system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------
SecRule &TX:XSS_SQLi "@eq 0" \
"id:223211,phase:2,pass,nolog,t:none,skipAfter:'IGNORE_SFS_SIG_XSS_SQLi_JC',rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule &TX:Joomla "@eq 0" \
"id:223340,msg:'COMODO WAF: Track unauthenticated request in Joomla component||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'JC_Skip_URF_211250',rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule TX:Joomla "@ge 1" \
"id:211250,chain,msg:'COMODO WAF: SQL injection vulnerability in JquickContact 1.3.2.2.1 component for Joomla (CVE-2018-5983)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jquickcontact" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:sid "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:220460,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the StackIdeas Komento before 1.7.3 for Joomla (CVE-2014-0793)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:4,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_komento" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:website "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:220680,chain,msg:'COMODO WAF: XSS vulnerability in the Multi Calendar component 4.8.5 and earlier for Joomla! (CVE-2013-5953)||%{tx.domain}|%{tx.mode}|2',deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_multicalendar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:calid|ARGS_GET:paletteDefault "@rx \x22|<" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222420,chain,msg:'COMODO WAF: XSS vulnerability in the Kunena component before 3.0.6 for Joomla! (CVE-2014-9103)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "@streq com_kunena" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "@contains <" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222620,chain,msg:'COMODO WAF: SQL injection vulnerability in the iJoomla com_adagency plugin 6.0.9 for Joomla! (CVE-2018-5696)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option|ARGS_GET:controller "@pm com_adagency adagencyadvertisers" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:advertiser_status|ARGS_GET:status_select "@contains '" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222661,chain,msg:'COMODO WAF: SQL injection vulnerability in JSP Tickets 1.1 component for Joomla (CVE-2018-6609)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jsptickets" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:ticketcode "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222680,chain,msg:'COMODO WAF: SQL injection vulnerability in the PrayerCenter 3.0.2 component for Joomla! (CVE-2018-7314)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_prayercenter" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:sessionid "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222720,chain,msg:'COMODO WAF: SQL injection vulnerability in Ek Rishta 2.9 component for Joomla! (CVE-2018-7315)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:options "@streq com_ekrishta" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:gender|ARGS_GET:age1|ARGS_GET:age2|ARGS_GET:religion|ARGS_GET:mothertounge|ARGS_GET:caste|ARGS_GET:country "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222750,chain,msg:'COMODO WAF: SQL injection vulnerability in CW Tags 2.0.6 component for Joomla (CVE-2018-7313)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_cwtags" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:searchtext[] "@contains ')" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222810,chain,msg:'COMODO WAF: SQL injection vulnerability in the Form Maker 3.6.12 component for Joomla (CVE-2018-5991)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_formmaker" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:view "@streq stats" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id|ARGS_GET:from|ARGS_GET:to "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222820,chain,msg:'COMODO WAF: SQL Injection vulnerability in AllVideos Reloaded 1.2.x component for Joomla (CVE-2018-5990)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_avreloaded" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:view "@streq popup" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:divid "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222830,chain,msg:'COMODO WAF: SQL Injection vulnerability in ccNewsletter 2.x component for Joomla (CVE-2018-5989)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_ccnewsletter" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:task "@streq removesubscriber" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222840,chain,msg:'COMODO WAF: SQL Injection vulnerability in the JS Jobs 1.1.9 component for Joomla (CVE-2018-5994)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "@streq com_jsjobs" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:zipcode|ARGS:ta "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222860,chain,msg:'COMODO WAF: SQL injection vulnerability in Advertisement Board 3.1.0 component for Joomla (CVE-2018-5982)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_advertisementboard" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:catname "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222870,chain,msg:'COMODO WAF: SQL injection vulnerability in Smart Shoutbox 3.0.0 component for Joomla (CVE-2018-5975)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:shoutauthor "@contains '" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_URI "@contains component/smartshoutbox/archive" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:223000,chain,msg:'COMODO WAF: XSS vulnerability in jDownloads extension before 3.2.59 for Joomla (CVE-2018-10068)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:target%g "@contains <" \
"chain,t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith /components/com_jdownloads/assets/plupload/js/moxie.swf" \
"t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:223040,chain,msg:'COMODO WAF: SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_questions" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:term|ARGS_GET:group_name|ARGS_GET:groups "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223050,chain,msg:'COMODO WAF: SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_rbids" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:cat|ARGS:filter_letter "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223090,chain,msg:'COMODO WAF: SQL injection vulnerability in Article Factory Manager 4.3.9 component for Joomla! (CVE-2018-17380)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_articleman" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:start_date|ARGS:m_start_date|ARGS:m_end_date "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223100,chain,msg:'COMODO WAF: SQL injection vulnerability in Jobs Factory 2.0.4 component for Joomla! (CVE-2018-17382)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jobsfactory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:filter_letter "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223170,chain,msg:'COMODO WAF: SQL injection vulnerability in Survey Force Deluxe 3.2.4 component for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_surveyforce" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:invite "@contains '" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223330,chain,msg:'COMODO WAF: XSS vulnerability in Creative Image Slider component 3.1.0 for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_creativeimageslider" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST|!ARGS_POST:caption|!ARGS_POST:custom_css|!ARGS_POST:custom_js "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223390,chain,msg:'COMODO WAF: XSS vulnerability in Spider Catalog component 3.0 for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:option "@streq com_spidercatalog" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:name|ARGS_POST:image_url|ARGS_POST:params[currency_symbol] "@rx \x22" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223420,chain,msg:'COMODO WAF: SQLi vulnerability in JE Messenger component 1.2.2 for Joomla (CVE-2019-9918)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jemessenger" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:cid[]|ARGS_POST:subject|ARGS_POST:select "@rx \x22|'" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223421,chain,msg:'COMODO WAF: SQLi vulnerability in JE Messenger component 1.2.2 for Joomla (CVE-2019-9918)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jemessenger" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:input "@contains '" \
"t:none,t:urlDecodeUni"
SecMarker JC_Skip_URF_211250
SecRule REQUEST_METHOD "@streq POST" \
"id:220520,chain,msg:'COMODO WAF: XSS vulnerability in the JoomShopping component before 4.3.1 for Joomla (CVE-2013-3933)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:Itemid "!@rx ^$" \
"chain"
SecRule ARGS_POST:user_name "@rx <" \
"chain"
SecRule REQUEST_FILENAME "@rx \/index\.php" \
"t:none,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@endsWith plugins/jtreelink/dialogs/links.php" \
"id:223130,chain,msg:'COMODO WAF: SQL injection vulnerability in JCK Editor component 6.4.4 for Joomla (CVE-2018-17254)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:parent "@rx \x22" \
"t:none,t:urlDecodeUni"
SecMarker IGNORE_SFS_SIG_XSS_SQLi_JC
SecRule ARGS "@rx \W" \
"id:223220,msg:'COMODO WAF: Track same forbidden symbols to Ignore signature for Joomla Component||%{tx.domain}|%{tx.mode}|2',phase:2,pass,setvar:'TX.ARGS_Non_Digit=1',nolog,t:none,t:urlDecodeUni,t:removeWhitespace,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule &TX:ARGS_Non_Digit "@eq 0" \
"id:223221,phase:2,pass,nolog,t:none,skipAfter:'IGNORE_SFS_Non_Digit_JC',rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule &TX:Joomla "@eq 0" \
"id:223350,msg:'COMODO WAF: Track unauthenticated request in Joomla component||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'JC_Skip_URF_210940',rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule TX:Joomla "@ge 1" \
"id:221600,chain,msg:'COMODO WAF: SQL injection vulnerability in Youtube Gallery component 4.x through 4.1.7, and possibly 3.x, for Joomla! (CVE-2014-4960)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "@streq com_youtubegallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:listid|ARGS:themeid "@rx \D" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:222410,chain,msg:'COMODO WAF: SQL injection vulnerability in the Kunena component before 3.0.6 for Joomla! (CVE-2014-9102)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:5,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "@streq com_kunena" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST_NAMES "@rx ^topics\[(.{0,399}?)]" \
"chain,capture,t:none,t:lowercase"
SecRule TX:1 "@rx \D" \
"t:none"
SecRule TX:Joomla "@eq 1" \
"id:222441,chain,msg:'COMODO WAF: XSS and SQLi vulnerability in the Joomla extension Huge IT gallery v1.1.5 (CVE-2016-1000113 and CVE-2016-1000114)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_gallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@eq 1" \
"id:222460,chain,msg:'COMODO WAF: SQL injection and XSS vulnerabilities in Joomla Huge IT Catalog v1.0.4 (CVE-2016-1000119 and CVE-2016-1000120)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_catalog" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@eq 1" \
"id:222470,chain,msg:'COMODO WAF: SQL injection and XSS vulnerabilities in Joomla Huge IT Slider v1.0.9 (CVE-2016-1000121, CVE-2016-1000122)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_slider" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:view "@streq slider" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@eq 1" \
"id:222480,chain,msg:'COMODO WAF: XSS and SQLi vulnerability in the Joomla! extension Huge IT slideshow v1.0.4 (CVE-2016-1000117 and CVE-2016-1000118)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@contains com_slideshow" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:view "@streq slideshow" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222490,chain,msg:'COMODO WAF: SQLi vulnerability in the Joomla! extension Huge-IT Portfolio Gallery manager v1.1.5 (CVE-2016-1000116)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@contains com_portfoliogallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222530,chain,msg:'COMODO WAF: SQLi vulnerability in Huge-IT Catalog v1.0.7 for Joomla (CVE-2016-1000125)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:post "@streq load_more_elements_into_catalog" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:catalog_id "@rx \D" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith /components/com_catalog/ajax_url.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:222540,chain,msg:'COMODO WAF: SQLi vulnerability in Huge-IT Catalog v1.0.7 for Joomla (CVE-2016-1000123)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:task "@streq load_videos_content" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:galleryid "@rx \D" \
"chain,t:none"
SecRule REQUEST_FILENAME "@endsWith /components/com_videogallerylite/ajax_url.php" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:222570,chain,msg:'COMODO WAF: SQL injection vulnerability in Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla (CVE-2017-15966)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_zhyandexmap" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:view "@streq zhyandexmaps" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:placemarklistid "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222590,chain,msg:'COMODO WAF: SQL injection vulnerability in NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! (CVE-2017-15965)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_ns_downloadshop" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222640,chain,msg:'COMODO WAF: SQL injection vulnerability in the MediaLibrary Free 4.0.12 component for Joomla! (CVE-2018-5971)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_medialibrary" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222650,chain,msg:'COMODO WAF: SQL injection vulnerability in Zh YandexMap 6.2.1.0, Zh BaiduMap 3.0.0.1 and Zh GoogleMap 8.4.0.0 for Joomla (CVE-2018-6582, CVE-2018-6604, 2018-6605)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@rx ^com_zh(?:baidu|yandex|google)map$" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222660,chain,msg:'COMODO WAF: SQL injection vulnerability in JSP Tickets 1.1 component for Joomla (CVE-2018-6609)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jsptickets" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222670,chain,msg:'COMODO WAF: SQL injection vulnerability in the Gallery WD 1.3.6 component for Joomla! (CVE-2018-5981)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_gallery_wd" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:tag_id|ARGS_GET:gallery_id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222780,chain,msg:'COMODO WAF: SQL Injection vulnerability in JB Bus 2.3 component for Joomla (CVE-2018-6372)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_bookpro" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:view "@streq orderdetail" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:order_number "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222800,chain,msg:'COMODO WAF: SQL injection vulnerability in DT Register 3.2.7 component for Joomla (CVE-2018-6584)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_dtregister" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:controller "@streq category" \
"chain,t:none,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222850,chain,msg:'COMODO WAF: SQL Injection vulnerability in Visual Calendar 3.1.3 component for Joomla (CVE-2018-6395)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_visualcalendar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222880,chain,msg:'COMODO WAF: SQL injection vulnerability in CP Event Calendar 3.0.1 component for Joomla (CVE-2018-6398)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_cpeventcalendar" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222930,chain,msg:'COMODO WAF: SQL injection vulnerability in JomEstate PRO through 3.7 component for Joomla (CVE-2018-6368)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jomestate" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222960,chain,msg:'COMODO WAF: SQL injection vulnerability in Fastball 2.5 component for Joomla (CVE-2018-6373)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_fastball" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:season "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222980,chain,msg:'COMODO WAF: SQL injection vulnerability in OS Property Real Estate 3.12.7 component for Joomla (CVE-2018-7319)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_osproperty" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:cooling_system1|ARGS_GET:heating_system1|ARGS_GET:laundry "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223030,chain,msg:'COMODO WAF: SQL injection vulnerability in Collection Factory 4.1.9 component for Joomla (CVE-2018-17383)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_collectionfactory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:filter_order "!@rx ^(?:[a-z0-9\-_]+|)$" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:223031,chain,msg:'COMODO WAF: SQL injection vulnerability in Collection Factory 4.1.9 component for Joomla (CVE-2018-17383)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_collectionfactory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:filter_order_Dir "!@within asc desc" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:223060,chain,msg:'COMODO WAF: SQL injection vulnerability in Swap Factory 2.2.1, Raffle Factory 3.5.2, Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379, CVE-2018-17378, CVE-2018-17384)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@within com_rafflefactory com_pennyfactory com_swapfactory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:filter_order "!@rx ^[\w\-\.]+?$" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223061,chain,msg:'COMODO WAF: SQL injection vulnerability in Swap Factory 2.2.1, Raffle Factory 3.5.2, Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379, CVE-2018-17378, CVE-2018-17384)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@within com_rafflefactory com_pennyfactory com_swapfactory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:filter_order_Dir "!@within asc desc" \
"t:none,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:223070,chain,msg:'COMODO WAF: SQL injection vulnerability in Timetable Schedule 3.6.8 component for Joomla! (CVE-2018-17394)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_timetableschedule" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:eid "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223080,chain,msg:'COMODO WAF: SQL injection vulnerability in Music Collection 3.0.3 component for Joomla! (CVE-2018-17375)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule REQUEST_URI "@contains music-collection/playlist" \
"chain,t:none,t:urlDecodeUni,t:normalisePath,t:lowercase"
SecRule ARGS_GET:id "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223120,chain,msg:'COMODO WAF: SQL injection vulnerability in Social Factory 3.8.3 component for Joomla (CVE-2018-17385)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_socialfactory" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:radius[lat]|ARGS_GET:radius[lng] "!@rx ^[0-9\-\.]+?$" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223121,chain,msg:'COMODO WAF: SQL injection vulnerability in Social Factory 3.8.3 component for Joomla (CVE-2018-17385)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_socialfactory" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:radius[radius] "@ge 1" \
"chain,t:none,t:length"
SecRule ARGS_GET:radius[radius] "!@rx ^[0-9\-\.]+?$" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223160,chain,msg:'COMODO WAF: SQL injection vulnerability in Zap Calendar Lite 4.3.4 component for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_zcalendar" \
"chain,t:none,t:urlDecodeUni"
SecRule ARGS_GET:eid "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223190,chain,msg:'COMODO WAF: SQL injection vulnerability in Pinterest Clone Social Pinboard 2.0 component for Joomla (CVE-2018-5987)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_socialpinboard" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:pin_id|ARGS_GET:user_id|ARGS_GET:ends|ARGS_GET:uid "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223191,chain,msg:'COMODO WAF: SQL injection vulnerability in Pinterest Clone Social Pinboard 2.0 component for Joomla (CVE-2018-5987)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_socialpinboard" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:category "@rx \W" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223200,chain,msg:'COMODO WAF: SQL injection vulnerability in J-BusinessDirectory 4.9.7 component for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jbusinessdirectory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:type "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223260,chain,msg:'COMODO WAF: SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_questions" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:userid|ARGS_GET:users "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223270,chain,msg:'COMODO WAF: Multiple XSS vulnerabilities in the StackIdeas Komento before 1.7.3 for Joomla (CVE-2014-0793)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_komento" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:latitude "@rx \D" \
"t:none"
SecRule TX:Joomla "@eq 1" \
"id:223380,chain,msg:'COMODO WAF: SQLi vulnerability in aWeb Cart Watching System for Virtuemart v1.0.7 for Joomla! (CVE-2016-10114)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option|ARGS:task "@pm com_virtuemart smartsearch" \
"chain,t:none,t:lowercase"
SecRule ARGS:view "@rx \W" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223400,chain,msg:'COMODO WAF: SQLi vulnerability in Spider Catalog component 3.0 for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:option "@streq com_spidercatalog" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:category_id "!@rx ^[\d\,]+$" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223440,chain,msg:'COMODO WAF: SQL injection vulnerability in AMGallery 1.2.3 component for Joomla(CVE-2018-17398)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_amgallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:filter[category_id] "@rx \D" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223450,chain,msg:'COMODO WAF: SQL injection vulnerability in Dutch Auction Factory 2.0.2 component for Joomla(CVE-2018-17381)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_dutchfactory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:filter_order_Dir|ARGS_GET:filter_order "!@rx ^[\w\.]+$" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223460,chain,msg:'COMODO WAF: SQL injection vulnerability in Auction Factory 4.5.5 component for Joomla(CVE-2018-17374)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_auctionfactory" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:filter_order|ARGS_GET:filter_order_Dir "!@rx ^[\w\.]+$" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223470,chain,msg:'COMODO WAF: SQL injection vulnerability in VMap 1.9.6 component for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "@streq com_vmap" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:latlngbound "!@rx ^[\-\d\.\,]+$" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223480,chain,msg:'COMODO WAF: SQL injection vulnerability in JoomCRM 1.1.1 component for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_joomcrm" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:deal_id|ARGS_POST:association_id "@rx \D" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223490,chain,msg:'COMODO WAF: SQL injection vulnerability in vWishlist 1.0.1 component for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:option "@streq com_vwishlist" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:userid|ARGS_POST:vproductid "@rx \D" \
"t:none"
SecMarker JC_Skip_URF_210940
SecRule ARGS_POST:option "@streq com_j2store" \
"id:222370,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla (CVE-2015-6513)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:view "@streq products" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:sortby "@rx \W" \
"t:none"
SecRule ARGS_POST:option "@streq com_j2store" \
"id:222371,chain,msg:'COMODO WAF: SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla (CVE-2015-6513)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:view "@streq products" \
"chain,t:none,t:lowercase"
SecRule ARGS_POST:/manufacturer_id(?:s\[\d*])?/ "@rx \D" \
"t:none"
SecRule ARGS_GET:view "@streq product" \
"id:223240,chain,msg:'COMODO WAF: SQLi vulnerability in J2Store plugin 3.x before 3.3.7 for Joomla! (CVE-2019-9184)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_j2store" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:/^product_option\[/ "@rx \D" \
"t:none"
SecMarker IGNORE_SFS_Non_Digit_JC
SecRule &TX:Joomla "@eq 0" \
"id:223360,msg:'COMODO WAF: Track unauthenticated request in Joomla component||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,t:none,skipAfter:'JC_Skip_URF_222401',rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule TX:Joomla "@ge 1" \
"id:222401,chain,phase:2,pass,nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule &ARGS:task "@eq 0" \
"chain,t:none"
SecRule ARGS:option "@streq com_templates" \
"chain,t:none,t:lowercase"
SecRule REQUEST_METHOD "@streq get" \
"setvar:'SESSION.joomla_comtemplates=1',expirevar:'SESSION.joomla_comtemplates=300',t:none,t:lowercase"
SecRule TX:Joomla "@eq 1" \
"id:222402,chain,msg:'COMODO WAF: CSRF vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 (CVE-2015-8563) and Joomla! before 3.9.13 (CVE-2019-18650)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule &SESSION:joomla_comtemplates "!@ge 1" \
"chain,t:none"
SecRule ARGS:option "@streq com_templates" \
"chain,t:none,t:lowercase"
SecRule ARGS:task "@pm template.createFile template.renameFile template.delete template.createFolder template.deleteFolder template.uploadFile style.save2copy template.copyFile template.extractArchive template.overrides" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:222740,chain,msg:'COMODO WAF: Remote file inclusion vulnerability in the Jimtawl 2.1.6 and 2.2.5 component for Joomla (CVE-2018-6580)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:option "@streq com_jimtawl" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule FILES "@rx \.(?:php[\d]?|js|pl|rb|sh|p?html|asp|exe|com|htaccess)" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:222770,chain,msg:'COMODO WAF: Directory traversal vulnerability in K2 component 2.8.0 for Joomla (CVE-2018-7482)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_k2" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:target "@rx ^l1_(\w+)={0,2}$" \
"chain,capture,t:none"
SecRule TX:1 "@contains .." \
"t:base64Decode"
SecRule TX:Joomla "@ge 1" \
"id:222910,chain,msg:'COMODO WAF: SQL injection vulnerability in Solidres 2.5.1 component for Joomla (CVE-2018-5980)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_solidres" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:direction "!@within desc asc" \
"t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:Joomla "@ge 1" \
"id:222950,chain,msg:'COMODO WAF: Arbitrary File Upload vulnerability in Proclaim 9.1.1 component for Joomla (CVE-2018-7316)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_biblestudy" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_GET:view "@streq mediafileform" \
"chain,t:none,t:lowercase"
SecRule FILES "!@rx \.(?:jpe?g|gif|bmp|png|webp)$" \
"t:none,t:lowercase"
SecRule &SESSION:joomla_session "@ge 1" \
"id:222970,chain,phase:2,pass,nolog,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_jssupportticket" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_GET:cid[] "@ge 1" \
"setvar:'SESSION.com_jssupportticket=1',expirevar:'SESSION.com_jssupportticket=300',t:none"
SecRule &SESSION:joomla_session "@ge 1" \
"id:222971,chain,msg:'COMODO WAF: CSRF vulnerability in JS Support Ticket 1.1.0 component for Joomla (CVE-2018-6007)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_POST:option "@streq com_jssupportticket" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule &ARGS_POST:ticketid "@ge 1" \
"chain,t:none"
SecRule &SESSION:com_jssupportticket "!@eq 1" \
"t:none"
SecRule TX:Joomla "@ge 1" \
"id:223250,chain,msg:'COMODO WAF: XSS and Directory Traversal vulnerability in SP Easy Image Gallery 1.5 component for Joomla||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_speasyimagegallery" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS_POST:jform[image] "@rx (?:\x22|\.\.\/)" \
"t:none,t:urlDecodeUni"
SecRule TX:Joomla "@ge 1" \
"id:223290,chain,msg:'COMODO WAF: SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS_GET:option "@streq com_rbids" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS:filter_order_Dir "!@within asc desc" \
"t:none,t:lowercase"
SecMarker JC_Skip_URF_222401
SecRule REQUEST_FILENAME "@contains /images/" \
"id:223140,chain,msg:'COMODO WAF: Blocking execution of an uploaded shell in Joomla!||%{tx.domain}|%{tx.mode}|2',phase:3,deny,status:403,t:none,t:lowercase,t:normalizePath,rev:3,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule RESPONSE_CONTENT_TYPE "@streq text/htm" \
"chain,t:none,t:lowercase,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@rx \.(bmp|csv|doc|gif|ico|jpe?g|od(?:g|p|s|t)|p(?:df|ng|pt)|swf|txt|xcf|xls)$" \
"t:none,t:lowercase,t:urlDecodeUni"
SecRule REQUEST_FILENAME "@pm com_sexycontactform com_creativecontactform" \
"id:240010,chain,msg:'COMODO WAF: Protecting Joomla Creative Contact Form Files folder||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:lowercase,rev:4,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule REQUEST_FILENAME "@rx \/components\/com_(?:sexy|creative)contactform\/fileupload\/(files\/)?" \
"chain,t:none,t:urlDecodeUni,t:lowercase,t:normalizePath"
SecRule FILES "@rx \.(?:php|js|pl)(?:\.|$)" \
"t:none,t:lowercase"
SecRule ARGS_POST:option "@streq com_extplorer" \
"id:240030,chain,msg:'COMODO WAF: Possible Shell Upload Vulnerability in extplorer plugin for Joomla!||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:lowercase,rev:4,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule FILES "@contains .php" \
"t:none,t:lowercase"
SecRule REQUEST_FILENAME "@contains //" \
"id:240032,chain,msg:'COMODO WAF: Protecting extplorer Joomla Shell Upload Vulnerability||%{tx.domain}|%{tx.mode}|2',phase:2,capture,deny,status:403,log,t:none,t:urlDecodeUni,rev:4,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule REQUEST_FILENAME "@rx \/+components\/+com_extplorer" \
"chain,t:none,t:urlDecodeUni,t:lowercase"
SecRule TX:1 "@contains //" \
"t:none,t:urlDecodeUni"
SecRule ARGS_GET:dw_file "@contains ../" \
"id:223410,chain,msg:'COMODO WAF: Directory Traversal vulnerability in JE Messenger component 1.2.2 for Joomla (CVE-2019-9922)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule REQUEST_FILENAME "@endsWith /component/jemessenger/box_details" \
"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
SecRule REQUEST_FILENAME "@contains downloads/editor/core" \
"id:223500,chain,msg:'COMODO WAF: Remote File Upload Vulnerability in Joomla Content Editor JCE com_jce Plugin 2.6.33||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecode,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:task "@streq callelement" \
"chain,t:none"
SecRule ARGS:format "@streq raw" \
"chain,t:none"
SecRule &ARGS:item_id "@gt 0" \
"chain,t:none"
SecRule FILES "\.(?:php[\d]?|js|pl|rb|sh|p?html|asp|exe|com|htaccess)" \
"t:none,t:urlDecode"
SecRule REQUEST_FILENAME "@endsWith index.php" \
"id:223510,chain,msg:'COMODO WAF: Joomla com_jce Components Image Manager Plugin 2.6.33 Remote File Upload Vulnerability||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,t:none,t:urlDecode,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "com_jce" \
"chain,t:none"
SecRule ARGS:task "@streq plugin" \
"chain,t:none"
SecRule ARGS:plugin "@streq imgmanager" \
"chain,t:none"
SecRule ARGS:file "@streq imgmanage" \
"chain,t:none"
SecRule FILES "\.(?:php[\d]?|js|pl|rb|sh|p?html|asp|exe|com|htaccess)" \
"t:none,t:urlDecode"
SecRule REQUEST_METHOD "@streq POST" \
"id:223530,chain,msg:'COMODO WAF: SQLi vulnerability in Joomla! user notes||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,rev:2,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "@streq com_users" \
"chain,t:none,t:urlDecode"
SecRule ARGS:view "@streq notes" \
"chain,t:none,t:urlDecode"
SecRule ARGS:filter[category_id] "@rx [\x22\(\:]" \
"t:none,t:urlDecode"
SecRule REQUEST_FILENAME "@endsWith /index.php" \
"id:223540,chain,msg:'COMODO WAF: Joomla PrayerCenter 3.0.4 SQL Injection||%{tx.domain}|%{tx.mode}|2',phase:2,block,log,t:none,t:urlDecode,t:normalizePath,rev:1,severity:2,tag:'CWAF',tag:'JComponent'"
SecRule ARGS:option "@streq com_prayercenter" \
"chain,t:none,t:urlDecode"
SecRule ARGS:Itemid "@rx \D" \
"t:none,t:urlDecode"