API tools faq
paste
Advertisement
Guest User

httpd.xml

a guest
Oct 17th, 2013
123
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.75 KB | None | 0 0
raw download clone embed print report
  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <patterndb version='3' pub_date='2013-09-12'>
  3. <ruleset id='511daaa7-1c02-11e3-919d-ca66d2f45ab4' name='domain-httpd-error-log'>
  4. <pattern>httpd</pattern>
  5. <rules>
  6.  
  7. <rule id='2e6e96c7-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  8. <patterns>
  9. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] [client @IPv4:client_ip@:@NUMBER:client_port@] @ESTRING:httpd.err_code::@ @ESTRING:httpd_log_msg:,@ referer @ANYSTRING:httpd.referer@</pattern>
  10. </patterns>
  11. <examples>
  12. <example>
  13. <test_message program='httpd'>[2013-09-04 03:29:40.270315] [proxy_http:error] [pid 10256:tid 139776264361728] [client 186.220.148.246:46498] AH01114: HTTP: failed to make connection to backend: 108.179.254.183, referer http://www.domain.com.br/wp/wp-content/themes/musicpro/style.css</test_message>
  14. <test_values>
  15. <test_value name="httpd.req.year">2013</test_value>
  16. <test_value name="httpd.req.month">09</test_value>
  17. <test_value name="httpd.req.day">04</test_value>
  18. <test_value name="httpd.req.hour">03</test_value>
  19. <test_value name="httpd.req.min">29</test_value>
  20. <test_value name="httpd.req.sec">40</test_value>
  21. <test_value name="httpd.req.microsec">270315</test_value>
  22. <test_value name="httpd.module">proxy_http</test_value>
  23. <test_value name="httpd_log_level">error</test_value>
  24. <test_value name="httpd.pid">10256</test_value>
  25. <test_value name="httpd.tid">139776264361728</test_value>
  26. <test_value name="client_ip">186.220.148.246</test_value>
  27. <test_value name="client_port">46498</test_value>
  28. <test_value name="httpd.err_code">AH01114</test_value>
  29. <test_value name="httpd_log_msg">HTTP: failed to make connection to backend: 108.179.254.183</test_value>
  30. <test_value name="httpd.referer">http://www.domain.com.br/wp/wp-content/themes/musicpro/style.css</test_value>
  31. </test_values>
  32. </example>
  33. </examples>
  34. </rule>
  35.  
  36. <rule id='4a54e811-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  37. <patterns>
  38. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] [client @IPv4:client_ip@:@NUMBER:client_port@] @ESTRING:httpd.err_code::@ @ANYSTRING:httpd_log_msg@</pattern>
  39. </patterns>
  40. <examples>
  41. <example>
  42. <test_message program='httpd'>[2013-08-30 22:42:14.522911] [core:error] [pid 6031:tid 140122016151296] [client 127.0.0.1:15149] AH00082: an unknown filter was not added: DEFLATE</test_message>
  43. <test_values>
  44. <test_value name="httpd.req.year">2013</test_value>
  45. <test_value name="httpd.req.month">08</test_value>
  46. <test_value name="httpd.req.day">30</test_value>
  47. <test_value name="httpd.req.hour">22</test_value>
  48. <test_value name="httpd.req.min">42</test_value>
  49. <test_value name="httpd.req.sec">14</test_value>
  50. <test_value name="httpd.req.microsec">522911</test_value>
  51. <test_value name="httpd.module">core</test_value>
  52. <test_value name="httpd_log_level">error</test_value>
  53. <test_value name="httpd.pid">6031</test_value>
  54. <test_value name="httpd.tid">140122016151296</test_value>
  55. <test_value name="client_ip">127.0.0.1</test_value>
  56. <test_value name="client_port">15149</test_value>
  57. <test_value name="httpd.err_code">AH00082</test_value>
  58. <test_value name="httpd_log_msg">an unknown filter was not added: DEFLATE</test_value>
  59. </test_values>
  60. </example>
  61. </examples>
  62. </rule>
  63.  
  64. <rule id='52a31c61-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  65. <patterns>
  66. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] @ESTRING:httpd.err_code::@ @ANYSTRING:httpd_log_msg@</pattern>
  67. </patterns>
  68. <examples>
  69. <example>
  70. <test_message program='httpd'>[2013-08-31 03:22:03.344224] [mpm_event:notice] [pid 17230:tid 139776559662848] AH00493: SIGUSR1 received. Doing graceful restart</test_message>
  71. <test_values>
  72. <test_value name="httpd.req.year">2013</test_value>
  73. <test_value name="httpd.req.month">08</test_value>
  74. <test_value name="httpd.req.day">31</test_value>
  75. <test_value name="httpd.req.hour">03</test_value>
  76. <test_value name="httpd.req.min">22</test_value>
  77. <test_value name="httpd.req.sec">03</test_value>
  78. <test_value name="httpd.req.microsec">344224</test_value>
  79. <test_value name="httpd.module">mpm_event</test_value>
  80. <test_value name="httpd_log_level">notice</test_value>
  81. <test_value name="httpd.pid">17230</test_value>
  82. <test_value name="httpd.tid">139776559662848</test_value>
  83. <test_value name="httpd.err_code">AH00493</test_value>
  84. <test_value name="httpd_log_msg">SIGUSR1 received. Doing graceful restart</test_value>
  85. </test_values>
  86. </example>
  87. </examples>
  88. </rule>
  89.  
  90. <rule id='6556ebb2-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  91. <patterns>
  92. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] [@ESTRING:httpd.pagespeed_ver:]@ @ANYSTRING:httpd_log_msg@</pattern>
  93. </patterns>
  94. <examples>
  95. <example>
  96. <test_message program='httpd'>[2013-08-30 22:03:24.430828] [pagespeed:warn] [pid 6031:tid 140121869293312] [mod_pagespeed 1.3.25.4-2941 @6031] 300x75xlogo-sort-300x75.png:0: Resource based on http://www.psyzone.org/wp-content/uploads/2011/10/logo-sort-300x75.png but cannot access the original</test_message>
  97. <test_values>
  98. <test_value name="httpd.req.year">2013</test_value>
  99. <test_value name="httpd.req.month">08</test_value>
  100. <test_value name="httpd.req.day">30</test_value>
  101. <test_value name="httpd.req.hour">22</test_value>
  102. <test_value name="httpd.req.min">03</test_value>
  103. <test_value name="httpd.req.sec">24</test_value>
  104. <test_value name="httpd.req.microsec">430828</test_value>
  105. <test_value name="httpd.module">pagespeed</test_value>
  106. <test_value name="httpd_log_level">warn</test_value>
  107. <test_value name="httpd.pid">6031</test_value>
  108. <test_value name="httpd.tid">140121869293312</test_value>
  109. <test_value name="httpd.pagespeed_ver">mod_pagespeed 1.3.25.4-2941 @6031</test_value>
  110. <test_value name="httpd_log_msg">300x75xlogo-sort-300x75.png:0: Resource based on http://www.psyzone.org/wp-content/uploads/2011/10/logo-sort-300x75.png but cannot access the original</test_value>
  111. </test_values>
  112. </example>
  113. </examples>
  114. </rule>
  115.  
  116. <rule id='6bcd01cd-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  117. <patterns>
  118. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] [client @IPv4:client_ip@] ModSecurity: @ESTRING:httpd.mod_sec.error_type:.@ @ESTRING:httpd.mod_sec.err:.@ [file @QSTRING:httpd.mod_sec.rule_file:"@] [line @QSTRING:httpd.mod_sec.rule_file_line:"@] [id @QSTRING:httpd.mod_sec.rule_id:"@] [msg @QSTRING:httpd_mod_sec_msg:"@] [hostname @QSTRING:httpd.req.domain:"@] [uri @QSTRING:httpd.req.uri:"@] [unique_id @QSTRING:httpd.req.unique_id:"@]</pattern>
  119. </patterns>
  120. <examples>
  121. <example>
  122. <test_message program='httpd'>[2013-09-07 21:37:15.927194] [-:error] [pid 29919:tid 139776111916800] [client 186.220.148.246] ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "40"] [id "981205"] [msg "Outbound Anomaly Score Exceeded (score 4): The application is not available"] [hostname "www.domain.com.br"] [uri "/wp/wp-content/plugins/facebook/style/style.css"] [unique_id "Uiuci8CoALkAAHTftroAAACH"]</test_message>
  123. <test_values>
  124. <test_value name="httpd.req.year">2013</test_value>
  125. <test_value name="httpd.req.month">09</test_value>
  126. <test_value name="httpd.req.day">07</test_value>
  127. <test_value name="httpd.req.hour">21</test_value>
  128. <test_value name="httpd.req.min">37</test_value>
  129. <test_value name="httpd.req.sec">15</test_value>
  130. <test_value name="httpd.req.microsec">927194</test_value>
  131. <test_value name="httpd.module">-</test_value>
  132. <test_value name="httpd_log_level">error</test_value>
  133. <test_value name="httpd.pid">29919</test_value>
  134. <test_value name="httpd.tid">139776111916800</test_value>
  135. <test_value name="client_ip">186.220.148.246</test_value>
  136. <test_value name="httpd.mod_sec.error_type">Warning</test_value>
  137. <test_value name="httpd.mod_sec.err">Operator GE matched 4 at TX:outbound_anomaly_score</test_value>
  138. <test_value name="httpd.mod_sec.rule_file">/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf</test_value>
  139. <test_value name="httpd.mod_sec.rule_file_line">40</test_value>
  140. <test_value name="httpd.mod_sec.rule_id">981205</test_value>
  141. <test_value name="httpd_mod_sec_msg">Outbound Anomaly Score Exceeded (score 4): The application is not available</test_value>
  142. <test_value name="httpd.req.domain">www.domain.com.br</test_value>
  143. <test_value name="httpd.req.uri">/wp/wp-content/plugins/facebook/style/style.css</test_value>
  144. <test_value name="httpd.req.unique_id">Uiuci8CoALkAAHTftroAAACH</test_value>
  145. </test_values>
  146. </example>
  147. </examples>
  148. </rule>
  149.  
  150. <rule id='74c17b58-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  151. <patterns>
  152. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] [client @IPv4:client_ip@] ModSecurity: @ESTRING:httpd.mod_sec.error_type:.@ @ESTRING:httpd.mod_sec.err:. @[file @QSTRING:httpd.mod_sec.rule_file:"@] [line @QSTRING:httpd.mod_sec.rule_file_line:"@] [id @QSTRING:httpd.mod_sec.rule_id:"@] [msg @QSTRING:httpd_mod_sec_msg:"@] [data @QSTRING:httpd_mod_sec_msg_data:"@] [hostname @QSTRING:httpd.req.domain:"@] [uri @QSTRING:httpd.req.uri:"@] [unique_id @QSTRING:httpd.req.unique_id:"@]</pattern>
  153. </patterns>
  154. <examples>
  155. <example>
  156. <test_message program='httpd'>[2013-09-08 23:58:54.708926] [-:error] [pid 23103:tid 139776069957376] [client 177.148.201.194] ModSecurity: Warning. Pattern match (.*) at TX:950901-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-ARGS:s. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_49_inbound_blocking.conf"] [line "26"] [id "981176"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25, SQLi=5, XSS=20): Last Matched Message: IE XSS Filters - Attack Detected."] [data "Last Matched Data: script> corinthians"] [hostname "www.domain.com.br"] [uri "/wp/"] [unique_id "Ui0PPsCoALkAAFo-HwwAAADK"]</test_message>
  157. <test_values>
  158. <test_value name="httpd.req.year">2013</test_value>
  159. <test_value name="httpd.req.month">09</test_value>
  160. <test_value name="httpd.req.day">08</test_value>
  161. <test_value name="httpd.req.hour">23</test_value>
  162. <test_value name="httpd.req.min">58</test_value>
  163. <test_value name="httpd.req.sec">54</test_value>
  164. <test_value name="httpd.req.microsec">708926</test_value>
  165. <test_value name="httpd.module">-</test_value>
  166. <test_value name="httpd_log_level">error</test_value>
  167. <test_value name="httpd.pid">23103</test_value>
  168. <test_value name="httpd.tid">139776069957376</test_value>
  169. <test_value name="client_ip">177.148.201.194</test_value>
  170. <test_value name="httpd.mod_sec.error_type">Warning</test_value>
  171. <test_value name="httpd.mod_sec.err">Pattern match (.*) at TX:950901-OWASP_CRS/WEB_ATTACK/SQL_INJECTION-ARGS:s</test_value>
  172. <test_value name="httpd.mod_sec.rule_file">/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_49_inbound_blocking.conf</test_value>
  173. <test_value name="httpd.mod_sec.rule_file_line">26</test_value>
  174. <test_value name="httpd.mod_sec.rule_id">981176</test_value>
  175. <test_value name="httpd_mod_sec_msg">Inbound Anomaly Score Exceeded (Total Score: 25, SQLi=5, XSS=20): Last Matched Message: IE XSS Filters - Attack Detected.</test_value>
  176. <test_value name="httpd_mod_sec_msg_data">Last Matched Data: script> corinthians</test_value>
  177. <test_value name="httpd.req.domain">www.domain.com.br</test_value>
  178. <test_value name="httpd.req.uri">/wp/</test_value>
  179. <test_value name="httpd.req.unique_id">Ui0PPsCoALkAAFo-HwwAAADK</test_value>
  180. </test_values>
  181. </example>
  182. </examples>
  183. </rule>
  184.  
  185. <rule id='7e95e8ca-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  186. <patterns>
  187. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] [client @IPv4:client_ip@] ModSecurity: @ESTRING:httpd.mod_sec.error_type:.@ @ESTRING:httpd.mod_sec.err:. @[file @QSTRING:httpd.mod_sec.rule_file:"@] [line @QSTRING:httpd.mod_sec.rule_file_line:"@] [id @QSTRING:httpd.mod_sec.rule_id:"@] [msg @QSTRING:httpd_mod_sec_msg:"@] [severity @QSTRING:httpd.mod_sec.severity:"@] [hostname @QSTRING:httpd.req.domain:"@] [uri @QSTRING:httpd.req.uri:"@] [unique_id @QSTRING:httpd.req.unique_id:"@]</pattern>
  188. </patterns>
  189. <examples>
  190. <example>
  191. <test_message program='httpd'>[2013-09-09 00:21:12.894361] [-:error] [pid 24738:tid 140121907083008] [client 177.148.201.194] ModSecurity: Warning. Operator GE matched 1 at TX. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf"] [line "29"] [id "981202"] [msg "Correlated Attack Attempt Identified: (Total Score: 7, SQLi=1, XSS=) Inbound Attack (Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded Inbound Anomaly Score: 3) + Outbound Application Error (The application is not available - Outbound Anomaly Score: 4)"] [severity "ALERT"] [hostname "www.domain.com.br"] [uri "/wp/"] [unique_id "Ui0UeMbHU0UAAGCi-RoAAADQ"]</test_message>
  192. <test_values>
  193. <test_value name="httpd.req.year">2013</test_value>
  194. <test_value name="httpd.req.month">09</test_value>
  195. <test_value name="httpd.req.day">09</test_value>
  196. <test_value name="httpd.req.hour">00</test_value>
  197. <test_value name="httpd.req.min">21</test_value>
  198. <test_value name="httpd.req.sec">12</test_value>
  199. <test_value name="httpd.req.microsec">894361</test_value>
  200. <test_value name="httpd.module">-</test_value>
  201. <test_value name="httpd_log_level">error</test_value>
  202. <test_value name="httpd.pid">24738</test_value>
  203. <test_value name="httpd.tid">140121907083008</test_value>
  204. <test_value name="client_ip">177.148.201.194</test_value>
  205. <test_value name="httpd.mod_sec.error_type">Warning</test_value>
  206. <test_value name="httpd.mod_sec.err">Operator GE matched 1 at TX</test_value>
  207. <test_value name="httpd.mod_sec.rule_file">/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_60_correlation.conf</test_value>
  208. <test_value name="httpd.mod_sec.rule_file_line">29</test_value>
  209. <test_value name="httpd.mod_sec.rule_id">981202</test_value>
  210. <test_value name="httpd_mod_sec_msg">Correlated Attack Attempt Identified: (Total Score: 7, SQLi=1, XSS=) Inbound Attack (Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded Inbound Anomaly Score: 3) + Outbound Application Error (The application is not available - Outbound Anomaly Score: 4)</test_value>
  211. <test_value name="httpd.mod_sec.severity">ALERT</test_value>
  212. <test_value name="httpd.req.domain">www.domain.com.br</test_value>
  213. <test_value name="httpd.req.uri">/wp/</test_value>
  214. <test_value name="httpd.req.unique_id">Ui0UeMbHU0UAAGCi-RoAAADQ</test_value>
  215. </test_values>
  216. </example>
  217. </examples>
  218. </rule>
  219.  
  220. <rule id='854da8bd-1bff-11e3-919d-ca66d2f45ab4' provider='domain' class='error'>
  221. <patterns>
  222. <pattern>[@NUMBER:httpd.req.year@-@NUMBER:httpd.req.month@-@NUMBER:httpd.req.day@ @NUMBER:httpd.req.hour@:@NUMBER:httpd.req.min@:@NUMBER:httpd.req.sec@.@NUMBER:httpd.req.microsec@] [@ESTRING:httpd.module::@@ESTRING:httpd_log_level:]@ [pid @NUMBER:httpd.pid@:tid @NUMBER:httpd.tid@] [client @IPv4:client_ip@] ModSecurity: @ESTRING:httpd.mod_sec.error_type:.@ @ESTRING:httpd.mod_sec.err:. @[file @QSTRING:httpd.mod_sec.rule_file:"@] [line @QSTRING:httpd.mod_sec.rule_file_line:"@] [id @QSTRING:httpd.mod_sec.rule_id:"@] [rev "@NUMBER@"] [msg @QSTRING:httpd_mod_sec_msg:"@] [data @QSTRING:httpd_mod_sec_msg_data:"@] [severity @QSTRING:httpd_mod_sec_severity:"@] [ver @QSTRING:httpd.mod_sec.owasp_ver:"@] [maturity @QSTRING:httpd.mod_sec.maturity:"@] [accuracy @QSTRING:httpd.mod_sec.accuracy:"@] [tag @QSTRING:httpd.mod_sec.attack_type:"@] [tag @QSTRING:httpd.mod_sec.attack_class1:"@] [tag @QSTRING:httpd.mod_sec.attack_class2:"@] [tag @QSTRING:httpd.mod_sec.attack_rank:"@] [tag @QSTRING::"@] [tag @QSTRING::"@] [hostname @QSTRING:httpd.req.domain:"@] [uri @QSTRING:httpd.req.uri:"@] [unique_id @QSTRING:httpd.req.unique_id:"@]</pattern>
  223. </patterns>
  224. <examples>
  225. <example>
  226. <test_message program='httpd'>[2013-09-08 23:58:54.707369] [-:error] [pid 23103:tid 139776069957376] [client 177.148.201.194] ModSecurity: Warning. Pattern match "(?i)(*?)" at ARGS:s. [file "/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "14"] [id "973336"] [rev "1"] [msg "XSS Filter - Category 1: Script Tag Vector"] [data "Matched Data: script> found within ARGS:s: script> corinthians"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.7"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.domain.com.br"] [uri "/wp/"] [unique_id "Ui0PPsCoALkAAFo-HwwAAADK"]</test_message>
  227. <test_values>
  228. <test_value name="httpd.req.year">2013</test_value>
  229. <test_value name="httpd.req.month">09</test_value>
  230. <test_value name="httpd.req.day">08</test_value>
  231. <test_value name="httpd.req.hour">23</test_value>
  232. <test_value name="httpd.req.min">58</test_value>
  233. <test_value name="httpd.req.sec">54</test_value>
  234. <test_value name="httpd.req.microsec">707369</test_value>
  235. <test_value name="httpd.module">-</test_value>
  236. <test_value name="httpd_log_level">error</test_value>
  237. <test_value name="httpd.pid">23103</test_value>
  238. <test_value name="httpd.tid">139776069957376</test_value>
  239. <test_value name="client_ip">177.148.201.194</test_value>
  240. <test_value name="httpd.mod_sec.error_type">Warning</test_value>
  241. <test_value name="httpd.mod_sec.err">Pattern match "(?i)(*?)" at ARGS:s</test_value>
  242. <test_value name="httpd.mod_sec.rule_file">/opt/apps/httpd/conf/owasp-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf</test_value>
  243. <test_value name="httpd.mod_sec.rule_file_line">14</test_value>
  244. <test_value name="httpd.mod_sec.rule_id">973336</test_value>
  245. <test_value name="httpd_mod_sec_msg">XSS Filter - Category 1: Script Tag Vector</test_value>
  246. <test_value name="httpd_mod_sec_msg_data">Matched Data: script> found within ARGS:s: script> corinthians</test_value>
  247. <test_value name="httpd.mod_sec.severity">CRITICAL</test_value>
  248. <test_value name="httpd.mod_sec.owasp_ver">OWASP_CRS/2.2.7</test_value>
  249. <test_value name="httpd.mod_sec.maturity">1</test_value>
  250. <test_value name="httpd.mod_sec.accuracy">8</test_value>
  251. <test_value name="httpd.mod_sec.attack_type">OWASP_CRS/WEB_ATTACK/XSS</test_value>
  252. <test_value name="httpd.mod_sec.attack_class1">WASCTC/WASC-8</test_value>
  253. <test_value name="httpd.mod_sec.attack_class2">WASCTC/WASC-22</test_value>
  254. <test_value name="httpd.mod_sec.attack_rank">OWASP_TOP_10/A2</test_value>
  255. <test_value name="httpd.req.domain">www.domain.com.br</test_value>
  256. <test_value name="httpd.req.uri">/wp/</test_value>
  257. <test_value name="httpd.req.unique_id">Ui0PPsCoALkAAFo-HwwAAADK</test_value>
  258. </test_values>
  259. </example>
  260. </examples>
  261. </rule>
  262.  
  263. </rules>
  264. </ruleset>
  265. </patterndb>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!