File Manager
Upload
Current Directory: /home/lartcid/public_html/journal.lartc.id
[Back]
..
[Open]
Hapus
Rename
.htaccess
[Edit]
Hapus
Rename
.well-known
[Open]
Hapus
Rename
README.md
[Edit]
Hapus
Rename
api
[Open]
Hapus
Rename
cache
[Open]
Hapus
Rename
cgi-bin
[Open]
Hapus
Rename
classes
[Open]
Hapus
Rename
config.TEMPLATE.inc.php
[Edit]
Hapus
Rename
config.inc.php
[Edit]
Hapus
Rename
controllers
[Open]
Hapus
Rename
cypress.json
[Edit]
Hapus
Rename
dbscripts
[Open]
Hapus
Rename
docs
[Open]
Hapus
Rename
error_log
[Edit]
Hapus
Rename
favicon.ico
[Edit]
Hapus
Rename
index.php
[Edit]
Hapus
Rename
js
[Open]
Hapus
Rename
lib
[Open]
Hapus
Rename
locale
[Open]
Hapus
Rename
mini.php
[Edit]
Hapus
Rename
pages
[Open]
Hapus
Rename
php.ini
[Edit]
Hapus
Rename
plugins
[Open]
Hapus
Rename
public
[Open]
Hapus
Rename
registry
[Open]
Hapus
Rename
scheduledTaskLogs
[Open]
Hapus
Rename
schemas
[Open]
Hapus
Rename
styles
[Open]
Hapus
Rename
templates
[Open]
Hapus
Rename
tools
[Open]
Hapus
Rename
Edit File
# --------------------------------------------------------------- # Imunify360 ModSecurity Rules # Copyright (C) 2021 CloudLinux Inc All right reserved # The Imunify360 ModSecurity Rules is distributed under # IMUNIFY360 LICENSE AGREEMENT # Please see the enclosed IM360-LICENSE.txt file for full details. # --------------------------------------------------------------- # WORDPRESS INITIATE # Track login SecRule REQUEST_METHOD "@rx ^POST$" "id:33308,chain,phase:3,pass,log,severity:5,t:none,msg:'IM360 WAF: Successfull WordPress login||Name:%{ARGS.log}||Log:%{ARGS.log}||Time:%{TIME}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow',tag:'im360_req_post'" SecRule RESPONSE_STATUS "@streq 302" "chain,t:none" SecRule REQUEST_BASENAME "@streq wp-login.php" "chain,t:none" SecRule RESPONSE_HEADERS:Set-Cookie "@rx ^wordpress_logged_in_" "t:none,initcol:ip=%{REMOTE_ADDR},setvar:ip.wp_logged_in=1,expirevar:ip.wp_logged_in=600,setvar:ip.wp_auto_install=1,expirevar:ip.wp_auto_install=5" # Track get action SecRule REQUEST_URI "@rx \/wp-admin\/(?:update)|(?:plugin|theme)-(?:install|editor)\.php" "id:77316804,chain,pass,log,severity:5,t:none,t:normalizePath,msg:'IM360 WAF: WordPress plugin/theme install or edit. Track get action||URI:%{REQUEST_URI}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_get'" SecRule REQUEST_HEADERS:Referer "@contains /wp-admin/" "chain,t:none,t:normalizePath" SecRule REQUEST_METHOD "^GET$" "chain,t:none" SecRule IP:wp_logged_in "@eq 1" "t:none,initcol:ip=%{REMOTE_ADDR},setvar:ip.wp_get_req=1,expirevar:ip.wp_get_req=600" # Track get action SecRule REQUEST_URI "@rx \/wp-admin\/(plugin|theme)-(install|editor)\.php" "id:77316917,chain,pass,log,severity:5,t:none,t:normalizePath,msg:'IM360 WAF: WordPress plugin/theme install or edit. Track get action||URI:%{REQUEST_URI}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_get'" SecRule ARGS:tab "@streq upload" "chain,t:none" SecRule REQUEST_METHOD "^GET$" "chain,t:none" SecRule IP:wp_logged_in "@eq 1" "t:none,initcol:ip=%{REMOTE_ADDR},setvar:ip.wp_get_req=1,expirevar:ip.wp_get_req=600" # SecRule REQUEST_FILENAME "@endsWith /wp-admin/update.php" "chain,id:77350110,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: WordPress plugin/theme auto install block||Name:%{tx.log_cookie_350110}||Hash:%{tx.log_cookie_sha_350110}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||Logged:%{IP.wp_logged_in}||T:APACHE||',tag:'wp_core'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx upload-(?:plugin|theme)" "chain,t:none" SecRule IP:wp_auto_install "@eq 1" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_350110=%{TX.1}" SecRule TX:log_cookie_350110 "!@rx ^$" "t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha_350110=%{MATCHED_VAR}" # MALICIOUS PLUGIN/THEME INSTALL # Track upload SecRule REQUEST_FILENAME "@endsWith /wp-admin/update.php" "id:77316759,chain,pass,log,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: WordPress plugin/theme install. Track upload||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx upload-(plugin|theme)" "t:none,t:lowercase,setvar:TX.wp_plugin_upload=1" # Block malicious upload SecRule TX:wp_plugin_upload "@eq 1" "id:77316805,chain,block,log,phase:2,severity:2,t:none,initcol:ip=%{REMOTE_ADDR},msg:'IM360 WAF: WordPress plugin/theme install. Block malicious upload||Name:%{tx.log_cookie_316805}||Hash:%{tx.log_cookie_sha_316805}||Time:%{TIME}||Addr:%{REMOTE_ADDR};login:%{IP.wp_logged_in};get:%{IP.wp_get_req};upl:%{TX.wp_plugin_upload}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core'" SecRule IP:wp_logged_in "@eq 1" "chain,t:none" SecRule &IP:wp_get_req "@eq 0" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_316805=%{TX.1}" SecRule TX:log_cookie_316805 "!@rx ^$" "t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha_316805=%{MATCHED_VAR}" # Automatic plugin installation w/o referer SecRule REQUEST_FILENAME "@endsWith /wp-admin/update.php" "id:77350099,chain,pass,log,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: WordPress plugin/theme install. Track referer||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx upload-(plugin|theme)" "chain,t:none" SecRule REQUEST_HEADERS:Referer "!@contains /wp-admin/plugin-install.php?tab=upload" "t:none,t:normalizePath" # WP THEME INJECTION (TIMING & BEHAVIOUR) # Track theme edit SecRule REQUEST_URI "@rx \/wp-admin\/(?:admin-ajax|theme-editor)\.php" "id:77316868,chain,pass,log,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: WordPress theme edit. Track edit||File:%{ARGS.file}||Theme:%{ARGS.theme}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:action "@rx edit-theme-plugin-file" "t:none,t:lowercase,setvar:TX.wp_theme_edit=1" # Block theme injection SecRule TX:wp_theme_edit "@eq 1" "id:77316869,chain,block,log,phase:2,severity:2,t:none,initcol:ip=%{REMOTE_ADDR},msg:'IM360 WAF: WordPress theme edit. Block malicious injection||Name:%{tx.log_cookie_316869}||Hash:%{tx.log_cookie_sha_316869}||Time:%{TIME}||Addr:%{REMOTE_ADDR};login:%{IP.wp_logged_in};get:%{IP.wp_get_req};edit:%{TX.wp_theme_edit}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core'" SecRule IP:wp_logged_in "@eq 1" "chain,t:none" SecRule &IP:wp_get_req "@eq 0" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_316869=%{TX.1}" SecRule TX:log_cookie_316869 "!@rx ^$" "t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha_316869=%{MATCHED_VAR}" # BLOCK EMPTY REFERER SecRule TX:wp_plugin_upload|TX:wp_theme_edit "@eq 1" "id:77316819,chain,block,log,phase:2,severity:2,t:none,msg:'IM360 WAF: WordPress plugin/theme install or edit. Block empty Referer||Name:%{tx.log_cookie_316819}||Hash:%{tx.log_cookie_sha_316819}||Theme install:%{FILES.themezip}||Theme:%{ARGS.theme}||Plugin:%{FILES.pluginzip}||File:%{ARGS.file}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core'" SecRule &REQUEST_HEADERS:Referer "@eq 0" "chain,t:none" SecRule REQUEST_COOKIES:/wordpress_logged_in_/ "@rx ^([^\|]+)\|" "chain,t:none,t:urlDecode,capture,setvar:tx.log_cookie_316819=%{TX.1}" SecRule TX:log_cookie_316819 "!@rx ^$" "t:none,t:urlDecode,t:sha1,t:hexEncode,capture,setvar:tx.log_cookie_sha_316819=%{MATCHED_VAR}" # TRACK WORDPRESS THEME/PLUGIN ACTIVITY SecRule REQUEST_METHOD "@rx ^POST$" "id:77316925,chain,pass,log,t:none,severity:7,msg:'IM360 WAF: WordPress theme/plugin activity track||File:%{ARGS.file}||MVN:%{MATCHED_VAR_NAME}||Action:%{ARGS.action}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_FILENAME "@rx \/wp-admin\/(?:admin-ajax|theme-editor|plugin-install)\.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule ARGS:action "@rx (?:edit-theme-plugin-file|update|(?:upload|install-(?:plugin|theme)))" SecRule REQUEST_METHOD "@rx ^POST$" "id:77316926,chain,pass,log,t:none,severity:7,msg:'IM360 WAF: WordPress theme/plugin activity track||File:%{ARGS.file}||MVN:%{MATCHED_VAR_NAME}||Action:%{ARGS.action}||Theme:%{FILES.themezip}||Plugin:%{FILES.pluginzip}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_FILENAME "@rx \/wp-admin\/(?:admin-ajax|theme-editor|plugin-install)\.php" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule REQUEST_HEADERS:Referer "@rx action=(?:edit-theme-plugin-file|update|(?:upload|install-(?:plugin|theme)))" # DATABASE INJECTION # Block by suspicious domains SecRule REQUEST_METHOD "@rx POST" "id:77316844,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Block by known DB injection domain||Type:%{REQUEST_HEADERS.Content-Type}||Injection:%{ARGS}||Endpoint:%{REQUEST_URI}||Matched:%{MATCHED_VAR}||User:%{SCRIPT_USERNAME}||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'wp_core',tag:'im360_req_post'" SecRule ARGS "@pmFromFile bl_db_domains" "t:none" # Track suspicious injections SecRule REQUEST_METHOD "@rx POST" "id:77316843,chain,phase:2,pass,log,severity:5,t:none,msg:'IM360 WAF: Track by known DB injection entry||Injection:%{ARGS}||Endpoint:%{REQUEST_URI}||MVN:%{MATCHED_VAR_NAME}||Matched:%{MATCHED_VAR}||User:%{SCRIPT_USERNAME}||SC:%{SCRIPT_FILENAME}||T:APACHE||',tag:'wp_core',tag:'noshow',tag:'im360_req_post'" SecRule ARGS "@rx <\?php|<embed|<iframe|<object|<script|fromCharCode|setInterval|setTimeout" "t:none,t:urlDecodeUni" SecRule REQUEST_METHOD "POST" "id:77350050,chain,phase:2,pass,log,severity:5,t:none,t:lowercase,t:normalizePath,msg:'IM360 WAF: Track file upload in WordPress||T:APACHE||MV:%{MATCHED_VAR}||',tag:'wp_plugin',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_FILENAME "@contains /wp-admin/async-upload.php" "chain,t:none,t:normalizePath" SecRule REQUEST_HEADERS:Referer "@contains /wp-admin/media-new.php" "chain,t:none,t:normalizePath" SecRule FILES "!@rx ^$" SecRule REQUEST_METHOD "POST" "id:77350051,chain,phase:2,pass,log,severity:5,t:none,t:lowercase,t:normalizePath,msg:'IM360 WAF: Track file upload in WordPress||T:APACHE||MV:%{MATCHED_VAR}||',tag:'wp_plugin',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_FILENAME "@contains /wp-admin/async-upload.php" "chain,t:none,t:normalizePath" SecRule REQUEST_HEADERS:Referer "!@contains /wp-admin/media-new.php" "chain,t:none,t:normalizePath" SecRule FILES "!@rx ^$" # DEFA-4817 # Track login SecRule REQUEST_METHOD "^POST$" "id:77350084,chain,pass,log,phase:3,severity:5,t:none,msg:'IM360 WAF: Joomla CMS administrator login||%{REQUEST_HEADERS.Host}||T:APACHE||',tag:'service_i360',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_FILENAME "@contains administrator/index.php" "chain,t:none,t:normalizePath,t:lowercase" SecRule ARGS:username "!@rx ^$" "chain,t:none" SecRule ARGS:passwd "!@rx ^$" "chain,t:none" SecRule ARGS:option "^com_login$" "chain,t:none" SecRule RESPONSE_STATUS "@streq 302" "t:none,initcol:ip=%{REMOTE_ADDR},setvar:ip.jml_logged_in=1,expirevar:ip.jml_logged_in=600,setvar:ip.jml_auto_install=1,expirevar:ip.jml_auto_install=3" # Track get action SecRule REQUEST_URI "@contains /administrator/index.php" "id:77350085,chain,pass,log,severity:5,t:none,t:normalizePath,msg:'IM360 WAF: Joomla plugin install. Track get action||URI:%{REQUEST_URI}||T:APACHE||',tag:'service_i360',tag:'noshow',tag:'im360_req_get'" SecRule REQUEST_METHOD "^GET$" "chain,t:none" SecRule ARGS:option "com_installer" "chain,t:none" SecRule IP:jml_logged_in "@eq 1" "t:none,initcol:ip=%{REMOTE_ADDR},setvar:ip.jml_get_req=1,expirevar:ip.jml_get_req=600" # Track upload SecRule REQUEST_FILENAME "@contains /administrator/index.php" "id:77350086,chain,pass,log,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: Joomla plugin install. Track upload||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow',tag:'im360_req_post'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:option "com_installer" "chain,t:none" SecRule ARGS:task "@rx install" "t:none,t:lowercase,setvar:TX.jml_plugin_upload=1" # Block malicious upload SecRule TX:jml_plugin_upload "@eq 1" "id:77350087,chain,block,log,phase:2,severity:5,t:none,initcol:ip=%{REMOTE_ADDR},msg:'IM360 WAF: Joomla plugin install. Block malicious upload||Time:%{TIME}||Addr:%{REMOTE_ADDR};login:%{IP.jml_logged_in};get:%{IP.jml_get_req};upl:%{TX.jml_plugin_upload}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360'" SecRule IP:jml_logged_in "@eq 1" "chain,t:none" SecRule &IP:jml_get_req "@eq 0" "t:none" # DEFA-4817 SecRule REQUEST_METHOD "@rx ^GET$" "chain,id:77350105,pass,log,phase:3,severity:5,t:none,msg:'IM360 WAF: Search of installed plugins track||search:%{ARGS.s}||Time:%{TIME}||Addr:%{REMOTE_ADDR};login:%{IP.wp_logged_in};get:%{IP.wp_get_req}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@contains /wp-admin/plugin-install.php" "chain,t:none,t:normalizePath" SecRule &ARGS:s "@gt 0" "chain,t:none" SecRule ARGS:tab "@streq search" "t:none" # SecRule REQUEST_METHOD "^GET$" "chain,id:77350106,pass,log,phase:3,severity:5,t:none,msg:'IM360 WAF: WordPress plugin activity track||plugin:%{ARGS.plugin}||Time:%{TIME}||Addr:%{REMOTE_ADDR};login:%{IP.wp_logged_in};get:%{IP.wp_get_req};||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@contains wp-admin/update.php" "chain,t:none,t:normalizePath" SecRule ARGS:action "@rx (?:install|upgrade)-plugin" "t:none" # SecRule REQUEST_METHOD "^GET$" "chain,id:77350107,pass,log,phase:3,severity:5,t:none,msg:'IM360 WAF: WordPress plugin activation attempt||plugin:%{ARGS.plugin}||Time:%{TIME}||Addr:%{REMOTE_ADDR};login:%{IP.wp_logged_in};get:%{IP.wp_get_req};edit:%{TX.wp_theme_edit}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@contains /wp-admin/plugins.php" "chain,t:none,t:normalizePath" SecRule ARGS:action "@streq activate" "chain,t:none" SecRule &ARGS:plugin "@gt 0" "t:none" # SecRule REQUEST_METHOD "POST" "chain,id:77350108,pass,log,phase:3,severity:5,t:none,msg:'IM360 WAF: File upload using WordPress file manager||MV:%{MATCHED_VAR}||Time:%{TIME}||Addr:%{REMOTE_ADDR};login:%{IP.wp_logged_in};get:%{IP.wp_get_req};||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@contains /wp-admin/admin-ajax.php" "chain,t:none,t:normalizePath" SecRule ARGS:action "@contains mk_file_folder_manager" "chain,t:none" SecRule ARGS:cmd "@streq upload" "chain,t:none" SecRule ARGS:target "@contains l1_Lw" "t:none" # SecRule REQUEST_FILENAME "@contains /administrator/index.php" "chain,id:77350111,pass,log,severity:5,t:none,t:normalizePath,t:lowercase,msg:'IM360 WAF: Joomla plugin install. Track upload time||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule ARGS:option "com_installer" "chain,t:none" SecRule ARGS:task "@rx install" "chain,t:none" SecRule IP:jml_auto_install "@eq 1" # DEFA-4817 SecRule ARGS:form_build_id "@beginsWith form-" "id:77350112,chain,pass,log,phase:3,severity:5,t:none,initcol:ip.%{REMOTE_ADDR},setvar:ip.drp_logged=1,expirevar:ip.drp_logged=600,setvar:ip.drp_auto_install=1,expirevar:ip.drp_auto_install=3,msg:'IM360 WAF: Drupal CMS successful login attempt||%{REQUEST_HEADERS.Host}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_METHOD "^POST$" "chain,t:none" SecRule RESPONSE_STATUS "@rx ^302$" "chain,t:none" SecRule ARGS:name "!@rx ^$" "chain,t:none" SecRule ARGS:pass "!@rx ^$" "chain,t:none" SecRule ARGS:form_id "!@rx ^$" "t:none" # SecRule REQUEST_METHOD "@rx ^GET$" "chain,id:77350113,pass,log,phase:2,severity:5,t:none,msg:'Drupal Theme/Module Install Track||Time:%{TIME}||Addr:%{REMOTE_ADDR}||fast_inst:%{IP.drp_auto_install}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@contains /admin/appearance/install" "t:none,t:normalizePath," # SecRule REQUEST_METHOD "@rx ^POST$" "chain,id:77350114,pass,log,phase:2,severity:5,t:none,msg:'Drupal Theme/Module Install Track||Time:%{TIME}||Addr:%{REMOTE_ADDR}||fast_inst:%{IP.drp_auto_install}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@contains /admin/appearance/install" "chain,t:none,t:normalizePath" SecRule ARGS:form_id "@rx update_manager_install_form" "chain,t:none" SecRule FILES "!@rx ^$" "t:none" # SecRule REQUEST_METHOD "@rx ^GET$" "chain,id:77350115,pass,log,phase:2,severity:5,t:none,msg:'Drupal Theme/Module Install Track||Time:%{TIME}||Addr:%{REMOTE_ADDR}||fast_inst:%{IP.drp_auto_install}||User:%{SCRIPT_USERNAME}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_URI "@contains /authorize.php" "chain,t:none,t:normalizePath" SecRule &ARGS:batch "@gt 0" "chain,t:none" SecRule ARGS:op "@streq start" "t:none" # DEFA-4817 SecRule REQUEST_FILENAME "@contains /admin/" "id:77350116,chain,pass,log,phase:3,severity:5,t:none,t:urlDecode,t:normalizePath,t:lowercase,msg:'IM360 WAF: OpenCart CMS successful login||%{REQUEST_HEADERS.Host}||T:APACHE||',tag:'service_i360',tag:'noshow'" SecRule REQUEST_METHOD "@rx ^POST$" "chain,t:none" SecRule ARGS:username "!@rx ^$" "chain,t:none" SecRule ARGS:password "!@rx ^$" "chain,t:none" SecRule RESPONSE_STATUS "@rx ^302$" "t:none,initcol:ip.%{REMOTE_ADDR},setvar:ip.oc_logged=1,expirevar:ip.oc_logged=600,setvar:ip.oc_auto_install=1,expirevar:ip.oc_auto_install=3" # SecRule REQUEST_METHOD "@rx ^POST$" "chain,id:77350117,pass,log,phase:2,severity:5,t:none,msg:'OpenCart Extension Install Track||Time:%{TIME}||Addr:%{REMOTE_ADDR}||logged:%{IP.oc_logged}||fast_inst:%{IP.oc_auto_install}||User:%{SCRIPT_USERNAME}||T:APACHE||'" SecRule REQUEST_URI "@contains /admin/index.php" "chain,t:none,t:normalizePath" SecRule ARGS:route "@contains marketplace/installer/upload" "chain,t:none" SecRule FILES "!@rx ^$" "t:none" # SecRule REQUEST_METHOD "@rx ^GET$" "chain,id:77350118,pass,log,phase:2,severity:5,t:none,msg:'OpenCart Extension Install Track||Time:%{TIME}||Addr:%{REMOTE_ADDR}||logged:%{IP.oc_logged}||fast_inst:%{IP.oc_auto_install}||User:%{SCRIPT_USERNAME}||T:APACHE||'" SecRule REQUEST_URI "@contains /admin/index.php" "chain,t:none,t:normalizePath" SecRule &ARGS:extension_install_id "@gt 0" "chain,t:none" SecRule ARGS:route "@rx marketplace\/installer\/(?:install|unzip|xml|remove|move)" "t:none"
Simpan