system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------
SecRule REQUEST_COOKIES "@contains R:" \
"id:220000,chain,msg:'COMODO WAF: Integer overflow in PHP 4.4.4 and earlier (CVE-2007-1286)||%{tx.domain}|%{tx.mode}|2',phase:1,deny,status:504,t:none,rev:5,severity:2,tag:'CWAF',tag:'PHPGen'"
SecRule MATCHED_VAR "@rx a:[0-9]{4,}:{(.{0,399}R:.{0,399}){1300,}" \
"t:none"
SecRule FILES_NAMES "@rx \.(?:tpl|p(h(l|p(r|s|t)?|\d|p\d|tml?|ar)))$" \
"id:218400,msg:'Stop upload of PHP files||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'PHPGen'"
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" \
"id:218420,msg:'COMODO WAF: PHP Injection Attack: I/O Stream Found||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'PHPGen'"