File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# --------------------------------------------------------------- # Imunify360 ModSecurity Rules # Copyright (C) 2021 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # Please see the enclosed IM360-LICENSE.txt file for full details. # --------------------------------------------------------------- # Imunify360 ModSecurity Spam Ruleset #Track POST requests for optimization # WordPress web spammers track SecRule REQUEST_METHOD "!@rx ^POST$" "id:77316866,phase:2,pass,severity:5,t:none,nolog,skipAfter:MARKER_SPAM_POST,tag:'noshow'" SecRule REQUEST_METHOD "@streq POST" "id:33309,chain,phase:2,pass,log,severity:5,t:none,msg:'IM360 WAF: Tracking WordPress comments||AUTH:%{ARGS.author}||T:APACHE||MAIL:%{ARGS.email}||MTD:%{tx.0}||',tag:'service_bruteforce',tag:'service_i360',tag:'noshow'" SecRule REQUEST_FILENAME "@endsWith wp-comments-post.php" "chain,t:none" SecRule ARGS:author "!@rx ^$" "chain,t:none" SecRule ARGS:email "!@rx ^$" "chain,t:none" SecRule ARGS:comment "!@rx ^$" "capture,t:sha1,t:hexEncode" # WordPress web spammers RBL block SecRule REQUEST_METHOD "@streq POST" "chain,phase:2,id:33318,auditlog,block,severity:2,t:none,msg:'IM360 WAF: Block WordPress spammers||AUTH:%{ARGS.author}||T:APACHE||MAIL:%{ARGS.email}||MTD:%{tx.0}||',tag:'service_bruteforce',tag:'service_i360'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@endsWith wp-comments-post.php" "chain,t:none" SecRule ARGS:author "!@rx ^$" "chain,t:none" SecRule ARGS:email "!@rx ^$" "chain,t:none" SecRule ARGS:comment "!@rx ^$" "capture,chain,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "t:none,chain" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # Joomla web spammers track SecRule REQUEST_METHOD "@rx ^POST$" "chain,phase:2,id:33319,log,pass,severity:5,t:none,msg:'IM360 WAF: Tracking Joomla contact message||T:APACHE||',tag:'service_bruteforce',tag:'service_i360',tag:'noshow'" SecRule ARGS:Itemid|ARGS:id "@rx \d+" "chain,t:none,t:urlDecodeUni" SecRule ARGS:option "@streq com_contact" "chain,t:none,t:urlDecodeUni" SecRule ARGS:task|ARGS:view "@contains contact" "t:none,t:urlDecodeUni" # Joomla web spammers RBL block SecRule REQUEST_METHOD "@rx ^POST$" "chain,phase:2,id:33320,log,block,severity:2,t:none,msg:'IM360 WAF: Block Joomla spammers||T:APACHE||',tag:'service_bruteforce',tag:'service_i360'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule ARGS:Itemid|ARGS:id "@rx \d+" "chain,t:none" SecRule ARGS:option "@streq com_contact" "chain,t:none" SecRule ARGS:task|ARGS:view "@contains contact" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # Joomla registration web spammers RBL track SecRule REQUEST_METHOD "@rx ^POST$" "id:33321,chain,phase:2,pass,log,severity:5,t:none,msg:'IM360 WAF: Track Joomla registration||AUTH:%{ARGS.jform[user_name]}||T:APACHE||MAIL:%{ARGS.jform[email1]}||MTD:%{tx.0}||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@pm index.php /component/users/" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS:task|ARGS:view "@rx (?:^registration|user\.login)" "chain,t:none,t:urlDecodeUni" SecRule ARGS:option "@streq com_users" "t:none,t:urlDecodeUni" # Joomla registration web spammers RBL block SecRule REQUEST_METHOD "@rx ^POST$" "chain,id:33322,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block Joomla registration spam||T:APACHE||MTD:%{tx.0}||',tag:'joomla_core'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_URI "@pm index.php /component/users/" "chain,t:none,t:normalizePath" SecRule ARGS:task|ARGS:view "@rx (?:^registration|user\.login)" "chain,t:none" SecRule ARGS:option "@streq com_users" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # Joomla contact form web spammers RBL track SecRule REQUEST_FILENAME "@rx class\.phpmailer\.php" "id:33323,chain,phase:2,pass,log,severity:5,t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,msg:'IM360 WAF: Track Joomla contact form spam||T:APACHE||',tag:'service_bruteforce',tag:'service_i360',tag:'noshow'" SecRule REQUEST_METHOD "@rx ^POST$" "t:none,t:urlDecode" # Joomla registration web spammers RBL block SecRule REQUEST_FILENAME "@rx class\.phpmailer\.php" "id:33324,chain,msg:'IM360 WAF: Block Joomla contact form spam||T:APACHE||',block,severity:2,log,t:none,t:normalizePath,t:lowercase,phase:2,tag:'service_bruteforce',tag:'service_i360'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_METHOD "@rx ^POST$" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-1103 SecRule REQUEST_COOKIES_NAMES:/^PrestaShop/ "!@rx ^$" "id:77140777,chain,block,log,severity:2,t:none,msg:'IM360 WAF: Block spam Customer Account in PrestaShop||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_i360custom'" SecRule ARGS:lastname|ARGS:firstname "@pm www http" "t:none,t:lowercase,t:urlDecodeUni" # DEFA-1103 SecRule REQUEST_COOKIES_NAMES:/^PrestaShop/ "!@rx ^$" "id:77140778,chain,pass,severity:2,t:none,msg:'IM360 WAF: Block spam Customer Account in PrestaShop||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_i360custom'" SecRule ARGS:lastname|ARGS:firstname "!@rx ^[^0-9!\[\]<>,;?=+()@#\"{}_$%:\/\\\*\^]*$" "t:none,t:urlDecodeUni" # Block DrupalJoomla spammers SecRule REQUEST_URI|ARGS_NAMES|ARGS:submit|ARGS:jtxf "@rx (Post\sComment|v2\/comments[^\/]{0,108}content|comment_body\[|JCommentsAddComment)" "id:77140835,phase:request,auditlog,block,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Block Drupal/Joomla spammers||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:WP_DRUPAL_JOOMLA_COMMENT||',tag:'service_i360custom',chain" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "t:none,chain" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # Track Drupal, Joomla spammers SecRule REQUEST_URI|ARGS_NAMES|ARGS:submit|ARGS:jtxf "@rx (Post\sComment|v2\/comments[^\/]{0,108}content|comment_body\[|JCommentsAddComment)" "id:77140736,phase:request,pass,log,severity:5,t:none,t:urlDecodeUni,t:normalizePath,msg:'IM360 WAF: WP/DRUPAL/JOOMLA comments analysis||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:WP_DRUPAL_JOOMLA_COMMENT||',tag:'service_i360custom',tag:'noshow'" # DEFA-2539 SecRule REQUEST_URI "@rx \/\.index\.php\/component\/users\/" "chain,id:77141080,t:none,t:urlDecodeUni,t:normalizePath,msg:'IM360 WAF: Joomla! spam detection||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,pass,log,t:none,severity:2,tag:'joomla_core'" SecRule ARGS:task "@streq user.login" "chain,t:none,t:urlDecodeUni" SecRule REQUEST_HEADERS:Referer "@rx \/component\/users\/\?view=login" "t:none,t:urlDecodeUni,t:normalizePath" # DEFA-2541 SecRule REQUEST_METHOD "@rx ^POST$" "id:77141093,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam via admin-ajax.php||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'wp_core'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" "chain,t:none,t:normalizePath" SecRule &REQUEST_HEADERS:Referer "@eq 0" "chain,t:none" SecRule &REQUEST_HEADERS:User-Agent "@eq 0" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-2579 SecRule REQUEST_METHOD "@rx ^POST$" "id:77141094,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam in PrestaShop||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'other_apps'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@endsWith /sendtoafriend_ajax.php" "chain,t:none,t:normalizePath,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-2578 SecRule REQUEST_METHOD "@rx ^POST$" "id:77141095,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam in PrestaShop||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'other_apps'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@pm /contact /contattaci /component/jcomments/" "chain,t:none,t:normalizePath,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-2612 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142097,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam via contactform for WordPress||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'wp_core'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_URI "@rx \/wp-json\/contact-form-7\/v\d\/contact-forms\/\d{1,3}\/feedback" "chain,t:none,t:normalizePath,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-2613 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142098,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam in Joomla virtuemart||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@contains /index.php" "chain,t:none,t:normalizePath" SecRule ARGS:page "@contains shop." "chain,t:none" SecRule ARGS:option "@streq com_virtuemart" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-2578 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142113,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam PrestaShop||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_i360custom'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule ARGS:controller "@contains contact" "chain,t:none" SecRule ARGS:id_contact "!@rx ^$" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # Track spam PrestaShop DEFA-2724 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142135,chain,pass,log,t:none,severity:5,msg:'IM360 WAF: Track spam PrestaShop||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_i360custom',tag:'noshow'" SecRule ARGS:controller "@contains contact" "chain,t:none,t:urlDecodeUni" SecRule ARGS:id_contact "@rx \d+" "t:none,t:urlDecodeUni" # DEFA-2624 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142114,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam in Joomla admin page||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@contains /administrator/index.php" "chain,t:none,t:normalizePath" SecRule &REQUEST_HEADERS:Referer "@eq 0" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-2647 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142116,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam in Magento||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'other_apps'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_URI "@contains /customer/account/createpost" "chain,t:none,t:normalizePath,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # Track spam in Magento DEFA-2724 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142136,chain,log,pass,t:none,severity:5,msg:'IM360 WAF: Track spam in Magento||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'other_apps',tag:'noshow'" SecRule REQUEST_URI "@contains /customer/account/createpost" "t:none,t:urlDecodeUni,t:normalizePath" # Track WordPress registration flood DEFA-2724 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142137,chain,pass,log,severity:5,t:none,msg:'IM360 WAF: Track WordPress registration flood||T:APACHE||',tag:'wp_core',tag:'noshow'" SecRule REQUEST_URI "@contains wp-login.php" "chain,t:none,t:urlDecodeUni" SecRule ARGS:action "@contains register" "t:none,t:urlDecodeUni" # Track spam in Joomla virtuemart DEFA-2724 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142134,chain,pass,log,t:none,severity:5,msg:'IM360 WAF: Track spam in Joomla virtuemart||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core',tag:'noshow'" SecRule REQUEST_FILENAME "@contains /index.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS:page "@contains shop." "chain,t:none,t:urlDecodeUni" SecRule ARGS:option "@streq com_virtuemart" "t:none" # DEFA-2802 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142187,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Block spam via newsletter||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'wp_plugin'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@contains /newsletter/subscriber/new/" "chain,t:none,t:normalizePath" SecRule &ARGS:email "@gt 0" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-2802 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142188,chain,phase:2,pass,log,severity:5,t:none,t:normalizePath,msg:'IM360 WAF: Track spam via newsletter||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'wp_plugin',tag:'noshow'" SecRule REQUEST_FILENAME "@contains /newsletter/subscriber/new/" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule &ARGS:email "@gt 0" "t:none,t:urlDecodeUni" # Track spam in PrestaShop SecRule REQUEST_METHOD "@rx ^POST$" "id:77142191,chain,pass,t:none,severity:2,msg:'IM360 WAF: Track spam in PrestaShop||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'other_apps'" SecRule REQUEST_FILENAME "@endsWith /sendtoafriend_ajax.php" "t:none,t:urlDecodeUni,t:normalizePath" # Track spam attempts SecRule REQUEST_METHOD "@rx ^POST$" "id:77142192,chain,pass,t:none,severity:5,msg:'IM360 WAF: Track spam attempts||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'other_apps',tag:'noshow'" SecRule REQUEST_FILENAME "@pm /contact /contattaci /component/jcomments/" "t:none,t:urlDecodeUni,t:normalizePath" # Track spam in Joomla admin page SecRule REQUEST_METHOD "@rx ^POST$" "id:77142193,chain,pass,t:none,severity:2,msg:'IM360 WAF: Track spam in Joomla admin page||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule REQUEST_FILENAME "@contains /administrator/index.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule &REQUEST_HEADERS:Referer "@eq 0" "t:none" # DEFA-2969 SecRule REQUEST_METHOD "@rx ^POST$" "id:77142221,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam via Avia Layaut Builder generated forms||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_i360'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule ARGS_NAMES "@rx avia_\d" "chain,t:none" SecRule ARGS_NAMES "@rx avia_generated_form" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-3015 SecRule REQUEST_METHOD "@streq post" "chain,id:77142238,deny,log,phase:2,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Spam prevention via contact form||T:APACHE||E-mail=%{ARGS.wb_input_1}||',tag:'service_i360custom'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_HEADERS:Content-Type "@contains multipart/form-data" "chain,t:none,t:lowercase" SecRule REQUEST_FILENAME "@contains contact" "chain,t:none,t:normalizePath" SecRule &ARGS:wb_input_1 "@gt 0" "chain,t:none" SecRule &ARGS:wb_input_2 "@gt 0" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-3015 SecRule REQUEST_METHOD "@streq post" "chain,id:77142239,deny,log,phase:2,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Spam prevention via contact form||T:APACHE||E-mail=%{ARGS.field_1}||',tag:'service_i360custom'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_FILENAME "@contains contact" "chain,t:none,t:normalizePath" SecRule &ARGS:field_1 "@gt 0" "chain,t:none" SecRule &ARGS:field_2 "@gt 0" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-3015 SecRule REQUEST_METHOD "@streq post" "chain,id:77142240,deny,log,phase:2,severity:2,t:none,t:lowercase,msg:'IM360 WAF: Spam prevention via contact form||T:APACHE||E-mail=%{ARGS.field5.1[email][]}||',tag:'service_i360custom'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule REQUEST_HEADERS:Content-Type "@contains multipart/form-data" "chain,t:none,t:lowercase" SecRule REQUEST_FILENAME "@contains /component/com_redform" "chain,t:none,t:normalizePath" SecRule &ARGS:field5.1[email][] "@gt 0" "chain,t:none" SecRule &ARGS:field6.1[textarea] "@gt 0" "chain,t:none,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-3114 SecRule REQUEST_METHOD "@rx ^POST$" "id:77316718,chain,pass,t:none,severity:5,msg:'IM360 WAF: Block spam in Joomla||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core',tag:'noshow'" SecRule ARGS:option "@contains com_rscomments" "t:none,t:urlDecodeUni,t:normalizePath" # DEFA-3114 SecRule REQUEST_METHOD "@rx ^POST$" "id:77316719,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam in Joomla||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule ARGS:option "@contains com_rscomments" "chain,t:none,t:normalizePath,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-3114 SecRule REQUEST_METHOD "@rx ^POST$" "id:77316720,chain,pass,t:none,severity:5,msg:'IM360 WAF: Block spam in Joomla||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core',tag:'noshow'" SecRule ARGS:controller "@contains com_contact" "t:none,t:urlDecodeUni,t:normalizePath" # DEFA-3114 SecRule REQUEST_METHOD "@rx ^POST$" "id:77316721,chain,block,t:none,severity:2,msg:'IM360 WAF: Block spam in Joomla||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'joomla_core'" SecRule TX:rbl_whitelist_check "!@eq 1" "chain,t:none" SecRule ARGS:controller "@contains com_contact" "chain,t:none,t:normalizePath,setvar:tx.rbl_perf=1" SecRule TX:RBL_IP "@rbl web-spammers.v2.rbl.imunify.com." "chain,t:none" SecRule TX:RBL_IP "!@rbl nxdomain.v2.rbl.imunify.com." "t:none" # DEFA-3987 SecMarker MARKER_SPAM_POST
Simpan