# Example configuration file for the mod_security Apache module LoadModule security_module modules/mod_security.so <IfModule mod_security.c> # Turn the filtering engine On or Off SecFilterEngine On # The audit engine works independently and # can be turned On of Off on the per-server or # on the per-directory basis SecAuditEngine RelevantOnly # Make sure that URL encoding is valid SecFilterCheckURLEncoding On # Unicode encoding check - #### Tigher turned off to avoid some boinc clients screwing up SecFilterCheckUnicodeEncoding Off # Only allow bytes from this range SecFilterForceByteRange 1 255 # Cookie format checks. SecFilterCheckCookieFormat On # The name of the audit log file SecAuditLog logs/audit_log # Should mod_security inspect POST payloads SecFilterScanPOST On # Default action set SecFilterDefaultAction "deny,log,status:406" #Server masking is optional SecServerSignature "ChingYey-Zilla 3.2" # Simple example filter # SecFilter 111 # Prevent path traversal (..) attacks #SecFilter "\.\./" # Weaker XSS protection but allows common HTML tags # SecFilter "<( |\n)*script" # Prevent XSS atacks (HTML/Javascript injection) # SecFilter "<(.|\n)+>" # Very crude filters to prevent SQL injection attacks # SecFilter "delete[[:space:]]+from" # SecFilter "insert[[:space:]]+into" # SecFilter "select.+from" ######################################################## # Tigher added section ######################################################## # # Specific filters # SecFilter /bin/sh SecFilter /bin/bash SecFilter /bin/tcsh SecFilter /bin/csh SecFilter /var/spool SecFilter /dev/shm SecFilter /var/tmp SecFilter /bin/ps SecFilter /usr/local/flash SecFilter udp.pl SecFilter r0nin SecFilter pbsync SecFilter bindz SecFilter inetd SecFilter psybnc SecFilter PhiLaR.pl SecFilter php-shell.php SecFilter phpshell.php SecFilter dc.pl SecFilter elflbl SecFilter zregbot SecFilter irclordz SecFilter dalnet # Block various methods of downloading files to a server SecFilterSelective THE_REQUEST "wget" SecFilterSelective THE_REQUEST "lynx" SecFilterSelective THE_REQUEST "scp" SecFilterSelective THE_REQUEST "cvs" SecFilterSelective THE_REQUEST "rcp " SecFilterSelective THE_REQUEST "telnet" #SecFilterSelective THE_REQUEST "echo" SecFilterSelective THE_REQUEST "links -dump" SecFilterSelective THE_REQUEST "links -dump-charset" SecFilterSelective THE_REQUEST "links -dump-width" SecFilterSelective THE_REQUEST "links http://" SecFilterSelective THE_REQUEST "links ftp://" SecFilterSelective THE_REQUEST "links -source" SecFilterSelective THE_REQUEST "mkdir" SecFilterSelective THE_REQUEST "cd /tmp" SecFilterSelective THE_REQUEST "cd /var/tmp" SecFilterSelective THE_REQUEST "cd /var/netenberg" SecFilterSelective THE_REQUEST "uname -a" SecFilterSelective THE_REQUEST "\.htgroup" SecFilterSelective THE_REQUEST "\.htaccess" # WEB-CLIENT Javascript URL host spoofing attempt SecFilter "javascript\://" # WEB-MISC cross site scripting \(img src=javascript\) attempt SecFilter "img src=javascript" # WEB-MISC cd.. SecFilterSelective THE_REQUEST "cd\.\." # WEB-MISC ///cgi-bin access SecFilterSelective THE_REQUEST "///cgi-bin" # WEB-MISC /cgi-bin/// access SecFilterSelective THE_REQUEST "/cgi-bin///" # WEB-MISC /~root access SecFilterSelective THE_REQUEST "/~root" # WEB-MISC /~ftp access SecFilterSelective THE_REQUEST "/~ftp" # WEB-MISC htgrep attempt SecFilterSelective THE_REQUEST "/htgrep" chain SecFilter "hdr=/" # WEB-MISC htgrep access SecFilterSelective THE_REQUEST "/htgrep" log,pass # WEB-MISC .history access SecFilterSelective THE_REQUEST "/\.history" # WEB-MISC .bash_history access SecFilterSelective THE_REQUEST "/\.bash_history" # WEB-PHP PHP-Wiki cross site scripting attempt SecFilterSelective THE_REQUEST "<script" # WEB-PHP strings overflow SecFilterSelective THE_REQUEST "\?STRENGUR" # WEB-PHP PHPLIB remote command attempt SecFilter "_PHPLIB\[libdir\]" # known bad proxies that represent a risk SecFilterSelective HTTP_FORWARDED "mangostino\.ut\.edu\.co" SecFilterSelective HTTP_FORWARDED ".*\.cnh\.com" SecFilterSelective HTTP_FORWARDED "phenix-prog-phr" SecFilterSelective HTTP_FORWARDED "alfred\.nssi\.telus\.com" SecFilterSelective HTTP_FORWARDED "wadsworth\.nssi\.telus\.com" SecFilterSelective HTTP_VIA "\.ownsalldomains\.org" SecFilterSelective HTTP_VIA "cache\.topflash\.co\.kr" SecFilterSelective HTTP_VIA "\.quasar\.net\.id:8080" SecFilterSelective HTTP_VIA "\.serverpronto\.com" SecFilterSelective HTTP_VIA "\.fetish-expert\.org" SecFilterSelective HTTP_VIA "proxy\.hwai\.edu\.tw" SecFilterSelective HTTP_VIA "interno-1-1\.edn\.org\.br" SecFilterSelective HTTP_VIA "\.pt-server1\.bt\.com" SecFilterSelective HTTP_VIA "1\.1 cache-test-dtv-kno" SecFilterSelective HTTP_VIA "kdnproxy\.kdn\.gov\.my" SecFilterSelective HTTP_VIA "\.wisdomchina\.com" SecFilterSelective HTTP_VIA "1\.1 PALACIOISA" SecFilterSelective HTTP_VIA "1\.1 cache7\:80 \(squid" SecFilterSelective HTTP_VIA "1\.1 www\.pt-server1\.bt\.com" SecFilterSelective HTTP_VIA "revProxy\.foredu\.com\.cn" SecFilterSelective HTTP_VIA "\.salmanetwork\.com" SecFilterSelective HTTP_VIA "\.warnet\.com" SecFilterSelective HTTP_VIA "moses\.frc\.org" SecFilterSelective HTTP_VIA "1\.0 SQCNT3" SecFilterSelective HTTP_VIA "phenix-prog-phr" SecFilterSelective HTTP_VIA "1\.0 TIETONG" SecFilterSelective HTTP_VIA "webshield\.beitberl\.ac\.il" SecFilterSelective HTTP_VIA "1\.1 www\.any\.com" SecFilterSelective HTTP_VIA "intra\.ckus\.rmutp\.ac\.th" SecFilterSelective HTTP_VIA "poczta\.prochowa12\.waw\.pl" SecFilterSelective HTTP_VIA "1\.1 ICACHE1" SecFilterSelective HTTP_VIA "1\.1 New-Proxy2" SecFilterSelective HTTP_VIA "1\.1 SERVEUR2000" SecFilterSelective HTTP_VIA "intra\.ckus\.rmutp\.ac\.th" SecFilterSelective HTTP_VIA "1\.1 PROXY, 1\.0 NC2100" SecFilterSelective HTTP_VIA "1\.1 www\.rolnas\.com\.pl" SecFilterSelective HTTP_VIA "1\.1 revproxy2" SecFilterSelective HTTP_VIA "1\.1 webmail\.siamcom\.co\.th" SecFilterSelective HTTP_VIA "1\.1 SMS2000\.tutsys\.com" SecFilterSelective HTTP_VIA "1\.1 CAE-SERVER" SecFilterSelective HTTP_VIA "1\.1 WORKGROU-OYOU4X" SecFilterSelective HTTP_VIA "1\.1 INKABANPINPROXY" SecFilterSelective HTTP_VIA "1\.1 DNS4" SecFilterSelective HTTP_VIA "1\.1 www\.rolnas\.com\.pl" SecFilterSelective HTTP_VIA "1\.1 DBSV1008" SecFilterSelective HTTP_VIA "1\.1 NEWISA" SecFilterSelective HTTP_VIA "1\.1 CPGATEWAY02" SecFilterSelective HTTP_VIA "1\.1 router\:3128 \(KEN\!\)" SecFilterSelective HTTP_VIA "1\.1 PROXYSRV\, 1\.0 supercache5" SecFilterSelective HTTP_VIA "1\.1 ATIPLS1" SecFilterSelective HTTP_VIA "1\.0 SMART\, 1\.0 LOIER2800\:" SecFilterSelective HTTP_VIA "1\.1 62\.93\.34\.160" SecFilterSelective HTTP_VIA "1\.1 fwall\.belcomct\.net" SecFilterSelective HTTP_VIA "1\.1 ZERT-EWDGNMVXUF" SecFilterSelective HTTP_VIA "1\.1 su\.tkp\.edu\.hk" SecFilterSelective HTTP_VIA "HTTP/1\.1 proxy\[AC1E0247" SecFilterSelective HTTP_VIA "1\.1 compujuan\.com\.es" SecFilterSelective HTTP_VIA "1\.1 FEDERATION" SecFilterSelective HTTP_VIA "1\.1 EXACTWAPPROXY" SecFilterSelective HTTP_VIA "1\.1 GRNSERVER" SecFilterSelective HTTP_VIA "1\.1 www\.satem\.gob\.ve" SecFilterSelective HTTP_VIA "1\.1 nilcombi\.nilcom\.fr" SecFilterSelective HTTP_VIA "1\.1 cellulant\.lifeismobile\.com" SecFilterSelective HTTP_VIA "1\.1 SR2300-SE7501-H" SecFilterSelective HTTP_VIA "1\.1 www\.dmi\.es" SecFilterSelective HTTP_VIA "1\.1 BRHCYBER" SecFilterSelective HTTP_VIA "1\.1 132\.110\.2\.12" SecFilterSelective HTTP_VIA "1\.1 .*\.pivotoffice\.com" SecFilterSelective HTTP_VIA "1\.1 .*\.mundo-r\.com" SecFilterSelective HTTP_VIA "1\.1 FAMILYCAREREHAB" SecFilterSelective HTTP_VIA "1\.1 INFORMASERVER" SecFilterSelective HTTP_VIA "1\.1 ITISA" SecFilterSelective HTTP_VIA "1\.1 .*\.as5587\.net" SecFilterSelective HTTP_VIA "1\.1 Maua" SecFilterSelective HTTP_VIA "1\.1 JUNIOR" SecFilterSelective HTTP_VIA "1\.1 offsetinternet" SecFilterSelective HTTP_VIA ".*codevasf\.gov\.br" SecFilterSelective HTTP_VIA "1\.1 www\.aha\.at" SecFilterSelective HTTP_VIA "1\.1 ucavilapruebas\.es" SecFilterSelective HTTP_VIA "1\.1 .*\.insightfirst\.com" SecFilterSelective HTTP_VIA "1\.1 if3\.insightfirst\.com" SecFilterSelective HTTP_VIA "1\.1 SERV132" SecFilterSelective HTTP_VIA "1\.1 CacheFORCE" SecFilterSelective HTTP_VIA "1\.1 dgc-squid" SecFilterSelective HTTP_VIA "1\.1 NTS-SERVER" SecFilterSelective HTTP_VIA "1\.1 AJF-JTC-ISA01" SecFilterSelective HTTP_VIA "1\.1 neptun\.ci\.uw\.edu\.pl" SecFilterSelective HTTP_VIA "1\.1 2-net\.ro" SecFilterSelective HTTP_VIA "1\.1 .*\.usscript\.com" SecFilterSelective HTTP_VIA "1\.1 SSIP_SERVER3" SecFilterSelective HTTP_VIA "1\.1 SYVKOV422GX" SecFilterSelective HTTP_VIA "1\.1 .*\.arbuzowa\.net" SecFilterSelective HTTP_VIA "1\.1 www\.kevsclub\.com" SecFilterSelective HTTP_VIA "1\.0 KALIMBA" SecFilterSelective HTTP_VIA "1\.0 NETOUT-SERVER" SecFilterSelective HTTP_VIA "1\.0 NTMARVWALL01" SecFilterSelective HTTP_VIA "1\.0 PROXYSES2" SecFilterSelective HTTP_VIA "1\.0 ptcdb\.edu\.ps" SecFilterSelective HTTP_VIA "1\.0 px1nr \(NetCache NetApp/5\.6\.1D25\)" SecFilterSelective HTTP_VIA "1\.0 px8so \(NetCache NetApp/5\.6\.1D25\)" SecFilterSelective HTTP_VIA "1\.0 SERV132, 1\.0 netcache1 \(NetCache NetApp/6\.0\.1\)" SecFilterSelective HTTP_VIA "1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\), TEKIYA03, 1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\)" SecFilterSelective HTTP_VIA "1\.1 146\.83\.216\.207" SecFilterSelective HTTP_VIA "1\.1 202\.88\.250\.211" SecFilterSelective HTTP_VIA "1\.1 213\.155\.209\.204" SecFilterSelective HTTP_VIA "1\.1 accel10\.click21\.com\.br" SecFilterSelective HTTP_VIA "1\.1 alcyonix\.dyndns\.ws" SecFilterSelective HTTP_VIA "1\.1 athos\.chem\.demokritos\.gr" SecFilterSelective HTTP_VIA "1\.1 ATIPLS1" SecFilterSelective HTTP_VIA "1\.1 BBSM52" SecFilterSelective HTTP_VIA "1\.1 cacheB\.ipko\.net" SecFilterSelective HTTP_VIA "1\.1 CAE-SERVER" SecFilterSelective HTTP_VIA "1\.1 CATHODE" SecFilterSelective HTTP_VIA "1\.1 CSB-NC2 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 cuchimilco\.huaral\.org" SecFilterSelective HTTP_VIA "1\.1 DBSV1008" SecFilterSelective HTTP_VIA "1\.1 dns2\.araxa\.com\.br" SecFilterSelective HTTP_VIA "1\.1 EMERSON, 1\.0 C6100 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 EPPD_SERVER" SecFilterSelective HTTP_VIA "1\.1 fox-server1\.foxschool\.lan" SecFilterSelective HTTP_VIA "1\.1 http-istcf1" SecFilterSelective HTTP_VIA "1\.1 JUNIOR" SecFilterSelective HTTP_VIA "1\.1 LTSP03\.glenwood\.k12\.mo\.us" SecFilterSelective HTTP_VIA "1\.1 natty\.intranet" SecFilterSelective HTTP_VIA "1\.1 NetCache-CLNS-STACK-1 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 no-dns\.as5587\.net" SecFilterSelective HTTP_VIA "1\.1 ns07\.contentex\.net" SecFilterSelective HTTP_VIA "1\.1 NYNETSRV01" SecFilterSelective HTTP_VIA "1\.1 OTXXSERV" SecFilterSelective HTTP_VIA "1\.1 proxy\.marshall\.k12\.wi\.us" SecFilterSelective HTTP_VIA "1\.1 SERV132, 1\.0 netcache1 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 SERVER-ISA" SecFilterSelective HTTP_VIA "1\.1 SERVEUR-CYBER" SecFilterSelective HTTP_VIA "1\.1 slave02\.terrarica\.net" SecFilterSelective HTTP_VIA "1\.1 SMS2000\.tutsys\.com" SecFilterSelective HTTP_VIA "1\.1 spacebears" SecFilterSelective HTTP_VIA "1\.1 squid2-sydny\.eftel\.com" SecFilterSelective HTTP_VIA "1\.1 SSIP_SERVER3" SecFilterSelective HTTP_VIA "1\.1 SYVKOV422GX" SecFilterSelective HTTP_VIA "1\.1 trixie" SecFilterSelective HTTP_VIA "1\.1 wc-02 \(NetCache NetApp.*" SecFilterSelective HTTP_VIA "1\.1 webmail\.siamcom\.co\.th" SecFilterSelective HTTP_VIA "1\.1 www\.arbuzowa\.net" SecFilterSelective HTTP_VIA "1\.1 www\.gkcabunoc\.com" SecFilterSelective HTTP_VIA "1\.1 addyon\.webair\.com" SecFilterSelective HTTP_VIA "1\.1 alcyonix\.dyndns\.ws" SecFilterSelective HTTP_VIA "1\.1 proxy\.pcdl\.gov\.br" SecFilterSelective HTTP_VIA "1\.1 ichigo\.icsmail\.net" SecFilterSelective HTTP_VIA "1\.1 80\.177\.18\.74" SecFilterSelective HTTP_VIA "1\.1 raptor[0-9][a-z]\.watchdog\.net\.nz" SecFilterSelective HTTP_VIA "1\.0 proxy[0-9]\..*\.maxnet\.net\.nz" SecFilterSelective HTTP_VIA "1\.0 proxy[0-9]\.akl[0-9]\.maxnet\.net\.nz" SecFilterSelective HTTP_VIA "1\.1 POMGFIREWALL" SecFilterSelective HTTP_VIA "1\.1 alfred\.nssi\.telus\.com" SecFilterSelective HTTP_VIA "1\.1 .*\.acdi-cida\.gc\.ca" SecFilterSelective HTTP_VIA "CIDA13\.acdi-cida\.gc\.ca" #generic sig for a bad site SecFilterSelective REQUEST_URI "(http|https|ftp).*\.exs\.cx/.*/nc4hk\.swf" SecFilterSelective THE_REQUEST "\.frauenfinanzzentrum\.at" SecFilterSelective THE_REQUEST "von-der-igelhoehe\.de" SecFilterSelective THE_REQUEST "danger-soft\.com" SecFilterSelective THE_REQUEST "hellostrangermusic\.com/" SecFilterSelective THE_REQUEST "(/|\.)molganinovo\.ru/" SecFilterSelective THE_REQUEST "(\.|/)altunerhost\.com" SecFilterSelective THE_REQUEST "\.netfast\.org" SecFilterSelective THE_REQUEST "\.redcrew\.de" SecFilterSelective THE_REQUEST "(\.|/)elektroteh\.com/" SecFilterSelective THE_REQUEST "(\.|/)see-my-ip\.info/" SecFilterSelective THE_REQUEST "kanalia\.bimber\.pl" SecFilterSelective THE_REQUEST "(\.|/)flinttalk\.com" SecFilterSelective REQUEST_URI "https?:.*(\.|/)myspace\.si/" SecFilterSelective THE_REQUEST "uarg\.unpa\.edu\.ar" SecFilterSelective THE_REQUEST "(\.|/)wileyc\.edu/" SecFilterSelective THE_REQUEST "(\.|/)eks-darmstadt\.de" SecFilterSelective THE_REQUEST "(\.|/)flinttalk\.com" SecFilterSelective THE_REQUEST "\.albacrew\.us/" SecFilterSelective THE_REQUEST "\.tebel-gmbh\.de/" SecFilterSelective THE_REQUEST "(/|\.)defensacivil\.gov\.ec/" SecFilterSelective THE_REQUEST "(/|\.)wwop\.org" SecFilterSelective THE_REQUEST "\.kalin\.ru/" SecFilterSelective THE_REQUEST "destructive\.by\.ru/" SecFilterSelective THE_REQUEST "gulfchamber\.org/" SecFilterSelective THE_REQUEST "tckct\.co\.uk" SecFilterSelective THE_REQUEST "crimsonaddict\.com/" SecFilterSelective THE_REQUEST "(\.|/)webstorch\.com" SecFilterSelective THE_REQUEST "/213\.133\.108\.122/" SecFilterSelective THE_REQUEST "freewebtown\.com/" SecFilterSelective THE_REQUEST "(\.|/)tinypath\.com/" SecFilterSelective THE_REQUEST "rve\.cjb\.hu/" SecFilterSelective THE_REQUEST "69\.25\.64\.78" SecFilterSelective THE_REQUEST "(\.|/)xgamers\.com\.tw/" SecFilterSelective THE_REQUEST "(\.|/)balikesir\.edu\.tr/" SecFilterSelective THE_REQUEST "(\.|/)ocprojects\.com/" SecFilterSelective THE_REQUEST "(\.|/)casadejoaodebarro\.com\.br/" SecFilterSelective THE_REQUEST "\.extremus\.info/" SecFilterSelective THE_REQUEST "\.parit\.org/" SecFilterSelective THE_REQUEST "\.awardspace\.com" SecFilterSelective THE_REQUEST "(/|\.)haztek-software\.com" SecFilterSelective THE_REQUEST "(/|\.)geocities\.com/nirkan2k3/" SecFilterSelective THE_REQUEST "(/|\.)libracomm\.co\.uk/" SecFilterSelective THE_REQUEST "(/|\.)kloeckner-web\.de" SecFilterSelective THE_REQUEST "(/|\.)mirckurdu\.net/" SecFilterSelective THE_REQUEST "(/|\.)apk\.pt/" SecFilterSelective THE_REQUEST "(/|\.)asksevda\.net" SecFilterSelective THE_REQUEST "(/|\.)kacaktc\.com" SecFilterSelective THE_REQUEST "(/|\.)3-bius\.com" SecFilterSelective THE_REQUEST "(/|\.)injek-gw\.com" SecFilterSelective THE_REQUEST "(/|\.)brtdata\.com\.br/" SecFilterSelective THE_REQUEST "(/|\.)uaivip\.com\.br/" SecFilterSelective THE_REQUEST "(/|\.)boardtr\.com/" SecFilterSelective THE_REQUEST "(/|\.)radiouniversity\.net/" SecFilterSelective THE_REQUEST "(/|\.)velvet\.jp/" SecFilterSelective THE_REQUEST "(/|\.)loved\.com/" SecFilterSelective THE_REQUEST "(/|\.)kit\.net/" SecFilterSelective THE_REQUEST "(/|\.)warezworld\.cx/" SecFilterSelective THE_REQUEST "(/|\.)void\.ru/" SecFilterSelective THE_REQUEST "(/|\.)itabaiana\.se\.gov\.br" SecFilterSelective THE_REQUEST "(/|\.)ajadp\.net/" SecFilterSelective THE_REQUEST "(/|\.)perian-a\.biz" SecFilterSelective THE_REQUEST "(/|\.)rootshell\.be" SecFilterSelective THE_REQUEST "(/|\.)tododescargas\.com\.ve/" SecFilterSelective THE_REQUEST "(/|\.)caucasus\.net/" SecFilterSelective THE_REQUEST "(/|\.)iespana\.es/" SecFilterSelective THE_REQUEST "(/|\.)the-tronix\.net/" SecFilterSelective THE_REQUEST "(/|\.)classi-find\.net/" SecFilterSelective THE_REQUEST "(/|\.)albanet\.biz\.tc/" SecFilterSelective THE_REQUEST "(/|\.)wendyscountrycloset\.biz/" SecFilterSelective THE_REQUEST "(/|\.)meiemees\.pri\.ee" SecFilterSelective THE_REQUEST "(/|\.)geirinn\.is" SecFilterSelective THE_REQUEST "(/|\.)skullbocks\.org/" SecFilterSelective THE_REQUEST "(/|\.)byethost9\.com/" SecFilterSelective THE_REQUEST "(/|\.)hackermail2010\.ifrance\.com" SecFilterSelective THE_REQUEST "(/|\.)ifrance\.com/hackermail2010" SecFilterSelective THE_REQUEST "(/|\.)paul\.net\.pl/" SecFilterSelective THE_REQUEST "(/|\.)interfree\.it/" SecFilterSelective THE_REQUEST "\.albados\.com" SecFilterSelective THE_REQUEST "\.perqafohu\.com" SecFilterSelective THE_REQUEST "\.cside21\.com/" SecFilterSelective THE_REQUEST "200\.24\.117\.125" SecFilterSelective THE_REQUEST "elitemorgan\.com/" SecFilterSelective THE_REQUEST "\acesso\.t35\.com" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/jefferyladun/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/junhendra/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/xpl_gibson/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/kelvinkappa1/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/damon_shaft/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/gettoprince4u/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/brennanventures/" SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/solohackerlinks/" SecFilterSelective THE_REQUEST "(\.|/)albahost\.host\.sk/" SecFilterSelective THE_REQUEST "uarg\.unpa\.edu\.ar/" SecFilterSelective THE_REQUEST "\.manhattanservice\.com" SecFilterSelective THE_REQUEST "\.kurddomain\.net" SecFilterSelective THE_REQUEST "elmorgan\.com\.ar" SecFilterSelective THE_REQUEST "61\.1\.197\.244" SecFilterSelective THE_REQUEST "home\.arcor\.de" SecFilterSelective THE_REQUEST "\.turx\.nl" SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/albacr3w/" SecFilterSelective THE_REQUEST "\.ifrance\.com" SecFilterSelective THE_REQUEST "pivadesign\.com\.br" SecFilterSelective THE_REQUEST "\.pc-phasechange\.it" SecFilterSelective THE_REQUEST "ciberia\.ya\.com" SecFilterSelective THE_REQUEST "\.starhack\.org" SecFilterSelective THE_REQUEST "sweet-serenity\.org" SecFilterSelective THE_REQUEST "\.uol\.com\.br" SecFilterSelective THE_REQUEST "aviozone\.com" SecFilterSelective THE_REQUEST "mptechno\.cz" SecFilterSelective THE_REQUEST "\.piranho\.de" SecFilterSelective THE_REQUEST "\.lilspage\.de" SecFilterSelective THE_REQUEST "209\.136\.48\.69" SecFilterSelective THE_REQUEST "216\.12\.103\.29" SecFilterSelective THE_REQUEST "209\.232\.227\.224" SecFilterSelective THE_REQUEST "200\.72\.130\.29" SecFilterSelective THE_REQUEST "209\.123\.16\.34" SecFilterSelective THE_REQUEST "\.mitchellwhite\.com" SecFilterSelective THE_REQUEST "full-comandos\.com" SecFilterSelective THE_REQUEST "members\.lycos\.co\.uk/tiara" SecFilterSelective THE_REQUEST "sharonfamilyandtravel\.com" SecFilterSelective THE_REQUEST "72\.18\.195\.161" SecFilterSelective THE_REQUEST "geocities\.com/hitam_putih_dalnet/" SecFilterSelective THE_REQUEST "cyberspiderwebdesign\.com" SecFilterSelective THE_REQUEST "\.softcarein\.com" SecFilterSelective THE_REQUEST "\.netmisphere2\.com" SecFilterSelective THE_REQUEST "juniorenkammer\.be" SecFilterSelective THE_REQUEST "\.itunisie\.com" SecFilterSelective THE_REQUEST "mitchellgeo\.com" SecFilterSelective THE_REQUEST "hackexpert\.net" SecFilterSelective THE_REQUEST "agi-zagi\.co\.kr" SecFilterSelective THE_REQUEST "\.f1-kingpin\.de" SecFilterSelective THE_REQUEST "(http|https|ftp)\:/.*\.free\.fr" SecFilterSelective THE_REQUEST "www\.designerwear\.co\.uk" SecFilterSelective THE_REQUEST "(http|https|ftp)\:/.*\.i8\.com" SecFilterSelective THE_REQUEST "danzarte\.cl" SecFilterSelective THE_REQUEST "\.ripway\.com" SecFilterSelective THE_REQUEST "81\.174\.26\.111" SecFilterSelective THE_REQUEST "128\.173\.40\.113" SecFilterSelective THE_REQUEST "\.lycos\.co\.uk/metlak/" SecFilterSelective THE_REQUEST "\.xcop\.biz/" SecFilterSelective THE_REQUEST "sca\.postech\.ac\.kr" SecFilterSelective THE_REQUEST "www\.aauto\.no" SecFilterSelective THE_REQUEST "dsoulzin\.net" SecFilterSelective THE_REQUEST "\.altervista\.org" SecFilterSelective THE_REQUEST "\.yatas\.com" SecFilterSelective THE_REQUEST "bocor-team\.org" SecFilterSelective THE_REQUEST "s0l4r1sr0x\.com" SecFilterSelective THE_REQUEST "209\.16\.85\.15" SecFilterSelective THE_REQUEST "217\.160\.242\.90" SecFilterSelective THE_REQUEST "81\.174\.26\.111" SecFilterSelective THE_REQUEST "216\.15\.209\.12" SecFilterSelective THE_REQUEST "216\.103\.82\.214" SecFilterSelective THE_REQUEST "usuarios\.lycos\.es/angienuka" SecFilterSelective THE_REQUEST "usuarios\.lycos\.es/saxalt/" SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/hackersclup" SecFilterSelective THE_REQUEST "spykids\.info" SecFilterSelective THE_REQUEST "smellthecoffee\.com" SecFilterSelective THE_REQUEST "\.nana\.co\.il" SecFilterSelective THE_REQUEST "yavnek12\.co\.il" SecFilterSelective THE_REQUEST "billing\.veloxinternet\.com/" SecFilterSelective THE_REQUEST "usuarios\.lycos\.es" SecFilterSelective THE_REQUEST "217\.114\.109\.11" SecFilterSelective THE_REQUEST "217\.160\.255\.44" SecFilterSelective THE_REQUEST "217\.160\.242\.90" SecFilterSelective THE_REQUEST "148\.81\.141\.12" SecFilterSelective THE_REQUEST "131\.155\.98\.128" SecFilterSelective THE_REQUEST "212\.114\.84\.18" SecFilterSelective THE_REQUEST "81\.174\.26\.111" SecFilterSelective THE_REQUEST "192\.112\.220\.37" SecFilterSelective THE_REQUEST "pc-clinic\.fr" SecFilterSelective THE_REQUEST "clientes\.netvisao\.pt" SecFilterSelective THE_REQUEST "\.sanicentrum\.be" SecFilterSelective THE_REQUEST "www\.brain\.net\.pk" SecFilterSelective THE_REQUEST "web\.un1xtech\.com" SecFilterSelective THE_REQUEST "\.schost\.com\.br/" SecFilterSelective THE_REQUEST "neto5a\.iitalia\.com" SecFilterSelective THE_REQUEST "mesahigh\.com" SecFilterSelective THE_REQUEST "216\.111\.31\.2" SecFilterSelective THE_REQUEST "24\.224\.174\.18" SecFilterSelective THE_REQUEST "\.mcarthur.\org" SecFilterSelective THE_REQUEST "\.v10\.com\.br/" SecFilterSelective THE_REQUEST "agaman\.net" SecFilterSelective THE_REQUEST "\.what-a-pair\.com" SecFilterSelective THE_REQUEST "62\.101\.193\.244" SecFilterSelective THE_REQUEST "\.tutoworld\.org" SecFilterSelective THE_REQUEST "jupiterhost\.net/" SecFilterSelective THE_REQUEST "\.iyscrew\.com" SecFilterSelective THE_REQUEST "\.server4free\.de" SecFilterSelective THE_REQUEST "\.tikla\.org" SecFilterSelective THE_REQUEST "\.dps-ct\.com/" SecFilterSelective THE_REQUEST "66\.235\.216\.137" SecFilterSelective THE_REQUEST "labserver\.veter\.ucv\.ve" SecFilterSelective THE_REQUEST "\.eformidler\.dk" SecFilterSelective THE_REQUEST "febronio\.org" SecFilterSelective THE_REQUEST "zavisnici\.com" SecFilterSelective THE_REQUEST "\.2x4\.ru" SecFilterSelective THE_REQUEST "\.k4boom\.biz" SecFilterSelective THE_REQUEST "theperfecttitle\.com" SecFilterSelective THE_REQUEST "\.yhrhosting\.com" SecFilterSelective THE_REQUEST "\.nitrofx\.com" SecFilterSelective THE_REQUEST "(/|\.)ownsalldomains\.org" SecFilterSelective THE_REQUEST "(/|\.)ocktober\.com" SecFilterSelective THE_REQUEST "\.s5\.com" SecFilterSelective THE_REQUEST "\.systemcrew\.net" SecFilterSelective THE_REQUEST "www\.tutoworld\.org" SecFilterSelective THE_REQUEST "\.supereva\.it/" SecFilterSelective THE_REQUEST "\.frsirt\.com" SecFilterSelective THE_REQUEST "(www\.|/)geocities\.com/anangkd" SecFilterSelective THE_REQUEST "geocities\.com/anugerahnet" SecFilterSelective THE_REQUEST "(www\.|/)geocities\.com/bacardi_marv" SecFilterSelective THE_REQUEST "\.geocities\.com/" SecFilterSelective THE_REQUEST "/geocities\.com/" SecFilterSelective THE_REQUEST "\.freshmaker\.us" SecFilterSelective THE_REQUEST "packetx\.org" SecFilterSelective THE_REQUEST "\.de-soc-mac\.de" SecFilterSelective THE_REQUEST "\.leohissa\.oi\.com\.br" SecFilterSelective THE_REQUEST "\.fig0\.com" SecFilterSelective THE_REQUEST "\.brasilhoster\.net" SecFilterSelective THE_REQUEST "\.riteweld\.com" SecFilterSelective THE_REQUEST "216\.111\.31\.2" SecFilterSelective THE_REQUEST "\.fineca\.net" SecFilterSelective THE_REQUEST "r00nin\.vila\.bol\.com\.br" SecFilterSelective THE_REQUEST "\.bol\.com\.br" SecFilterSelective THE_REQUEST "freewebbe\.supereva\.it" SecFilterSelective THE_REQUEST "asianfiles\.deluxepass\.com" SecFilterSelective THE_REQUEST "sei26\.tripod\.com" SecFilterSelective THE_REQUEST "gigachat\.net" SecFilterSelective THE_REQUEST "www\.sos-deces\.be" SecFilterSelective THE_REQUEST "\.sosha\.it/" SecFilterSelective THE_REQUEST "\.pbholland\.com" SecFilterSelective THE_REQUEST "\.newtontidy\.com" SecFilterSelective THE_REQUEST "\.barretttree\.com" SecFilterSelective THE_REQUEST "agaman\.net" SecFilterSelective THE_REQUEST "anti-clones\.com" SecFilterSelective THE_REQUEST "www\.members\.lycos\.nl/sesli" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/toolsandcmd/" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/" SecFilterSelective THE_REQUEST "chancom\.webpal\.info" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/h4x0r_club/" SecFilterSelective THE_REQUEST "\.argaio\.net" SecFilterSelective THE_REQUEST "baixinhoo\.hpgvip\.com\.br" SecFilterSelective THE_REQUEST "\.zeldalegacies\.com" SecFilterSelective THE_REQUEST "simbafriends\.com/" SecFilterSelective THE_REQUEST "webshells\.org" SecFilterSelective THE_REQUEST "groupiys\.net" SecFilterSelective THE_REQUEST "megahostbr\.com" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/slash_slink" SecFilterSelective THE_REQUEST "\.357is\.com" SecFilterSelective THE_REQUEST "northfox\.uw\.hu" SecFilterSelective THE_REQUEST "\.dynalith\.com" SecFilterSelective THE_REQUEST "\.xplmanager\.com" SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/thoronnn/" SecFilterSelective THE_REQUEST "\.terra\.com\.br/" SecFilterSelective THE_REQUEST "f58\.aaacafe\.ne.\jp/" SecFilterSelective THE_REQUEST "www\.derf\.hpgvip\.ig\.com\.br/" SecFilterSelective THE_REQUEST "rodrigo\.hcerto\.com/" SecFilterSelective THE_REQUEST "\.terror\.as\.ro/" SecFilterSelective THE_REQUEST "\.tntt\.org/meu/" SecFilterSelective THE_REQUEST "\.syscore\.hpgvip\.com\.br/" SecFilterSelective THE_REQUEST "\.hpgvip\.com\.br/" SecFilterSelective THE_REQUEST "ijoo\.homelinux\.com/" SecFilterSelective THE_REQUEST "\.derf\.hpgvip\.ig\.com\.br/" SecFilterSelective THE_REQUEST "\.100free\.com/" SecFilterSelective THE_REQUEST "\.lorenzo4ever\.de/" SecFilterSelective THE_REQUEST "visualcoders\.net/" SecFilterSelective THE_REQUEST "\.fendora\.net" SecFilterSelective THE_REQUEST "gigashell\.org/" SecFilterSelective THE_REQUEST "\.prir0x\.com/" SecFilterSelective THE_REQUEST "geocities\.com/madb0ss/" SecFilterSelective THE_REQUEST "geocities\.com/sapulinux/" SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/dh4x0r/" SecFilterSelective THE_REQUEST ".*\.verizon\.net\.do/carlos.*" SecFilterSelective THE_REQUEST "mi\.verizon\.net\.do/carlos.*" SecFilterSelective THE_REQUEST "\.stanlley\.ubbi\.com\.br/" SecFilterSelective THE_REQUEST "xthost\.info/" SecFilterSelective THE_REQUEST "yaoibr\.vila\.bol\.com\.br/" SecFilterSelective THE_REQUEST "geocities\.com/catalin1713/" SecFilterSelective THE_REQUEST "visualcoders\.net/spy\." SecFilterSelective THE_REQUEST "\.digitalmedia\.org\.mk" SecFilterSelective THE_REQUEST "pharoeste\.net" SecFilterSelective THE_REQUEST "userbr\.info" SecFilterSelective THE_REQUEST "\.foxcf\.hpgvip\.ig\.com\.br" SecFilterSelective THE_REQUEST "medicine\.bjmu\.edu\.cn" SecFilterSelective THE_REQUEST "\.blueconnection\.com\.br" SecFilterSelective THE_REQUEST "\.ph4nt4sm4\.hpgvip\.ig\.com\.br" SecFilterSelective THE_REQUEST "\.mvhosted\.com" SecFilterSelective THE_REQUEST "\.0catch\.com" SecFilterSelective THE_REQUEST "newton\.100free\.com" SecFilterSelective THE_REQUEST "\.forplay\.com\.br" SecFilterSelective THE_REQUEST "\.geocities\.com/my_lusy" SecFilterSelective THE_REQUEST "lol\.freecoolsite\.com" SecFilterSelective THE_REQUEST "winscp\.net" SecFilterSelective THE_REQUEST "\.karpit\.net" SecFilterSelective THE_REQUEST "www\.partyradio\.ca" SecFilterSelective THE_REQUEST "\.triple-hhh\.de" SecFilterSelective THE_REQUEST "\.gottablaze\.com" SecFilterSelective THE_REQUEST "xanutz\.3x\.ro" SecFilterSelective THE_REQUEST "geocities\.com/anak_indekost" SecFilterSelective THE_REQUEST "themis\.geocities\.yahoo\.com" SecFilterSelective THE_REQUEST "\.geocities\.com/my_sweet_cute/" SecFilterSelective THE_REQUEST "\.angelfire\.com/zine2/" SecFilterSelective THE_REQUEST "72\.20\.34\.[0-9]+" SecFilterSelective THE_REQUEST "animehost\.de" SecFilterSelective THE_REQUEST "home\.online\.no/~p-shahr" SecFilterSelective THE_REQUEST "indragostit\.net" SecFilterSelective THE_REQUEST "hdr\.atspace\.com" SecFilterSelective THE_REQUEST "\.thecurse\.pop\.com\.br" SecFilterSelective THE_REQUEST "www\.w3zone\.com" SecFilterSelective THE_REQUEST "freecoolsite\.com" SecFilterSelective THE_REQUEST "freewebs\.com" SecFilterSelective THE_REQUEST "\.geocities\.com/chnsekip" SecFilterSelective THE_REQUEST "webcindario\.com" SecFilterSelective THE_REQUEST "ripdisk\.ma\.cx" SecFilterSelective THE_REQUEST "sinanreklam\.net" SecFilterSelective THE_REQUEST "members\.cox\.net/xjasonx" SecFilterSelective THE_REQUEST "\.bh-net\.dk" SecFilterSelective THE_REQUEST "\.mediaserve\.net" SecFilterSelective THE_REQUEST "\.inchon\.ne\.kr" SecFilterSelective THE_REQUEST "\.noti-auto.\com\.ar" SecFilterSelective THE_REQUEST "go0gler\.com" SecFilterSelective THE_REQUEST "hackbox\.t35\.com" SecFilterSelective THE_REQUEST ".*\.hpgvip\.ig\.com\.br" SecFilterSelective THE_REQUEST "honestgame\.net" SecFilterSelective THE_REQUEST "\.ecobook\.or\.kr" SecFilterSelective THE_REQUEST "\.fasecolda\.com" SecFilterSelective THE_REQUEST "212\.50\.30\.60" SecFilterSelective THE_REQUEST "\.nbail\.com" SecFilterSelective THE_REQUEST "\.kit\.net/" SecFilterSelective THE_REQUEST "\.ubbi\.com\.br" SecFilterSelective THE_REQUEST "\.k4boom\.biz/" SecFilterSelective THE_REQUEST "00freehost\.com" #Tigher addition to block those little hacking sods! #SecFilterSelective REQUEST_URI "http|https" #Known sources that leak thru proxies SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 69\.50\.182\.154 SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 202\.81\.60\.58 SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.252\.91" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 211\.185\.59\.124 SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "209\.165\.131\.23" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.246\.22" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.89\.50\.28" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.208\.48" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "159\.148\.29\.158" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.188\.73" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "200\.168\.0\.246" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.90\.52" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.27\.2" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "195\.55\.222\.19" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.32\.81" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.150\.163\.82" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.237\.226\.70" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.96\.125\.38" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.97\.97\.168" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.98\.122\.111" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.8\.64\.21" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.191\.119\.122" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.33\.104\.158" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.171\.131" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.109\.180\.3" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.37\.184\.196" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "83\.57\.132\.206" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.13\.249" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "85\.129\.229\.111" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "86\.60\.16\.81" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "172\.168\.0\.1" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.4\.62" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.123\.250\.184" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "212\.116\.209\.234" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.127\.56\.24" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.36\.245\.100" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.78\.98" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.91\.33" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "unsecure-services" SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "205\.177\.122\.162" ##################################################### #end Tigher section ##################################################### # Require HTTP_USER_AGENT and HTTP_HOST headers - #Tigher - Following commented out by Tigher reluctantly for 30 days! to let stats, uptime, RSS etc sites to make rec changes #SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" # Only accept request encodings we know how to handle # we exclude GET requests from this because some (automated) # clients supply "text/html" as Content-Type SecFilterSelective REQUEST_METHOD "!^GET$" chain #Tigher - Added octets below to let 4.45 clients through #SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data)" SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data|^application/octet-stream)" # Require Content-Length to be provided with # every POST request SecFilterSelective REQUEST_METHOD "^POST$" chain SecFilterSelective HTTP_Content-Length "^$" # Don't accept transfer encodings we know we don't handle # (and you don't need it anyway) SecFilterSelective HTTP_Transfer-Encoding "!^$" # Some common application-related rules from # http://modsecrules.monkeydev.org/rules.php?safety=safe #Nuke Bookmarks XSS SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)" #Nuke Bookmarks Marks.php SQL Injection Vulnerability SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)" #PHPNuke general XSS attempt #/modules.php?name=News&file=article&sid=1&optionbox= SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script" # PHPNuke SQL injection attempt SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory=" #phpnuke sql insertion SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/" # WEB-PHP phpbb quick-reply.php arbitrary command attempt SecFilterSelective THE_REQUEST "/quick-reply\.php" chain SecFilter "phpbb_root_path=" #Topic Calendar Mod for phpBB Cross-Site Scripting Attack SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)" # phpMyAdmin: Safe #phpMyAdmin Export.PHP File Disclosure Vulnerability SecFilterSelective SCRIPT_FILENAME "export\.php$" chain SecFilterSelective ARG_what "\.\." #phpMyAdmin path vln SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc" </IfModule>