ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: opt / bitninja-waf3 / coreruleset / BitNinja

SecRule REQUEST_URI "@pmFromFile web-shell-uri.data" "chain,phase:2,id:404001,block,\
severity:CRITICAL,\
msg:'Scanner protection based on Hello Peppa botnet',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
    SecRule ARGS_POST "@pmFromFile botnet-post-request.data" "setvar:tx.bn_inbound_found=+1"
SecRule RESPONSE_STATUS "404" "phase:3,id:404002,chain,\
msg:'Scanner protection based on Hello Peppa botnet',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
    SecRule ARGS_POST "@pmFromFile botnet-post-request.data" "setvar:tx.bn_outbound_found=+1"
SecRule RESPONSE_STATUS "404" "block,auditlog,phase:3,id:404003,chain,\
severity:CRITICAL,\
msg:'Scripting user agent protection',\
logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'"
SecRule REQUEST_FILENAME "!@endsWith /robots.txt" \
"t:none, chain"
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scripting-user-agents.data" "setvar:tx.bn_outbound_found=+1"
SecRule  REQUEST_HEADERS:User-Agent "@rx Bytespider" \
    "id:404004,\
    phase:2,\
    rev:'1',\
    severity:critical,\
    t:none,\
    setvar:'tx.bn_inbound_found=+1',\
    msg:'WAF Rule against Bytespider User-Agent',\
    logdata:'WAF Rule against Bytespider User-Agent'"

[-] 405-MAGENTO-REMOTE-EXECUTION-PROTECTION.conf [edit]
[-] 400030-status.conf [edit]
[+] ..
[-] 404-SCANNER-PROTECTION.conf [edit]
[-] malware-endpoints.data [edit]
[-] 419-REQUEST-BLOCKING-EVALUATION-BN.conf [edit]
[-] 402-DRUPAL-REMOTE-EXECUTION-PROTECTION.conf [edit]
[-] 401-WORDPRESS-BACKDOOR-PROTECTION.conf [edit]
[-] 410-OTHER-BN.conf [edit]
[-] 400-BITNINJA-INITIALIZATION.conf [edit]
[-] scripting-user-agents.data [edit]
[-] 104-TYPO3-MAGENTO-EXCLUSION-RULES.conf [edit]
[-] botnet-post-request.data [edit]
[-] 407-BOTNET-PROTECTION.conf [edit]
[-] 406-WORDPRESS-PLUGIN-VULNERABILITY-PROTECTION.conf [edit]
[-] 403-MODX-REVOLUTION-REMOETE-EXECUTION-PROTECTION.conf [edit]
[-] 408-SYMFONY-PROTECTION-BN.conf [edit]
[-] 409-ANTIMALWARE-PROTECTION-BN.conf [edit]
[-] web-shell-uri.data [edit]