File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# --------------------------------------------------------------- # Imunify360 ModSecurity Rules # Copyright (C) 2021 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # Please see the enclosed IM360-LICENSE.txt file for full details. # --------------------------------------------------------------- # Imunify360 ModSecurity Drupal Ruleset SecRule REQUEST_COOKIES_NAMES "@rx ^sess([0-9a-f]{32})$" "id:77209510,msg:'IM360 WAF: Drupal App Initialization||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,capture,pass,setsid:'%{TX.1}',setvar:'SESSION.drupal=1',expirevar:'SESSION.drupal=300',nolog,t:none,t:lowercase,severity:5,tag:'service_gen'" SecRule REQUEST_METHOD "@pm GET POST" "id:77231002,chain,msg:'IM360 WAF: Multiple XSS vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal (CVE-2016-1913)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule ARGS:name "@contains <" "chain,t:none,t:urlDecodeUni" SecRule ARGS:q|REQUEST_FILENAME "@pm structure/taxonomy/note_type/ taxonomy/term" "t:none,t:urlDecodeUni,t:normalizePath,t:lowercase" SecRule REQUEST_METHOD "@pm GET POST" "id:77231111,chain,msg:'IM360 WAF: XSS vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal (CVE-2015-5495)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule REQUEST_URI|REQUEST_FILENAME|ARGS:q "@contains /admin/structure/menu/" "chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase" SecRule ARGS:link_title "@contains <" "t:none,t:urlDecodeUni,t:htmlEntityDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77231151,chain,msg:'IM360 WAF: XSS vulnerability in the EntityBulkDelete module 7.x-1.0 for Drupal (CVE-2015-4386)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule ARGS:q|ARGS:destination|REQUEST_FILENAME "@pm node/add/article node node/add/page" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS:form_id "@pm page_node_form article_node_form" "chain,t:none" SecRule ARGS:title|ARGS:field_tags[und] "@contains <" "t:none,t:urlDecodeUni,t:htmlEntityDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77210360,chain,msg:'IM360 WAF: XSS vulnerability in the Webform module 7.x-4.x before 7.x-4.4 for Drupal (CVE-2015-4356)||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule &ARGS:form_build_id "@ge 1" "chain,t:none" SecRule ARGS:form_id "@beginsWith webform_client_form_" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:/submitted\[[\w]*\]/ "@contains <" "t:none,t:urlDecodeUni" SecRule REQUEST_METHOD "@pm GET POST" "id:77231400,chain,msg:'IM360 WAF: XSS vulnerability in the Ajax Timeline module before 7.x-1.1 and Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal (CVE-2015-3392 & CVE-2015-3389)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule ARGS:q|REQUEST_FILENAME "@rx node\/add|node\/\d+\/edit" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:title "@contains <" "t:none,t:urlDecodeUni,t:htmlEntityDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77210370,chain,msg:'IM360 WAF: XSS vulnerability in the Node Access Product module for Drupal (CVE-2015-3386)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule ARGS:form_id "@pm product_node_form views_ui_edit_display_form taxonomy_form_vocabulary taxonomy_form_term" "chain,t:none" SecRule ARGS:q|REQUEST_FILENAME "@rx node\/add|node\/\d+\/edit|admin\/structure\/taxonomy|taxonomy\/term|admin\/structure\/views" "chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase" SecRule ARGS:title|ARGS:name "@contains <" "t:none,t:urlDecodeUni,t:htmlEntityDecode" SecRule REQUEST_METHOD "@pm GET POST" "id:77231960,chain,msg:'IM360 WAF: XSS vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal (CVE-2014-1611)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule ARGS:/^field_anonymous_author/ "@contains <" "chain,t:none,t:urlDecodeUni,t:htmlEntityDecode" SecRule ARGS:q|REQUEST_FILENAME "@rx node\/add|node\/\d+\/edit" "t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS|REQUEST_COOKIES|REQUEST_BODY "@pm exec passthru" "id:77231990,chain,msg:'IM360 WAF: RCE vulnerability in Drupal before 7.58 8.x before 8.3.9 8.4.x before 8.4.6 and 8.5.x before 8.5.1 (CVE-2018-7600 CVE-2018-7602)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,log,t:none,severity:2,tag:'drupal_core'" SecRule ARGS_NAMES|REQUEST_COOKIES_NAMES|REQUEST_BODY "@rx ^(?:\[?[\'\x22]?)?#|(?:\[)(?:[\'\x22]?)?#" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule REQUEST_FILENAME "@rx index\.php$|\/$" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule TX:drupal "@eq 1" "chain" SecRule ARGS:controller "!@streq AdminTranslations" "t:none" SecRule REQUEST_FILENAME "@endsWith xmlrpc.php" "id:77231011,chain,msg:'IM360 WAF: Brute-Force Amplification in Drupal 6.x before 6.38 and 7.x before 7.43 (CVE-2016-3163)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule REQBODY_ERROR "@eq 0" "chain,t:none" SecRule XML://methodName/text() "@contains system.multicall" "chain,t:none,t:lowercase" SecRule &XML://member[*][name='methodName'] "@ge 10" "t:none" # DEFA-2618 SecRule ARGS:pp "@contains =" "id:77241910,chain,msg:'IM360 WAF: Attemp to modify the $_REQUEST superglobal array in the The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal (CVE-2016-3187)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,log,deny,status:403,setvar:'TX.drupal_pp=%{MATCHED_VAR}',t:none,t:urlDecodeUni,severity:2,tag:'drupal_core'" SecRule REQUEST_FILENAME|ARGS:q "@pm node/ /admin/" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule TX:drupal_pp "!@streq %{ARGS:pp}" "t:none,t:urlDecodeUni" SecRule ARGS:_format "@streq hal_json" "id:77232380,chain,msg:'IM360 WAF: Arbitrary code execution vulnerability in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 (CVE-2019-6340)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,severity:2,tag:'drupal_core'" SecRule &TX:drupal "@eq 0" "chain,t:none" SecRule REQUEST_FILENAME "@rx \/node\/\d+$" "chain,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase" SecRule REQUEST_METHOD "@rx ^(?:get|head|options|trace)$" "t:none,t:lowercase" SecRule ARGS:_wrapper_format "@streq drupal_ajax" "id:77232980,chain,msg:'IM360 WAF: RCE vulnerability in Drupal before 7.58 8.x before 8.3.9 8.4.x before 8.4.6 and 8.5.x before 8.5.1 (CVE-2018-7600 CVE-2018-7602)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:lowercase,severity:2,tag:'drupal_core'" SecRule &ARGS:ajax_form "@ge 1" "chain,t:none" SecRule ARGS "@pm exec passthru" "chain,t:none" SecRule REQUEST_FILENAME "@contains user/register" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS "@rx \/[a-z]+\/#value" "t:none,t:urlDecodeUni,t:lowercase" SecRule &ARGS:form_build_id "@ge 1" "id:77232981,chain,msg:'IM360 WAF: Data leakage vulnerability in Drupal before 7.58 8.x before 8.3.9 8.4.x before 8.4.6 and 8.5.x before 8.5.1 (CVE-2018-7600 CVE-2018-7602)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,deny,status:403,log,t:none,severity:2,tag:'drupal_core'" SecRule ARGS:q "@rx ^file\/ajax\/name\/#value\/" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule REQUEST_FILENAME "@rx index\.php$|\/$" "t:none,t:urlDecodeUni,t:lowercase"
Simpan