Linux sagir-us1.hostever.us 5.14.0-570.51.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Oct 8 09:41:34 EDT 2025 x86_64
LiteSpeed
Server IP : 104.247.108.91 & Your IP : 216.73.216.26
Domains : 74 Domain
User : georgeto
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
local /
lsws /
modsec /
OWASP3 /
rules /
Delete
Unzip
Name
Size
Permission
Date
Action
REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
7.48
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-901-INITIALIZATION.conf
13.58
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
13.31
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
25.28
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
10.46
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf
7.71
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf
1.9
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
17.97
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-905-COMMON-EXCEPTIONS.conf
1.59
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-910-IP-REPUTATION.conf
10.16
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-911-METHOD-ENFORCEMENT.conf
2.62
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-912-DOS-PROTECTION.conf
10.42
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-913-SCANNER-DETECTION.conf
6.97
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-920-PROTOCOL-ENFORCEMENT.conf
53.07
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-921-PROTOCOL-ATTACK.conf
16.41
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-922-MULTIPART-ATTACK.conf
4.38
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-930-APPLICATION-ATTACK-LFI.conf
5.89
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-931-APPLICATION-ATTACK-RFI.conf
5.62
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-932-APPLICATION-ATTACK-RCE.conf
53.59
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-933-APPLICATION-ATTACK-PHP.conf
31.93
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-934-APPLICATION-ATTACK-NODEJS.conf
3.9
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-941-APPLICATION-ATTACK-XSS.conf
39.52
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-942-APPLICATION-ATTACK-SQLI.conf
68.87
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
5.16
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-944-APPLICATION-ATTACK-JAVA.conf
15
KB
-rw-r--r--
2023-08-02 10:15
REQUEST-949-BLOCKING-EVALUATION.conf
4.07
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-950-DATA-LEAKAGES.conf
4.67
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-951-DATA-LEAKAGES-SQL.conf
17.55
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-952-DATA-LEAKAGES-JAVA.conf
3.5
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-953-DATA-LEAKAGES-PHP.conf
4.91
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-954-DATA-LEAKAGES-IIS.conf
5.7
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-959-BLOCKING-EVALUATION.conf
4.18
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-980-CORRELATION.conf
6.71
KB
-rw-r--r--
2023-08-02 10:15
RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
3
KB
-rw-r--r--
2023-08-02 10:15
crawlers-user-agents.data
786
B
-rw-r--r--
2023-08-02 10:15
iis-errors.data
551
B
-rw-r--r--
2023-08-02 10:15
java-classes.data
933
B
-rw-r--r--
2023-08-02 10:15
java-code-leakages.data
264
B
-rw-r--r--
2023-08-02 10:15
java-errors.data
240
B
-rw-r--r--
2023-08-02 10:15
lfi-os-files.data
30.48
KB
-rw-r--r--
2023-08-02 10:15
php-config-directives.data
5.28
KB
-rw-r--r--
2023-08-02 10:15
php-errors.data
8.99
KB
-rw-r--r--
2023-08-02 10:15
php-function-names-933150.data
683
B
-rw-r--r--
2023-08-02 10:15
php-function-names-933151.data
20.78
KB
-rw-r--r--
2023-08-02 10:15
php-variables.data
224
B
-rw-r--r--
2023-08-02 10:15
restricted-files.data
2
KB
-rw-r--r--
2023-08-02 10:15
restricted-upload.data
390
B
-rw-r--r--
2023-08-02 10:15
scanners-headers.data
216
B
-rw-r--r--
2023-08-02 10:15
scanners-urls.data
418
B
-rw-r--r--
2023-08-02 10:15
scanners-user-agents.data
4.75
KB
-rw-r--r--
2023-08-02 10:15
scripting-user-agents.data
717
B
-rw-r--r--
2023-08-02 10:15
sql-errors.data
1.85
KB
-rw-r--r--
2023-08-02 10:15
unix-shell.data
1.35
KB
-rw-r--r--
2023-08-02 10:15
windows-powershell-commands.data
3.83
KB
-rw-r--r--
2023-08-02 10:15
Save
Rename
# ------------------------------------------------------------------------ # OWASP ModSecurity Core Rule Set ver.3.3.5 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2023 Core Rule Set project. All rights reserved. # # The OWASP ModSecurity Core Rule Set is distributed under # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # # ------------------------------------------------------------------------ # These exclusions remedy false positives in a default Dokuwiki install. # The exclusions are only active if crs_exclusions_dokuwiki=1 is set. # See rule 900130 in crs-setup.conf.example for instructions. # # Note, if you want to relax the upload restrictions, # see rule 900240. For Dokuwiki you can limit the exception # to the ajax.php file: # # SecRule REQUEST_FILENAME "@endsWith /lib/exe/ajax.php" ... # SecRule &TX:crs_exclusions_dokuwiki|TX:crs_exclusions_dokuwiki "@eq 0" \ "id:9004000,\ phase:1,\ pass,\ t:none,\ nolog,\ ver:'OWASP_CRS/3.3.5',\ skipAfter:END-DOKUWIKI" SecRule &TX:crs_exclusions_dokuwiki|TX:crs_exclusions_dokuwiki "@eq 0" \ "id:9004001,\ phase:2,\ pass,\ t:none,\ nolog,\ ver:'OWASP_CRS/3.3.5',\ skipAfter:END-DOKUWIKI" # # -=[ Dokuwiki Front-End ]=- # # Note on files specified: # /doku.php: shows pages, saves, edits, admin # /lib/exe/ajax.php: autosave, uploads # # Allow pages to be edited, and ajax to save drafts. # # ARGS 'wikitext', 'suffix', and 'prefix' must allow the same things, # as the page (in part or whole) is passed via 'suffix/prefix' at times. # attack-protocol (921110-921160/920230): Allows odd characters on the page. # CRS: (still need attack-protocol specified.) # attack-injection-php (930000-933999): Allows code on page. # attack-sqli (940000-942999): Allows SQL expressions on page. # # Others: # 930100-930110;REQUEST_BODY: if there's a /../ in the text. # # ARGS:summary (the text in the 'summary' box on page edits.): # Allowing 930120-930130 lets user save summaries with # system file names. This should not be needed in normal # use. But leaving a note here of how to allow in rule below: # ctl:ruleRemoveTargetById=930120;ARGS:summary # ctl:ruleRemoveTargetById=930130;ARGS:summary # # Also, can't specify: # SecRule ARGS:do "@streq edit" \ # SecRule REQUEST_FILENAME "@endsWith /lib/exe/ajax.php"\ # because at times the do=edit can get dropped, so if we use # above the edit will get blocked when the page is saved. # Hint: those using .htaccess rewrites can remove/replace # this first 'SecRule...' line with 'SecAction \' (unsupported). SecRule REQUEST_FILENAME "@rx (?:/doku.php|/lib/exe/ajax.php)$" \ "id:9004100,\ phase:2,\ pass,\ t:none,\ nolog,\ ver:'OWASP_CRS/3.3.5',\ chain" SecRule REQUEST_METHOD "@streq POST" \ "t:none,\ chain" SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ "t:none,\ ctl:ruleRemoveTargetByTag=attack-protocol;ARGS:wikitext,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:wikitext,\ ctl:ruleRemoveTargetByTag=attack-protocol;ARGS:suffix,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:suffix,\ ctl:ruleRemoveTargetByTag=attack-protocol;ARGS:prefix,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:prefix,\ ctl:ruleRemoveTargetById=930100-930110;REQUEST_BODY" # Allow it to upload files. But check for cookies just to make sure. SecRule REQUEST_FILENAME "@endsWith /lib/exe/ajax.php" \ "id:9004110,\ phase:2,\ pass,\ t:none,\ nolog,\ noauditlog,\ ver:'OWASP_CRS/3.3.5',\ chain" SecRule REQUEST_METHOD "@streq POST" \ "t:none,\ chain" SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ "t:none,\ setvar:'tx.allowed_request_content_type=%{tx.allowed_request_content_type}|application/octet-stream'" # Show the index, even if things like "postgresql" or other things show up. SecRule REQUEST_FILENAME "@endsWith /doku.php" \ "id:9004130,\ phase:2,\ pass,\ t:none,\ nolog,\ noauditlog,\ ver:'OWASP_CRS/3.3.5',\ chain" SecRule ARGS:do "@streq index" \ "t:none,\ chain" SecRule &ARGS:do "@eq 1" \ "t:none,\ ctl:ruleRemoveById=951240,\ ctl:ruleRemoveById=953110" # # [ Login form ] # # Turn off checks for password. SecRule REQUEST_FILENAME "@endsWith /doku.php" \ "id:9004200,\ phase:2,\ pass,\ t:none,\ nolog,\ noauditlog,\ ver:'OWASP_CRS/3.3.5',\ chain" SecRule ARGS:do "@streq login" \ "t:none,\ chain" SecRule &ARGS:do "@eq 1" \ "t:none,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:p" # # [ Admin Area ] # # Skip this section for performance unless do=admin is in request SecRule ARGS:do "!@streq admin" \ "id:9004300,\ phase:1,\ pass,\ t:none,\ nolog,\ ver:'OWASP_CRS/3.3.5',\ skipAfter:END-DOKUWIKI-ADMIN" SecRule ARGS:do "!@streq admin" \ "id:9004310,\ phase:2,\ pass,\ t:none,\ nolog,\ ver:'OWASP_CRS/3.3.5',\ skipAfter:END-DOKUWIKI-ADMIN" # [ Reset password ] # # Turn off checks for pass1, pass1-text, pass2 SecRule REQUEST_FILENAME "@endsWith /doku.php" \ "id:9004320,\ phase:2,\ pass,\ t:none,\ nolog,\ noauditlog,\ ver:'OWASP_CRS/3.3.5',\ chain" SecRule ARGS:do "@streq login" \ "t:none,\ chain" SecRule &ARGS:do "@eq 1" \ "t:none,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass1-text,\ ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2" # [ Save config ] # # Allow the config to be saved: # 942200: If the user adds "..." to tagline: ARGS:config[tagline] # 942430: if ARGS:config[hidepages] has pages looking like sql statements # 942430,942440: "--- //[[@MAIL@|@NAME@]] @DATE@//"]" in ARGS:config[signature] SecRule REQUEST_FILENAME "@endsWith /doku.php" \ "id:9004370,\ phase:2,\ pass,\ t:none,\ nolog,\ noauditlog,\ ver:'OWASP_CRS/3.3.5',\ chain" SecRule ARGS:page "@streq config" \ "t:none,\ chain" SecRule &ARGS:page "@eq 1" \ "t:none,\ chain" SecRule REQUEST_METHOD "@streq POST" \ "t:none,\ chain" SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ "t:none,\ ctl:ruleRemoveTargetById=920230;ARGS:config[dformat],\ ctl:ruleRemoveTargetById=942200;ARGS:config[tagline],\ ctl:ruleRemoveTargetById=942430;ARGS:config[hidepages],\ ctl:ruleRemoveTargetById=942430-942440;ARGS:config[signature]" # When the config loads after a save, it gets blocked because # it has 'readdir' and lines that look like sql # 942430,942440: "--- //[[@MAIL@|@NAME@]] @DATE@//"]" in ARGS:config[signature] # 951240,953110: When the page reloads, it triggers # postgres and php code disclosure rules. SecRule REQUEST_FILENAME "@endsWith /doku.php" \ "id:9004380,\ phase:2,\ pass,\ t:none,\ nolog,\ noauditlog,\ ver:'OWASP_CRS/3.3.5',\ chain" SecRule ARGS:page "@streq config" \ "t:none,\ chain" SecRule &ARGS:page "@eq 1" \ "t:none,\ chain" SecRule REQUEST_COOKIES:/S?DW[a-f0-9]+/ "@rx ^[%a-zA-Z0-9_-]+" \ "t:none,\ ctl:ruleRemoveById=951240,\ ctl:ruleRemoveById=953110" # End [ Admin Area ] SecMarker "END-DOKUWIKI-ADMIN" SecMarker "END-DOKUWIKI"