SHOW:
|
|
- or go back to the newest paste.
| 1 | Abdelmoughite Eljoaydi | |
| 2 | ||
| 3 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # | |
| 4 | # | |
| 5 | # SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME| | |
| 6 | # ARGS_NAMES|ARGS|XML:/* "(?i:[ /+\t\"\'`]style[ /+\t]*?=.*?([:=]|(&[# | |
| 7 | # ()=]x?0*((58)|(3A)|(61)|(3D));?)).*?([(\\\\]|(&[#()=]x?0*((40)|(28)| | |
| 8 | # (92)|(5C));?)))" | |
| 9 | # "phase:2,rev:'2.2.5',id:'873314',capture,logdata:'%{TX.0}',t:none,
| |
| 10 | # t:htmlEntityDecode,t:compressWhiteSpace,block,msg:'IE XSS Filters – | |
| 11 | # Attack Detected',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%
| |
| 12 | # {tx.critical_anomaly_score},setvar:tx.anomaly_score=+%
| |
| 13 | # {tx.critical_anomaly_score},setvar:tx.%{rule.
| |
| 14 | # id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}"
| |
| 15 | # | |
| 16 | # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # | |
| 17 | # | |
| 18 | # SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME| | |
| 19 | # "ARGS_NAMES|ARGS|XML:/* "(?i:<script[ /+\t].*?((type)|(codetype)|(cla | |
| 20 | # ssid)|(code)|(data))[ /+\t]*=)" | |
| 21 | # "phase:2,rev:'2.2.5',id:'873314',capture,logdata:'%{TX.0}',t:none,
| |
| 22 | # t:htmlEntityDecode,t:compressWhiteSpace,block,msg:'IE XSS Filters – | |
| 23 | # Attack Detected',setvar:'tx.msg=%{rule.msg}',
| |
| 24 | # setvar:tx.xss_score=+%{tx.critical_anomaly_score},
| |
| 25 | # setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},
| |
| 26 | # setvar:tx.%{rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0} |
