Mini File Manager

Edit File

# ------------------------------------------------------
# Imunify360 ModSecurity Rules
# Copyright (C) 2024 CloudLinux Inc All right reserved
# The Imunify360 ModSecurity Rules is distributed under
# IMUNIFY360 LICENSE AGREEMENT
# ------------------------------------------------------
# Imunify360 ModSecurity Applications Ruleset

#DEFA-4414
SecRule ARGS:id "@rx select(\x20|\x2f)" "id:77317978,msg:'IM360 WAF: Generic SQL injection in id parameter||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,pass,nolog,auditlog,t:none,t:normalizePath,t:lowercase,severity:5,tag:'other_apps'"

# DEFA-4907
SecRule REQUEST_URI "@contains /modules/bamegamenu/ajax_phpcode.php" "id:77350052,chain,block,t:none,t:normalizePath,severity:2,msg:'IM360 WAF: SQL Injection in Prestashop (CVE-2018-8824)||Code:%{ARGS.code}||T:APACHE||',tag:'service_im360'"
SecRule ARGS:code "@pm delete edit show" "t:none,t:lowercase"

# Rule is used for test purposes. Protects against RCE through CSRF in Magento
SecRule REQUEST_FILENAME "@rx /pub/media/tmp/catalog/product/_/h/\.h\w*" "id:33330,block,log,phase:2,severity:2,t:none,t:urlDecode,t:normalizePath,t:lowercase,ctl:RuleEngine=on,msg:'IM360 WAF: Magento 2.1.6 and below access to uploaded file DC-2017-04-003||T:APACHE||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||',tag:'service_i360custom'"

#WPT-93
SecRule REQUEST_URI "@contains /paypal/ipn.php" "id:77350178,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: SQL Injection Vulnerability in PayPal module for Prestashop 1.5 and 1.6 (CVE-2023-28843)||T:APACHE||MW:%{ARGS:receiver_email}||',tag:'service_im360'"
SecRule ARGS:receiver_email "@rx \);" "t:none"

# WPT-158
SecRule REQUEST_URI "@rx \/cpanelwebcall\/[^<]*<[^\s.]+\s[^=.]+=[^(]+\([^)]+\)" "id:77350202,phase:2,block,log,severity:2,t:none,t:urlDecode,t:compressWhitespace,msg:'IM360 WAF: XSS on the cPanel cpsrvd error page (CVE-2023-29489)||MV:%{REQUEST_URI}||T:APACHE||',tag:'service_im360'"

# WPT-227
SecRule REQUEST_METHOD "@rx POST" "id:77350242,chain,block,log,severity:2,phase:2,t:none,msg:'IM360 WAF: SQLi to file upload vulnerability in SQL manager for PrestaShop (CVE-2023-39526)||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_im360'"
SecRule REQUEST_URI "@rx admin[^\/]+\/index\.php" "chain,t:none,t:normalizePath"
SecRule ARGS:controller "@streq AdminRequestSql" "chain,t:none"
SecRule ARGS:sql "@pm outfile dumpfile" "t:none"

SecRule REQUEST_FILENAME "!@pm /sitemaps robots.txt ai.txt" "id:77350374,chain,phase:2,block,status:429,nolog,auditlog,severity:2,t:none,t:lowercase,t:normalizePath,msg:'IM360 WAF: Scan attempt by malicious crawler||UA:%{REQUEST_HEADERS.User-Agent}||T:APACHE||',tag:'service_im360'"
SecRule REQUEST_HEADERS:User-Agent "!@contains bytedancewebview" "chain,t:none,t:lowercase"
SecRule REQUEST_HEADERS:User-Agent "@pm bytespider claudebot" "t:none,t:lowercase"

SecRule REQUEST_URI "@contains /module/blockwishlist" "id:77350402,chain,phase:2,block,log,severity:2,t:none,msg:'IM360 WAF: Possible SQLi in PrestaShop module (CVE-2022-31101)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_im360'"
SecRule ARGS:order "@rx \w+\([^\)]*\);|and\d\!?=\d" "t:none,t:removeWhitespace"

SecRule REQUEST_FILENAME "@streq /blm.php" "id:77350403,phase:2,block,log,severity:2,t:none,status:403,setvar:'tx.rbl_infectors=1',msg:'IM360 WAF: Possible SQLi in PrestaShop module (CVE-2022-31101)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',tag:'service_im360'"

SecRule REQUEST_FILENAME "@endsWith /install/index.php.bak" "id:77142111,chain,msg:'IM360 WAF: DedeCMS variable coverage leads to getshell (CVE-2015-4553)||MVN:%{MATCHED_VAR_NAME}||MV:%{MATCHED_VAR}||T:APACHE||',phase:2,block,log,t:none,t:urlDecodeUni,t:lowercase,severity:2,tag:'other_apps'"
SecRule ARGS:install_demo_name "@streq ../data/admin/config_update.php" "t:none,t:lowercase"