# Example configuration file for the mod_security Apache module
LoadModule security_module modules/mod_security.so
<IfModule mod_security.c>
# Turn the filtering engine On or Off
SecFilterEngine On
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis
SecAuditEngine RelevantOnly
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# Unicode encoding check -
#### Tigher turned off to avoid some boinc clients screwing up
SecFilterCheckUnicodeEncoding Off
# Only allow bytes from this range
SecFilterForceByteRange 1 255
# Cookie format checks.
SecFilterCheckCookieFormat On
# The name of the audit log file
SecAuditLog logs/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Default action set
SecFilterDefaultAction "deny,log,status:406"
#Server masking is optional
SecServerSignature "ChingYey-Zilla 3.2"
# Simple example filter
# SecFilter 111
# Prevent path traversal (..) attacks
#SecFilter "\.\./"
# Weaker XSS protection but allows common HTML tags
# SecFilter "<( |\n)*script"
# Prevent XSS atacks (HTML/Javascript injection)
# SecFilter "<(.|\n)+>"
# Very crude filters to prevent SQL injection attacks
# SecFilter "delete[[:space:]]+from"
# SecFilter "insert[[:space:]]+into"
# SecFilter "select.+from"
########################################################
# Tigher added section
########################################################
#
# Specific filters
#
SecFilter /bin/sh
SecFilter /bin/bash
SecFilter /bin/tcsh
SecFilter /bin/csh
SecFilter /var/spool
SecFilter /dev/shm
SecFilter /var/tmp
SecFilter /bin/ps
SecFilter /usr/local/flash
SecFilter udp.pl
SecFilter r0nin
SecFilter pbsync
SecFilter bindz
SecFilter inetd
SecFilter psybnc
SecFilter PhiLaR.pl
SecFilter php-shell.php
SecFilter phpshell.php
SecFilter dc.pl
SecFilter elflbl
SecFilter zregbot
SecFilter irclordz
SecFilter dalnet
# Block various methods of downloading files to a server
SecFilterSelective THE_REQUEST "wget"
SecFilterSelective THE_REQUEST "lynx"
SecFilterSelective THE_REQUEST "scp"
SecFilterSelective THE_REQUEST "cvs"
SecFilterSelective THE_REQUEST "rcp "
SecFilterSelective THE_REQUEST "telnet"
#SecFilterSelective THE_REQUEST "echo"
SecFilterSelective THE_REQUEST "links -dump"
SecFilterSelective THE_REQUEST "links -dump-charset"
SecFilterSelective THE_REQUEST "links -dump-width"
SecFilterSelective THE_REQUEST "links http://"
SecFilterSelective THE_REQUEST "links ftp://"
SecFilterSelective THE_REQUEST "links -source"
SecFilterSelective THE_REQUEST "mkdir"
SecFilterSelective THE_REQUEST "cd /tmp"
SecFilterSelective THE_REQUEST "cd /var/tmp"
SecFilterSelective THE_REQUEST "cd /var/netenberg"
SecFilterSelective THE_REQUEST "uname -a"
SecFilterSelective THE_REQUEST "\.htgroup"
SecFilterSelective THE_REQUEST "\.htaccess"
# WEB-CLIENT Javascript URL host spoofing attempt
SecFilter "javascript\://"
# WEB-MISC cross site scripting \(img src=javascript\) attempt
SecFilter "img src=javascript"
# WEB-MISC cd..
SecFilterSelective THE_REQUEST "cd\.\."
# WEB-MISC ///cgi-bin access
SecFilterSelective THE_REQUEST "///cgi-bin"
# WEB-MISC /cgi-bin/// access
SecFilterSelective THE_REQUEST "/cgi-bin///"
# WEB-MISC /~root access
SecFilterSelective THE_REQUEST "/~root"
# WEB-MISC /~ftp access
SecFilterSelective THE_REQUEST "/~ftp"
# WEB-MISC htgrep attempt
SecFilterSelective THE_REQUEST "/htgrep" chain
SecFilter "hdr=/"
# WEB-MISC htgrep access
SecFilterSelective THE_REQUEST "/htgrep" log,pass
# WEB-MISC .history access
SecFilterSelective THE_REQUEST "/\.history"
# WEB-MISC .bash_history access
SecFilterSelective THE_REQUEST "/\.bash_history"
# WEB-PHP PHP-Wiki cross site scripting attempt
SecFilterSelective THE_REQUEST "<script"
# WEB-PHP strings overflow
SecFilterSelective THE_REQUEST "\?STRENGUR"
# WEB-PHP PHPLIB remote command attempt
SecFilter "_PHPLIB\[libdir\]"
# known bad proxies that represent a risk
SecFilterSelective HTTP_FORWARDED "mangostino\.ut\.edu\.co"
SecFilterSelective HTTP_FORWARDED ".*\.cnh\.com"
SecFilterSelective HTTP_FORWARDED "phenix-prog-phr"
SecFilterSelective HTTP_FORWARDED "alfred\.nssi\.telus\.com"
SecFilterSelective HTTP_FORWARDED "wadsworth\.nssi\.telus\.com"
SecFilterSelective HTTP_VIA "\.ownsalldomains\.org"
SecFilterSelective HTTP_VIA "cache\.topflash\.co\.kr"
SecFilterSelective HTTP_VIA "\.quasar\.net\.id:8080"
SecFilterSelective HTTP_VIA "\.serverpronto\.com"
SecFilterSelective HTTP_VIA "\.fetish-expert\.org"
SecFilterSelective HTTP_VIA "proxy\.hwai\.edu\.tw"
SecFilterSelective HTTP_VIA "interno-1-1\.edn\.org\.br"
SecFilterSelective HTTP_VIA "\.pt-server1\.bt\.com"
SecFilterSelective HTTP_VIA "1\.1 cache-test-dtv-kno"
SecFilterSelective HTTP_VIA "kdnproxy\.kdn\.gov\.my"
SecFilterSelective HTTP_VIA "\.wisdomchina\.com"
SecFilterSelective HTTP_VIA "1\.1 PALACIOISA"
SecFilterSelective HTTP_VIA "1\.1 cache7\:80 \(squid"
SecFilterSelective HTTP_VIA "1\.1 www\.pt-server1\.bt\.com"
SecFilterSelective HTTP_VIA "revProxy\.foredu\.com\.cn"
SecFilterSelective HTTP_VIA "\.salmanetwork\.com"
SecFilterSelective HTTP_VIA "\.warnet\.com"
SecFilterSelective HTTP_VIA "moses\.frc\.org"
SecFilterSelective HTTP_VIA "1\.0 SQCNT3"
SecFilterSelective HTTP_VIA "phenix-prog-phr"
SecFilterSelective HTTP_VIA "1\.0 TIETONG"
SecFilterSelective HTTP_VIA "webshield\.beitberl\.ac\.il"
SecFilterSelective HTTP_VIA "1\.1 www\.any\.com"
SecFilterSelective HTTP_VIA "intra\.ckus\.rmutp\.ac\.th"
SecFilterSelective HTTP_VIA "poczta\.prochowa12\.waw\.pl"
SecFilterSelective HTTP_VIA "1\.1 ICACHE1"
SecFilterSelective HTTP_VIA "1\.1 New-Proxy2"
SecFilterSelective HTTP_VIA "1\.1 SERVEUR2000"
SecFilterSelective HTTP_VIA "intra\.ckus\.rmutp\.ac\.th"
SecFilterSelective HTTP_VIA "1\.1 PROXY, 1\.0 NC2100"
SecFilterSelective HTTP_VIA "1\.1 www\.rolnas\.com\.pl"
SecFilterSelective HTTP_VIA "1\.1 revproxy2"
SecFilterSelective HTTP_VIA "1\.1 webmail\.siamcom\.co\.th"
SecFilterSelective HTTP_VIA "1\.1 SMS2000\.tutsys\.com"
SecFilterSelective HTTP_VIA "1\.1 CAE-SERVER"
SecFilterSelective HTTP_VIA "1\.1 WORKGROU-OYOU4X"
SecFilterSelective HTTP_VIA "1\.1 INKABANPINPROXY"
SecFilterSelective HTTP_VIA "1\.1 DNS4"
SecFilterSelective HTTP_VIA "1\.1 www\.rolnas\.com\.pl"
SecFilterSelective HTTP_VIA "1\.1 DBSV1008"
SecFilterSelective HTTP_VIA "1\.1 NEWISA"
SecFilterSelective HTTP_VIA "1\.1 CPGATEWAY02"
SecFilterSelective HTTP_VIA "1\.1 router\:3128 \(KEN\!\)"
SecFilterSelective HTTP_VIA "1\.1 PROXYSRV\, 1\.0 supercache5"
SecFilterSelective HTTP_VIA "1\.1 ATIPLS1"
SecFilterSelective HTTP_VIA "1\.0 SMART\, 1\.0 LOIER2800\:"
SecFilterSelective HTTP_VIA "1\.1 62\.93\.34\.160"
SecFilterSelective HTTP_VIA "1\.1 fwall\.belcomct\.net"
SecFilterSelective HTTP_VIA "1\.1 ZERT-EWDGNMVXUF"
SecFilterSelective HTTP_VIA "1\.1 su\.tkp\.edu\.hk"
SecFilterSelective HTTP_VIA "HTTP/1\.1 proxy\[AC1E0247"
SecFilterSelective HTTP_VIA "1\.1 compujuan\.com\.es"
SecFilterSelective HTTP_VIA "1\.1 FEDERATION"
SecFilterSelective HTTP_VIA "1\.1 EXACTWAPPROXY"
SecFilterSelective HTTP_VIA "1\.1 GRNSERVER"
SecFilterSelective HTTP_VIA "1\.1 www\.satem\.gob\.ve"
SecFilterSelective HTTP_VIA "1\.1 nilcombi\.nilcom\.fr"
SecFilterSelective HTTP_VIA "1\.1 cellulant\.lifeismobile\.com"
SecFilterSelective HTTP_VIA "1\.1 SR2300-SE7501-H"
SecFilterSelective HTTP_VIA "1\.1 www\.dmi\.es"
SecFilterSelective HTTP_VIA "1\.1 BRHCYBER"
SecFilterSelective HTTP_VIA "1\.1 132\.110\.2\.12"
SecFilterSelective HTTP_VIA "1\.1 .*\.pivotoffice\.com"
SecFilterSelective HTTP_VIA "1\.1 .*\.mundo-r\.com"
SecFilterSelective HTTP_VIA "1\.1 FAMILYCAREREHAB"
SecFilterSelective HTTP_VIA "1\.1 INFORMASERVER"
SecFilterSelective HTTP_VIA "1\.1 ITISA"
SecFilterSelective HTTP_VIA "1\.1 .*\.as5587\.net"
SecFilterSelective HTTP_VIA "1\.1 Maua"
SecFilterSelective HTTP_VIA "1\.1 JUNIOR"
SecFilterSelective HTTP_VIA "1\.1 offsetinternet"
SecFilterSelective HTTP_VIA ".*codevasf\.gov\.br"
SecFilterSelective HTTP_VIA "1\.1 www\.aha\.at"
SecFilterSelective HTTP_VIA "1\.1 ucavilapruebas\.es"
SecFilterSelective HTTP_VIA "1\.1 .*\.insightfirst\.com"
SecFilterSelective HTTP_VIA "1\.1 if3\.insightfirst\.com"
SecFilterSelective HTTP_VIA "1\.1 SERV132"
SecFilterSelective HTTP_VIA "1\.1 CacheFORCE"
SecFilterSelective HTTP_VIA "1\.1 dgc-squid"
SecFilterSelective HTTP_VIA "1\.1 NTS-SERVER"
SecFilterSelective HTTP_VIA "1\.1 AJF-JTC-ISA01"
SecFilterSelective HTTP_VIA "1\.1 neptun\.ci\.uw\.edu\.pl"
SecFilterSelective HTTP_VIA "1\.1 2-net\.ro"
SecFilterSelective HTTP_VIA "1\.1 .*\.usscript\.com"
SecFilterSelective HTTP_VIA "1\.1 SSIP_SERVER3"
SecFilterSelective HTTP_VIA "1\.1 SYVKOV422GX"
SecFilterSelective HTTP_VIA "1\.1 .*\.arbuzowa\.net"
SecFilterSelective HTTP_VIA "1\.1 www\.kevsclub\.com"
SecFilterSelective HTTP_VIA "1\.0 KALIMBA"
SecFilterSelective HTTP_VIA "1\.0 NETOUT-SERVER"
SecFilterSelective HTTP_VIA "1\.0 NTMARVWALL01"
SecFilterSelective HTTP_VIA "1\.0 PROXYSES2"
SecFilterSelective HTTP_VIA "1\.0 ptcdb\.edu\.ps"
SecFilterSelective HTTP_VIA "1\.0 px1nr \(NetCache NetApp/5\.6\.1D25\)"
SecFilterSelective HTTP_VIA "1\.0 px8so \(NetCache NetApp/5\.6\.1D25\)"
SecFilterSelective HTTP_VIA "1\.0 SERV132, 1\.0 netcache1 \(NetCache NetApp/6\.0\.1\)"
SecFilterSelective HTTP_VIA "1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\), TEKIYA03, 1\.0 TEKIYA02 \(NetCache NetApp/5\.6\.2\)"
SecFilterSelective HTTP_VIA "1\.1 146\.83\.216\.207"
SecFilterSelective HTTP_VIA "1\.1 202\.88\.250\.211"
SecFilterSelective HTTP_VIA "1\.1 213\.155\.209\.204"
SecFilterSelective HTTP_VIA "1\.1 accel10\.click21\.com\.br"
SecFilterSelective HTTP_VIA "1\.1 alcyonix\.dyndns\.ws"
SecFilterSelective HTTP_VIA "1\.1 athos\.chem\.demokritos\.gr"
SecFilterSelective HTTP_VIA "1\.1 ATIPLS1"
SecFilterSelective HTTP_VIA "1\.1 BBSM52"
SecFilterSelective HTTP_VIA "1\.1 cacheB\.ipko\.net"
SecFilterSelective HTTP_VIA "1\.1 CAE-SERVER"
SecFilterSelective HTTP_VIA "1\.1 CATHODE"
SecFilterSelective HTTP_VIA "1\.1 CSB-NC2 \(NetCache NetApp.*"
SecFilterSelective HTTP_VIA "1\.1 cuchimilco\.huaral\.org"
SecFilterSelective HTTP_VIA "1\.1 DBSV1008"
SecFilterSelective HTTP_VIA "1\.1 dns2\.araxa\.com\.br"
SecFilterSelective HTTP_VIA "1\.1 EMERSON, 1\.0 C6100 \(NetCache NetApp.*"
SecFilterSelective HTTP_VIA "1\.1 EPPD_SERVER"
SecFilterSelective HTTP_VIA "1\.1 fox-server1\.foxschool\.lan"
SecFilterSelective HTTP_VIA "1\.1 http-istcf1"
SecFilterSelective HTTP_VIA "1\.1 JUNIOR"
SecFilterSelective HTTP_VIA "1\.1 LTSP03\.glenwood\.k12\.mo\.us"
SecFilterSelective HTTP_VIA "1\.1 natty\.intranet"
SecFilterSelective HTTP_VIA "1\.1 NetCache-CLNS-STACK-1 \(NetCache NetApp.*"
SecFilterSelective HTTP_VIA "1\.1 no-dns\.as5587\.net"
SecFilterSelective HTTP_VIA "1\.1 ns07\.contentex\.net"
SecFilterSelective HTTP_VIA "1\.1 NYNETSRV01"
SecFilterSelective HTTP_VIA "1\.1 OTXXSERV"
SecFilterSelective HTTP_VIA "1\.1 proxy\.marshall\.k12\.wi\.us"
SecFilterSelective HTTP_VIA "1\.1 SERV132, 1\.0 netcache1 \(NetCache NetApp.*"
SecFilterSelective HTTP_VIA "1\.1 SERVER-ISA"
SecFilterSelective HTTP_VIA "1\.1 SERVEUR-CYBER"
SecFilterSelective HTTP_VIA "1\.1 slave02\.terrarica\.net"
SecFilterSelective HTTP_VIA "1\.1 SMS2000\.tutsys\.com"
SecFilterSelective HTTP_VIA "1\.1 spacebears"
SecFilterSelective HTTP_VIA "1\.1 squid2-sydny\.eftel\.com"
SecFilterSelective HTTP_VIA "1\.1 SSIP_SERVER3"
SecFilterSelective HTTP_VIA "1\.1 SYVKOV422GX"
SecFilterSelective HTTP_VIA "1\.1 trixie"
SecFilterSelective HTTP_VIA "1\.1 wc-02 \(NetCache NetApp.*"
SecFilterSelective HTTP_VIA "1\.1 webmail\.siamcom\.co\.th"
SecFilterSelective HTTP_VIA "1\.1 www\.arbuzowa\.net"
SecFilterSelective HTTP_VIA "1\.1 www\.gkcabunoc\.com"
SecFilterSelective HTTP_VIA "1\.1 addyon\.webair\.com"
SecFilterSelective HTTP_VIA "1\.1 alcyonix\.dyndns\.ws"
SecFilterSelective HTTP_VIA "1\.1 proxy\.pcdl\.gov\.br"
SecFilterSelective HTTP_VIA "1\.1 ichigo\.icsmail\.net"
SecFilterSelective HTTP_VIA "1\.1 80\.177\.18\.74"
SecFilterSelective HTTP_VIA "1\.1 raptor[0-9][a-z]\.watchdog\.net\.nz"
SecFilterSelective HTTP_VIA "1\.0 proxy[0-9]\..*\.maxnet\.net\.nz"
SecFilterSelective HTTP_VIA "1\.0 proxy[0-9]\.akl[0-9]\.maxnet\.net\.nz"
SecFilterSelective HTTP_VIA "1\.1 POMGFIREWALL"
SecFilterSelective HTTP_VIA "1\.1 alfred\.nssi\.telus\.com"
SecFilterSelective HTTP_VIA "1\.1 .*\.acdi-cida\.gc\.ca"
SecFilterSelective HTTP_VIA "CIDA13\.acdi-cida\.gc\.ca"
#generic sig for a bad site
SecFilterSelective REQUEST_URI "(http|https|ftp).*\.exs\.cx/.*/nc4hk\.swf"
SecFilterSelective THE_REQUEST "\.frauenfinanzzentrum\.at"
SecFilterSelective THE_REQUEST "von-der-igelhoehe\.de"
SecFilterSelective THE_REQUEST "danger-soft\.com"
SecFilterSelective THE_REQUEST "hellostrangermusic\.com/"
SecFilterSelective THE_REQUEST "(/|\.)molganinovo\.ru/"
SecFilterSelective THE_REQUEST "(\.|/)altunerhost\.com"
SecFilterSelective THE_REQUEST "\.netfast\.org"
SecFilterSelective THE_REQUEST "\.redcrew\.de"
SecFilterSelective THE_REQUEST "(\.|/)elektroteh\.com/"
SecFilterSelective THE_REQUEST "(\.|/)see-my-ip\.info/"
SecFilterSelective THE_REQUEST "kanalia\.bimber\.pl"
SecFilterSelective THE_REQUEST "(\.|/)flinttalk\.com"
SecFilterSelective REQUEST_URI "https?:.*(\.|/)myspace\.si/"
SecFilterSelective THE_REQUEST "uarg\.unpa\.edu\.ar"
SecFilterSelective THE_REQUEST "(\.|/)wileyc\.edu/"
SecFilterSelective THE_REQUEST "(\.|/)eks-darmstadt\.de"
SecFilterSelective THE_REQUEST "(\.|/)flinttalk\.com"
SecFilterSelective THE_REQUEST "\.albacrew\.us/"
SecFilterSelective THE_REQUEST "\.tebel-gmbh\.de/"
SecFilterSelective THE_REQUEST "(/|\.)defensacivil\.gov\.ec/"
SecFilterSelective THE_REQUEST "(/|\.)wwop\.org"
SecFilterSelective THE_REQUEST "\.kalin\.ru/"
SecFilterSelective THE_REQUEST "destructive\.by\.ru/"
SecFilterSelective THE_REQUEST "gulfchamber\.org/"
SecFilterSelective THE_REQUEST "tckct\.co\.uk"
SecFilterSelective THE_REQUEST "crimsonaddict\.com/"
SecFilterSelective THE_REQUEST "(\.|/)webstorch\.com"
SecFilterSelective THE_REQUEST "/213\.133\.108\.122/"
SecFilterSelective THE_REQUEST "freewebtown\.com/"
SecFilterSelective THE_REQUEST "(\.|/)tinypath\.com/"
SecFilterSelective THE_REQUEST "rve\.cjb\.hu/"
SecFilterSelective THE_REQUEST "69\.25\.64\.78"
SecFilterSelective THE_REQUEST "(\.|/)xgamers\.com\.tw/"
SecFilterSelective THE_REQUEST "(\.|/)balikesir\.edu\.tr/"
SecFilterSelective THE_REQUEST "(\.|/)ocprojects\.com/"
SecFilterSelective THE_REQUEST "(\.|/)casadejoaodebarro\.com\.br/"
SecFilterSelective THE_REQUEST "\.extremus\.info/"
SecFilterSelective THE_REQUEST "\.parit\.org/"
SecFilterSelective THE_REQUEST "\.awardspace\.com"
SecFilterSelective THE_REQUEST "(/|\.)haztek-software\.com"
SecFilterSelective THE_REQUEST "(/|\.)geocities\.com/nirkan2k3/"
SecFilterSelective THE_REQUEST "(/|\.)libracomm\.co\.uk/"
SecFilterSelective THE_REQUEST "(/|\.)kloeckner-web\.de"
SecFilterSelective THE_REQUEST "(/|\.)mirckurdu\.net/"
SecFilterSelective THE_REQUEST "(/|\.)apk\.pt/"
SecFilterSelective THE_REQUEST "(/|\.)asksevda\.net"
SecFilterSelective THE_REQUEST "(/|\.)kacaktc\.com"
SecFilterSelective THE_REQUEST "(/|\.)3-bius\.com"
SecFilterSelective THE_REQUEST "(/|\.)injek-gw\.com"
SecFilterSelective THE_REQUEST "(/|\.)brtdata\.com\.br/"
SecFilterSelective THE_REQUEST "(/|\.)uaivip\.com\.br/"
SecFilterSelective THE_REQUEST "(/|\.)boardtr\.com/"
SecFilterSelective THE_REQUEST "(/|\.)radiouniversity\.net/"
SecFilterSelective THE_REQUEST "(/|\.)velvet\.jp/"
SecFilterSelective THE_REQUEST "(/|\.)loved\.com/"
SecFilterSelective THE_REQUEST "(/|\.)kit\.net/"
SecFilterSelective THE_REQUEST "(/|\.)warezworld\.cx/"
SecFilterSelective THE_REQUEST "(/|\.)void\.ru/"
SecFilterSelective THE_REQUEST "(/|\.)itabaiana\.se\.gov\.br"
SecFilterSelective THE_REQUEST "(/|\.)ajadp\.net/"
SecFilterSelective THE_REQUEST "(/|\.)perian-a\.biz"
SecFilterSelective THE_REQUEST "(/|\.)rootshell\.be"
SecFilterSelective THE_REQUEST "(/|\.)tododescargas\.com\.ve/"
SecFilterSelective THE_REQUEST "(/|\.)caucasus\.net/"
SecFilterSelective THE_REQUEST "(/|\.)iespana\.es/"
SecFilterSelective THE_REQUEST "(/|\.)the-tronix\.net/"
SecFilterSelective THE_REQUEST "(/|\.)classi-find\.net/"
SecFilterSelective THE_REQUEST "(/|\.)albanet\.biz\.tc/"
SecFilterSelective THE_REQUEST "(/|\.)wendyscountrycloset\.biz/"
SecFilterSelective THE_REQUEST "(/|\.)meiemees\.pri\.ee"
SecFilterSelective THE_REQUEST "(/|\.)geirinn\.is"
SecFilterSelective THE_REQUEST "(/|\.)skullbocks\.org/"
SecFilterSelective THE_REQUEST "(/|\.)byethost9\.com/"
SecFilterSelective THE_REQUEST "(/|\.)hackermail2010\.ifrance\.com"
SecFilterSelective THE_REQUEST "(/|\.)ifrance\.com/hackermail2010"
SecFilterSelective THE_REQUEST "(/|\.)paul\.net\.pl/"
SecFilterSelective THE_REQUEST "(/|\.)interfree\.it/"
SecFilterSelective THE_REQUEST "\.albados\.com"
SecFilterSelective THE_REQUEST "\.perqafohu\.com"
SecFilterSelective THE_REQUEST "\.cside21\.com/"
SecFilterSelective THE_REQUEST "200\.24\.117\.125"
SecFilterSelective THE_REQUEST "elitemorgan\.com/"
SecFilterSelective THE_REQUEST "\acesso\.t35\.com"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/jefferyladun/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/junhendra/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/xpl_gibson/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/kelvinkappa1/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/damon_shaft/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/gettoprince4u/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/brennanventures/"
SecFilterSelective THE_REQUEST "(\.|/)geocities\.com/solohackerlinks/"
SecFilterSelective THE_REQUEST "(\.|/)albahost\.host\.sk/"
SecFilterSelective THE_REQUEST "uarg\.unpa\.edu\.ar/"
SecFilterSelective THE_REQUEST "\.manhattanservice\.com"
SecFilterSelective THE_REQUEST "\.kurddomain\.net"
SecFilterSelective THE_REQUEST "elmorgan\.com\.ar"
SecFilterSelective THE_REQUEST "61\.1\.197\.244"
SecFilterSelective THE_REQUEST "home\.arcor\.de"
SecFilterSelective THE_REQUEST "\.turx\.nl"
SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/albacr3w/"
SecFilterSelective THE_REQUEST "\.ifrance\.com"
SecFilterSelective THE_REQUEST "pivadesign\.com\.br"
SecFilterSelective THE_REQUEST "\.pc-phasechange\.it"
SecFilterSelective THE_REQUEST "ciberia\.ya\.com"
SecFilterSelective THE_REQUEST "\.starhack\.org"
SecFilterSelective THE_REQUEST "sweet-serenity\.org"
SecFilterSelective THE_REQUEST "\.uol\.com\.br"
SecFilterSelective THE_REQUEST "aviozone\.com"
SecFilterSelective THE_REQUEST "mptechno\.cz"
SecFilterSelective THE_REQUEST "\.piranho\.de"
SecFilterSelective THE_REQUEST "\.lilspage\.de"
SecFilterSelective THE_REQUEST "209\.136\.48\.69"
SecFilterSelective THE_REQUEST "216\.12\.103\.29"
SecFilterSelective THE_REQUEST "209\.232\.227\.224"
SecFilterSelective THE_REQUEST "200\.72\.130\.29"
SecFilterSelective THE_REQUEST "209\.123\.16\.34"
SecFilterSelective THE_REQUEST "\.mitchellwhite\.com"
SecFilterSelective THE_REQUEST "full-comandos\.com"
SecFilterSelective THE_REQUEST "members\.lycos\.co\.uk/tiara"
SecFilterSelective THE_REQUEST "sharonfamilyandtravel\.com"
SecFilterSelective THE_REQUEST "72\.18\.195\.161"
SecFilterSelective THE_REQUEST "geocities\.com/hitam_putih_dalnet/"
SecFilterSelective THE_REQUEST "cyberspiderwebdesign\.com"
SecFilterSelective THE_REQUEST "\.softcarein\.com"
SecFilterSelective THE_REQUEST "\.netmisphere2\.com"
SecFilterSelective THE_REQUEST "juniorenkammer\.be"
SecFilterSelective THE_REQUEST "\.itunisie\.com"
SecFilterSelective THE_REQUEST "mitchellgeo\.com"
SecFilterSelective THE_REQUEST "hackexpert\.net"
SecFilterSelective THE_REQUEST "agi-zagi\.co\.kr"
SecFilterSelective THE_REQUEST "\.f1-kingpin\.de"
SecFilterSelective THE_REQUEST "(http|https|ftp)\:/.*\.free\.fr"
SecFilterSelective THE_REQUEST "www\.designerwear\.co\.uk"
SecFilterSelective THE_REQUEST "(http|https|ftp)\:/.*\.i8\.com"
SecFilterSelective THE_REQUEST "danzarte\.cl"
SecFilterSelective THE_REQUEST "\.ripway\.com"
SecFilterSelective THE_REQUEST "81\.174\.26\.111"
SecFilterSelective THE_REQUEST "128\.173\.40\.113"
SecFilterSelective THE_REQUEST "\.lycos\.co\.uk/metlak/"
SecFilterSelective THE_REQUEST "\.xcop\.biz/"
SecFilterSelective THE_REQUEST "sca\.postech\.ac\.kr"
SecFilterSelective THE_REQUEST "www\.aauto\.no"
SecFilterSelective THE_REQUEST "dsoulzin\.net"
SecFilterSelective THE_REQUEST "\.altervista\.org"
SecFilterSelective THE_REQUEST "\.yatas\.com"
SecFilterSelective THE_REQUEST "bocor-team\.org"
SecFilterSelective THE_REQUEST "s0l4r1sr0x\.com"
SecFilterSelective THE_REQUEST "209\.16\.85\.15"
SecFilterSelective THE_REQUEST "217\.160\.242\.90"
SecFilterSelective THE_REQUEST "81\.174\.26\.111"
SecFilterSelective THE_REQUEST "216\.15\.209\.12"
SecFilterSelective THE_REQUEST "216\.103\.82\.214"
SecFilterSelective THE_REQUEST "usuarios\.lycos\.es/angienuka"
SecFilterSelective THE_REQUEST "usuarios\.lycos\.es/saxalt/"
SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/hackersclup"
SecFilterSelective THE_REQUEST "spykids\.info"
SecFilterSelective THE_REQUEST "smellthecoffee\.com"
SecFilterSelective THE_REQUEST "\.nana\.co\.il"
SecFilterSelective THE_REQUEST "yavnek12\.co\.il"
SecFilterSelective THE_REQUEST "billing\.veloxinternet\.com/"
SecFilterSelective THE_REQUEST "usuarios\.lycos\.es"
SecFilterSelective THE_REQUEST "217\.114\.109\.11"
SecFilterSelective THE_REQUEST "217\.160\.255\.44"
SecFilterSelective THE_REQUEST "217\.160\.242\.90"
SecFilterSelective THE_REQUEST "148\.81\.141\.12"
SecFilterSelective THE_REQUEST "131\.155\.98\.128"
SecFilterSelective THE_REQUEST "212\.114\.84\.18"
SecFilterSelective THE_REQUEST "81\.174\.26\.111"
SecFilterSelective THE_REQUEST "192\.112\.220\.37"
SecFilterSelective THE_REQUEST "pc-clinic\.fr"
SecFilterSelective THE_REQUEST "clientes\.netvisao\.pt"
SecFilterSelective THE_REQUEST "\.sanicentrum\.be"
SecFilterSelective THE_REQUEST "www\.brain\.net\.pk"
SecFilterSelective THE_REQUEST "web\.un1xtech\.com"
SecFilterSelective THE_REQUEST "\.schost\.com\.br/"
SecFilterSelective THE_REQUEST "neto5a\.iitalia\.com"
SecFilterSelective THE_REQUEST "mesahigh\.com"
SecFilterSelective THE_REQUEST "216\.111\.31\.2"
SecFilterSelective THE_REQUEST "24\.224\.174\.18"
SecFilterSelective THE_REQUEST "\.mcarthur.\org"
SecFilterSelective THE_REQUEST "\.v10\.com\.br/"
SecFilterSelective THE_REQUEST "agaman\.net"
SecFilterSelective THE_REQUEST "\.what-a-pair\.com"
SecFilterSelective THE_REQUEST "62\.101\.193\.244"
SecFilterSelective THE_REQUEST "\.tutoworld\.org"
SecFilterSelective THE_REQUEST "jupiterhost\.net/"
SecFilterSelective THE_REQUEST "\.iyscrew\.com"
SecFilterSelective THE_REQUEST "\.server4free\.de"
SecFilterSelective THE_REQUEST "\.tikla\.org"
SecFilterSelective THE_REQUEST "\.dps-ct\.com/"
SecFilterSelective THE_REQUEST "66\.235\.216\.137"
SecFilterSelective THE_REQUEST "labserver\.veter\.ucv\.ve"
SecFilterSelective THE_REQUEST "\.eformidler\.dk"
SecFilterSelective THE_REQUEST "febronio\.org"
SecFilterSelective THE_REQUEST "zavisnici\.com"
SecFilterSelective THE_REQUEST "\.2x4\.ru"
SecFilterSelective THE_REQUEST "\.k4boom\.biz"
SecFilterSelective THE_REQUEST "theperfecttitle\.com"
SecFilterSelective THE_REQUEST "\.yhrhosting\.com"
SecFilterSelective THE_REQUEST "\.nitrofx\.com"
SecFilterSelective THE_REQUEST "(/|\.)ownsalldomains\.org"
SecFilterSelective THE_REQUEST "(/|\.)ocktober\.com"
SecFilterSelective THE_REQUEST "\.s5\.com"
SecFilterSelective THE_REQUEST "\.systemcrew\.net"
SecFilterSelective THE_REQUEST "www\.tutoworld\.org"
SecFilterSelective THE_REQUEST "\.supereva\.it/"
SecFilterSelective THE_REQUEST "\.frsirt\.com"
SecFilterSelective THE_REQUEST "(www\.|/)geocities\.com/anangkd"
SecFilterSelective THE_REQUEST "geocities\.com/anugerahnet"
SecFilterSelective THE_REQUEST "(www\.|/)geocities\.com/bacardi_marv"
SecFilterSelective THE_REQUEST "\.geocities\.com/"
SecFilterSelective THE_REQUEST "/geocities\.com/"
SecFilterSelective THE_REQUEST "\.freshmaker\.us"
SecFilterSelective THE_REQUEST "packetx\.org"
SecFilterSelective THE_REQUEST "\.de-soc-mac\.de"
SecFilterSelective THE_REQUEST "\.leohissa\.oi\.com\.br"
SecFilterSelective THE_REQUEST "\.fig0\.com"
SecFilterSelective THE_REQUEST "\.brasilhoster\.net"
SecFilterSelective THE_REQUEST "\.riteweld\.com"
SecFilterSelective THE_REQUEST "216\.111\.31\.2"
SecFilterSelective THE_REQUEST "\.fineca\.net"
SecFilterSelective THE_REQUEST "r00nin\.vila\.bol\.com\.br"
SecFilterSelective THE_REQUEST "\.bol\.com\.br"
SecFilterSelective THE_REQUEST "freewebbe\.supereva\.it"
SecFilterSelective THE_REQUEST "asianfiles\.deluxepass\.com"
SecFilterSelective THE_REQUEST "sei26\.tripod\.com"
SecFilterSelective THE_REQUEST "gigachat\.net"
SecFilterSelective THE_REQUEST "www\.sos-deces\.be"
SecFilterSelective THE_REQUEST "\.sosha\.it/"
SecFilterSelective THE_REQUEST "\.pbholland\.com"
SecFilterSelective THE_REQUEST "\.newtontidy\.com"
SecFilterSelective THE_REQUEST "\.barretttree\.com"
SecFilterSelective THE_REQUEST "agaman\.net"
SecFilterSelective THE_REQUEST "anti-clones\.com"
SecFilterSelective THE_REQUEST "www\.members\.lycos\.nl/sesli"
SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/toolsandcmd/"
SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/"
SecFilterSelective THE_REQUEST "chancom\.webpal\.info"
SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/h4x0r_club/"
SecFilterSelective THE_REQUEST "\.argaio\.net"
SecFilterSelective THE_REQUEST "baixinhoo\.hpgvip\.com\.br"
SecFilterSelective THE_REQUEST "\.zeldalegacies\.com"
SecFilterSelective THE_REQUEST "simbafriends\.com/"
SecFilterSelective THE_REQUEST "webshells\.org"
SecFilterSelective THE_REQUEST "groupiys\.net"
SecFilterSelective THE_REQUEST "megahostbr\.com"
SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/slash_slink"
SecFilterSelective THE_REQUEST "\.357is\.com"
SecFilterSelective THE_REQUEST "northfox\.uw\.hu"
SecFilterSelective THE_REQUEST "\.dynalith\.com"
SecFilterSelective THE_REQUEST "\.xplmanager\.com"
SecFilterSelective THE_REQUEST "\.members\.lycos\.co\.uk/thoronnn/"
SecFilterSelective THE_REQUEST "\.terra\.com\.br/"
SecFilterSelective THE_REQUEST "f58\.aaacafe\.ne.\jp/"
SecFilterSelective THE_REQUEST "www\.derf\.hpgvip\.ig\.com\.br/"
SecFilterSelective THE_REQUEST "rodrigo\.hcerto\.com/"
SecFilterSelective THE_REQUEST "\.terror\.as\.ro/"
SecFilterSelective THE_REQUEST "\.tntt\.org/meu/"
SecFilterSelective THE_REQUEST "\.syscore\.hpgvip\.com\.br/"
SecFilterSelective THE_REQUEST "\.hpgvip\.com\.br/"
SecFilterSelective THE_REQUEST "ijoo\.homelinux\.com/"
SecFilterSelective THE_REQUEST "\.derf\.hpgvip\.ig\.com\.br/"
SecFilterSelective THE_REQUEST "\.100free\.com/"
SecFilterSelective THE_REQUEST "\.lorenzo4ever\.de/"
SecFilterSelective THE_REQUEST "visualcoders\.net/"
SecFilterSelective THE_REQUEST "\.fendora\.net"
SecFilterSelective THE_REQUEST "gigashell\.org/"
SecFilterSelective THE_REQUEST "\.prir0x\.com/"
SecFilterSelective THE_REQUEST "geocities\.com/madb0ss/"
SecFilterSelective THE_REQUEST "geocities\.com/sapulinux/"
SecFilterSelective THE_REQUEST "geocities\.yahoo\.com\.br/dh4x0r/"
SecFilterSelective THE_REQUEST ".*\.verizon\.net\.do/carlos.*"
SecFilterSelective THE_REQUEST "mi\.verizon\.net\.do/carlos.*"
SecFilterSelective THE_REQUEST "\.stanlley\.ubbi\.com\.br/"
SecFilterSelective THE_REQUEST "xthost\.info/"
SecFilterSelective THE_REQUEST "yaoibr\.vila\.bol\.com\.br/"
SecFilterSelective THE_REQUEST "geocities\.com/catalin1713/"
SecFilterSelective THE_REQUEST "visualcoders\.net/spy\."
SecFilterSelective THE_REQUEST "\.digitalmedia\.org\.mk"
SecFilterSelective THE_REQUEST "pharoeste\.net"
SecFilterSelective THE_REQUEST "userbr\.info"
SecFilterSelective THE_REQUEST "\.foxcf\.hpgvip\.ig\.com\.br"
SecFilterSelective THE_REQUEST "medicine\.bjmu\.edu\.cn"
SecFilterSelective THE_REQUEST "\.blueconnection\.com\.br"
SecFilterSelective THE_REQUEST "\.ph4nt4sm4\.hpgvip\.ig\.com\.br"
SecFilterSelective THE_REQUEST "\.mvhosted\.com"
SecFilterSelective THE_REQUEST "\.0catch\.com"
SecFilterSelective THE_REQUEST "newton\.100free\.com"
SecFilterSelective THE_REQUEST "\.forplay\.com\.br"
SecFilterSelective THE_REQUEST "\.geocities\.com/my_lusy"
SecFilterSelective THE_REQUEST "lol\.freecoolsite\.com"
SecFilterSelective THE_REQUEST "winscp\.net"
SecFilterSelective THE_REQUEST "\.karpit\.net"
SecFilterSelective THE_REQUEST "www\.partyradio\.ca"
SecFilterSelective THE_REQUEST "\.triple-hhh\.de"
SecFilterSelective THE_REQUEST "\.gottablaze\.com"
SecFilterSelective THE_REQUEST "xanutz\.3x\.ro"
SecFilterSelective THE_REQUEST "geocities\.com/anak_indekost"
SecFilterSelective THE_REQUEST "themis\.geocities\.yahoo\.com"
SecFilterSelective THE_REQUEST "\.geocities\.com/my_sweet_cute/"
SecFilterSelective THE_REQUEST "\.angelfire\.com/zine2/"
SecFilterSelective THE_REQUEST "72\.20\.34\.[0-9]+"
SecFilterSelective THE_REQUEST "animehost\.de"
SecFilterSelective THE_REQUEST "home\.online\.no/~p-shahr"
SecFilterSelective THE_REQUEST "indragostit\.net"
SecFilterSelective THE_REQUEST "hdr\.atspace\.com"
SecFilterSelective THE_REQUEST "\.thecurse\.pop\.com\.br"
SecFilterSelective THE_REQUEST "www\.w3zone\.com"
SecFilterSelective THE_REQUEST "freecoolsite\.com"
SecFilterSelective THE_REQUEST "freewebs\.com"
SecFilterSelective THE_REQUEST "\.geocities\.com/chnsekip"
SecFilterSelective THE_REQUEST "webcindario\.com"
SecFilterSelective THE_REQUEST "ripdisk\.ma\.cx"
SecFilterSelective THE_REQUEST "sinanreklam\.net"
SecFilterSelective THE_REQUEST "members\.cox\.net/xjasonx"
SecFilterSelective THE_REQUEST "\.bh-net\.dk"
SecFilterSelective THE_REQUEST "\.mediaserve\.net"
SecFilterSelective THE_REQUEST "\.inchon\.ne\.kr"
SecFilterSelective THE_REQUEST "\.noti-auto.\com\.ar"
SecFilterSelective THE_REQUEST "go0gler\.com"
SecFilterSelective THE_REQUEST "hackbox\.t35\.com"
SecFilterSelective THE_REQUEST ".*\.hpgvip\.ig\.com\.br"
SecFilterSelective THE_REQUEST "honestgame\.net"
SecFilterSelective THE_REQUEST "\.ecobook\.or\.kr"
SecFilterSelective THE_REQUEST "\.fasecolda\.com"
SecFilterSelective THE_REQUEST "212\.50\.30\.60"
SecFilterSelective THE_REQUEST "\.nbail\.com"
SecFilterSelective THE_REQUEST "\.kit\.net/"
SecFilterSelective THE_REQUEST "\.ubbi\.com\.br"
SecFilterSelective THE_REQUEST "\.k4boom\.biz/"
SecFilterSelective THE_REQUEST "00freehost\.com"
#Tigher addition to block those little hacking sods!
#SecFilterSelective REQUEST_URI "http|https"
#Known sources that leak thru proxies
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 69\.50\.182\.154
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 202\.81\.60\.58
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.252\.91"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR 211\.185\.59\.124
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "209\.165\.131\.23"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "66\.246\.246\.22"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.89\.50\.28"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.208\.48"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "159\.148\.29\.158"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.188\.73"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "200\.168\.0\.246"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.90\.52"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "193\.95\.27\.2"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "195\.55\.222\.19"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.32\.81"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.150\.163\.82"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.237\.226\.70"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.96\.125\.38"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.97\.97\.168"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "213\.98\.122\.111"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.8\.64\.21"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.191\.119\.122"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.33\.104\.158"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.38\.171\.131"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.109\.180\.3"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "81\.37\.184\.196"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "83\.57\.132\.206"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.13\.249"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "85\.129\.229\.111"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "86\.60\.16\.81"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "172\.168\.0\.1"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "196\.203\.4\.62"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "202\.123\.250\.184"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "212\.116\.209\.234"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "217\.127\.56\.24"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.26\.46\.168"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.36\.245\.100"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "84\.94\.78\.98"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "80\.59\.91\.33"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "unsecure-services"
SecFilterSelective HTTP_FORWARDED|HTTP_X_FORWARDED_FOR "205\.177\.122\.162"
#####################################################
#end Tigher section
#####################################################
# Require HTTP_USER_AGENT and HTTP_HOST headers -
#Tigher - Following commented out by Tigher reluctantly for 30 days! to let stats, uptime, RSS etc sites to make rec changes
#SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Only accept request encodings we know how to handle
# we exclude GET requests from this because some (automated)
# clients supply "text/html" as Content-Type
SecFilterSelective REQUEST_METHOD "!^GET$" chain
#Tigher - Added octets below to let 4.45 clients through
#SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data)"
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded|^multipart/form-data|^application/octet-stream)"
# Require Content-Length to be provided with
# every POST request
SecFilterSelective REQUEST_METHOD "^POST$" chain
SecFilterSelective HTTP_Content-Length "^$"
# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$"
# Some common application-related rules from
# http://modsecrules.monkeydev.org/rules.php?safety=safe
#Nuke Bookmarks XSS
SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"
#Nuke Bookmarks Marks.php SQL Injection Vulnerability
SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"
#PHPNuke general XSS attempt
#/modules.php?name=News&file=article&sid=1&optionbox=
SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"
# PHPNuke SQL injection attempt
SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory="
#phpnuke sql insertion
SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
# WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
SecFilter "phpbb_root_path="
#Topic Calendar Mod for phpBB Cross-Site Scripting Attack
SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"
# phpMyAdmin: Safe
#phpMyAdmin Export.PHP File Disclosure Vulnerability
SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
SecFilterSelective ARG_what "\.\."
#phpMyAdmin path vln
SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
</IfModule>