename "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340664,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340665,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340666,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340667,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340668,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:XML "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340669,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:XML "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340670,chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340157 SecRuleRemoveById 340006 SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors)" \ "chain,t:normalisePath,id:340671,rev:19,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS', chain" SecRule REQUEST_URI|ARGS|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:newcontent "(?:\.\./\.\./|\.\|\./\.\|\./\.\|)" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340672,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340672,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:map|!ARGS:photo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340674,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:map|!ARGS:photo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340675,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340676,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340677,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340678,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340679,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340680,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340681,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340682,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340683,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:message|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340684,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:message|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340685,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340161 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340686,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340687,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340688,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340689,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340690,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340691,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340157 SecRuleRemoveById 340159 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340692,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340693,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:file|!ARGS:referer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340694,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:file|!ARGS:referer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340695,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:package "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340696,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:package "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340697,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340698,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340699,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340700,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340701,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340702,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340703,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340704,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340705,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 380006 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340706,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340707,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340084 SecRuleRemoveById 340084 SecRuleRemoveById 340160 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340708,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340709,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340710,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340711,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340712,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340713,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340714,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340715,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340716,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340717,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340718,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340719,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340720,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340721,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340722,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340723,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340724,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340725,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340161 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340726,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340727,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src|!ARGS:filepath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340728,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src|!ARGS:filepath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340729,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340730,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340731,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340159 SecRuleRemoveById 340160 SecRuleRemoveById 340159 SecRuleRemoveById 340160 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340732,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340733,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340734,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340735,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340736,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340737,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340738,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340739,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340151 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340740,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340741,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340007 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340742,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340743,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340744,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340745,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340746,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340747,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 380011 SecRuleRemoveById 340007 SecRuleRemoveById 340007 SecRuleRemoveById 340007 SecRule REQUEST_URI|ARGS|!ARGS:content "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \ "t:none,t:lowercase,id:340748,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'" SecRuleRemoveById 380011 SecRuleRemoveById 380012 SecRuleRemoveById 380011 SecRuleRemoveById 380012 SecRuleRemoveById 340159 SecRuleRemoveById 340151 SecRule ARGS|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:/sql_query/|!ARGS:/^sql/|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:/^sql_/|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |cast\b\W*?\(|xecresultset|';DECLARE\b\W*?|;set @)" \ "multiMatch,id:340808,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (MM)'" SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \ "chain,t:none,t:lowercase,id:340794,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'" SecRule REQUEST_URI|ARGS|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340026 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:3407449,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340750,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340026 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:3407451,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340752,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:3407453,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340754,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340007 SecRuleRemoveById 340084 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:pthanks "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:3407455,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:pthanks "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340756,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:3407457,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340758,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340007 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:3407459,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340760,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340006 SecRuleRemoveById 340007 SecRuleRemoveById 340157 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340761,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340762,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340157 SecRuleRemoveById 340160 SecRuleRemoveById 340009 SecRuleRemoveById 380011 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,id:340763,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340764,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340765,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340766,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340006 SecRuleRemoveById 340007 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340767,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340768,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340161 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340144 SecRuleRemoveById 340155 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340769,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340770,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340144 SecRuleRemoveById 340155 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340771,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340772,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/web/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:docroot|!ARGS:server_protocol "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340773,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/web/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:docroot|!ARGS:server_protocol "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340774,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340775,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340776,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340151 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340776,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340778,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 341045 SecRule ARGS|!ARGS:newcontent|!ARGS:khxc_incphp--filename|!ARGS:file_contents|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]]1|(?:or 1=1|'.+)--')" \ "id:340777,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340779,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340780,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340006 SecRuleRemoveById 340007 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340781,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340782,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^mban/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340783,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^mban/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340784,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340785,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340786,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340787,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340788,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340018 SecRuleRemoveById 340161 SecRuleRemoveById 340144 SecRule ARGS|!ARGS:task|!ARGS:q "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340544,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/administrator/index2.php)'" SecRuleRemoveById 380006 SecRuleRemoveById 380011 SecRule ARGS|!ARGS:task "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340544,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/administrator/index2.php)'" SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:message|!ARGS:text "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" \ "id:380006,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS Generic attack'" SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \ "chain,t:none,t:lowercase,id:340789,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'" SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:videoplayer|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340026 SecRule ARGS|!ARGS:search_keywords|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340790,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:search_keywords|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340791,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340792,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340793,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340144 SecRule ARGS|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:output "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340795,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain" SecRuleRemoveById 340007 SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \ "t:none,t:lowercase,id:340796,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'" SecRuleRemoveById 340161 SecRuleRemoveById 340022 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340797,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340798,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340144 SecRule ARGS|!ARGS:/text/|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340799,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain" SecRuleRemoveById 380007 SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:c "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52)" \ "id:340800,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Inject Generic signature'" SecRuleRemoveById 340161 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340801,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340802,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340145 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340803,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340804,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340805,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340806,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340807,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340808,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340006 SecRuleRemoveById 340007 SecRuleRemoveById 340149 SecRuleRemoveById 340148 SecRuleRemoveById 340007 SecRule REQUEST_URI|ARGS|!ARGS:dir|!ARGS:/txt/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \ "t:none,t:lowercase,id:340810,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'" SecRuleRemoveById 340026 SecRuleRemoveById 340149 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340811,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340812,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340813,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340814,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340007 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340157 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340815,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340816,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule ARGS|!ARGS:errmsg "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340817,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340157 SecRuleRemoveById 340159 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340007 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340818,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(||\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340819,rev:20,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" # XSS injection SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340820,rev:17,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340821,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(||\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340822,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" # XSS injection SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340149 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340006 SecRuleRemoveById 340007 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/page/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:/^B/|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^B/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(||\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340824,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRuleRemoveById 340144 SecRule ARGS|!ARGS:state|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340825,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340017 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340017 SecRule ARGS|!ARGS:CompanyType|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?:insert into values|select from [a-z|A-Z|0-9]|bulk insert|union select|convert \(.*from)" \ "id:340826,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection in ARGS'" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340009 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340827,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340828,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRuleRemoveById 340161 SecRuleRemoveById 340007 SecRuleRemoveById 340009 SecRuleRemoveById 340144 SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340829,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340830,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRuleRemoveById 340149 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340018 SecRuleRemoveById 340007 SecRuleRemoveById 340009 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340831,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340832,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340164 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340160 SecRuleRemoveById 340077 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340017 SecRuleRemoveById 340006 SecRuleRemoveById 340007 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340144 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340162 SecRuleRemoveById 340163 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 390614 SecRuleRemoveById 390615 SecRuleRemoveById 380006 SecRuleRemoveById 340160 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule ARGS|!ARGS:/user/|!ARGS:/pass/!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "id:340833,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRule ARGS|!ARGS:/user/|!ARGS:/pass/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340834,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'" SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340835,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(||\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)" \ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340836,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRule REQUEST_URI|ARGS|!ARGS:/move/|!ARGS:embeddump|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" \ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340837,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRuleRemoveById 340009 SecRuleRemoveById 340007 SecRuleRemoveById 340008 SecRuleRemoveById 340163 SecRuleRemoveById 340161 SecRuleRemoveById 340007 SecRuleRemoveById 340026 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340839,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" \ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340840,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'" # Rule 340148: XSS injection SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(||\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)" \ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340841,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" # Rule 340149: XSS injection SecRule REQUEST_URI|ARGS|!ARGS:/survey/|!ARGS:embeddump|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" \ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340842,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340144 SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \ "id:340144,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'" SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149 SecRuleRemoveById 340144 SecRuleRemoveById 340147 SecRuleRemoveById 340148 SecRuleRemoveById 340149