SecRule REQUEST_FILENAME "/ajax/getsymptoms\.php" "phase:2,id:92738,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=361008" # http://www.atomicorp.com/ # Atomicorp (Gotroot.com) ModSecurity rules # Application Security Rules for modsec 2.x # # Created by the Prometheus Global (http://www.prometheus-group.com) # Copyright 2005-2021 by Atomicorp, Inc. all rights reserved. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. # # #---ASL-CONFIG-FILE--- # Do not edit this file! # This file is generated and changes will be overwritten. # # If you need to make changes to the rules, please follow the procedure here: # http://www.atomicorp.com/wiki/index.php/Mod_security SecDefaultAction "log,deny,auditlog,phase:4" #skip for ASL GUI SecRule SERVER_PORT "@streq 30000" "phase:4,id:333710,pass,t:none,nolog,noauditlog,skipAfter:END_POTENTIAL_CREDIT_CARD_OUT" #Detect sensitive numbers in output SecRule RESPONSE_BODY|RESPONSE_HEADERS:Location "@verifyCC (?:^|[^\d])(?Apache Tomcat.{,512}Error report" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential Error Message with sensitive information sent from tomcat',id:'361019',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "\bWarning: mysql_connect\(\)\:" "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Potential SQL Information Leakage',id:'361021',severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "You have an error in your SQL syntax; check the manual " "phase:4,rev:2,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Potential SQL Information Leakage',id:'361022',severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "SQLite.Exception|System.Data.SQLite.SQLiteException|Warning:.{,100}(?:sqlite_|SQLite3::)" "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Potential SQL Information Leakage',id:'361023',severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "\bsupplied argument is not a valid (?:MySQL|PostgreSQL)\b" "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Potential SQL Information Leakage',id:'361024',severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "\b(?:Column count doesn't match value count at row|MySQL server version for the right syntax to use)\b" "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: SQL Information Leakage',id:'361025',severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:Warning.{,512}*(?:sqlite|SQLite3)|SQLite/JDBCDriver|SQLite\.Exception)" "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: SQLite Information Leakage',id:'361225',severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "Exception (condition )?\d+\. Transaction rollback\." "phase:4,rev:1,t:none,capture,ctl:auditLogParts=+E,deny,log,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Potential Frontbase SQL Information Leakage detected',id:'361026',severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "org\.hsqldb\.jdbc" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential hsqldb SQL Error Message with sensitive information sent',id:'361140',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:Warning.{,512}ingres_|Ingres SQLSTATE|Ingres\W.{,512}Driver)" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential Informix SQL Error Message with sensitive information sent',id:'361141',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:Warning: ibase_|Unexpected end of command in statement)" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential Informix SQL Error Message with sensitive information sent',id:'361142',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:An illegal character has been found in the statement|com\.informix\.jdbc|Exception.{,512}Informix)" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential Informix SQL Error Message with sensitive information sent',id:'361143',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:SQL error.{,512}POS([0-9]+)|Warning.{,512}maxdb)" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential maxDB SQL Error Message with sensitive information sent',id:'361144',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:Sybase message:|Warning.{,512}sybase|Sybase.{,512}Server message)" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential maxDB SQL Error Message with sensitive information sent',id:'361145',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:DB2(?: SQL error:|/6000\])|\[IBM\]\[CLI Driver\]\[DB2/6000\]|CLI Driver.{,256}DB2|db2_ ?\()" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential IBM DB2 SQL Error Message with sensitive information sent',id:'361031',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "\[DM_QUERY_E_SYNTAX\]" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential EMC Error Message with sensitive information sent',id:'361032',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "Dynamic SQL Error" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential Firebirg Error Message with sensitive information sent',id:'361033',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:(?:JET|Access) Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential Microsoft SQL Error Message with sensitive information sent',id:'361030',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "(?:ORA-[0-9][0-9][0-9][0-9]|java\.sql\.SQLException|Oracle(?: error|.{,512}Driver)|Warning.{,512}oc(?:i|a)_)" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Potential Orale SQL Error Message with sensitive information sent',id:'361229',rev:2,severity:'1',tag:'no_ar'" SecRule RESPONSE_BODY "define\(\'(?:WP_DEBUG|DB_NAME)" "phase:4,deny,log,auditlog,capture,ctl:auditLogParts=+E,status:404,t:none,msg:'Atomicorp.com WAF Rules: Wordpress Config file download blocked',id:'361230',rev:3,severity:'1',tag:'no_ar'" SecMarker END_DLP_OUTPUT SecMarker END_POTENTIAL_ERROR_LEAK