Gecko [ fernandoquevedodop.com ]

Name	Size	Permission
10_modsecurity_crs_10_config.c...	36.14 KB	-rw-r--r--
999_dreamhost_request_limits.c...	5.18 KB	-rw-r--r--
99_dreamhost_rules.conf	14 KB	-rw-r--r--
99_modsec-crs-setup.conf	31.99 KB	-rw-r--r--
REQUEST-00-LOCAL-WHITELIST.con...	8.83 KB	-rw-r--r--
REQUEST-901-INITIALIZATION.con...	14.37 KB	-rw-r--r--
REQUEST-903.9001-DRUPAL-EXCLUS...	13.24 KB	-rw-r--r--
REQUEST-903.9002-WORDPRESS-EXC...	25.21 KB	-rw-r--r--
REQUEST-903.9003-NEXTCLOUD-EXC...	10.39 KB	-rw-r--r--
REQUEST-903.9004-DOKUWIKI-EXCL...	7.64 KB	-rw-r--r--
REQUEST-905-COMMON-EXCEPTIONS....	1.61 KB	-rw-r--r--
REQUEST-911-METHOD-ENFORCEMENT...	2.91 KB	-rw-r--r--
REQUEST-913-SCANNER-DETECTION....	3.54 KB	-rw-r--r--
REQUEST-920-PROTOCOL-ENFORCEME...	62.98 KB	-rw-r--r--
REQUEST-921-PROTOCOL-ATTACK.co...	20.54 KB	-rw-r--r--
REQUEST-930-APPLICATION-ATTACK...	7.94 KB	-rw-r--r--
REQUEST-931-APPLICATION-ATTACK...	8.72 KB	-rw-r--r--
REQUEST-933-APPLICATION-ATTACK...	32.12 KB	-rw-r--r--
REQUEST-934-APPLICATION-ATTACK...	3.83 KB	-rw-r--r--
REQUEST-942-APPLICATION-ATTACK...	94.3 KB	-rw-r--r--
REQUEST-943-APPLICATION-ATTACK...	5.5 KB	-rw-r--r--
REQUEST-944-APPLICATION-ATTACK...	21.99 KB	-rw-r--r--
REQUEST-949-BLOCKING-EVALUATIO...	7.98 KB	-rw-r--r--
RESPONSE-999-EXCLUSION-RULES-A...	4.03 KB	-rw-r--r--
WPtoolUA.data	318 B	-rw-r--r--
cachefly.ips.data	166 B	-rw-r--r--
crawlers-user-agents.data	786 B	-rw-r--r--
dh_whitelist_ip.data	0 B	-rw-r--r--
fastly.ips.data	189 B	-rw-r--r--
incapsula.ips.data	110 B	-rw-r--r--
java-classes.data	1.78 KB	-rw-r--r--
java-code-leakages.data	264 B	-rw-r--r--
java-errors.data	240 B	-rw-r--r--
lfi-os-files.data	11.44 KB	-rw-r--r--
maxcdn.ips.data	623 B	-rw-r--r--
mod_sec.conf	2.03 KB	-rw-r--r--
modsecurity_46_slr_et_joomla.d...	1.69 KB	-rw-r--r--
modsecurity_46_slr_et_wordpres...	1.69 KB	-rw-r--r--
php-config-directives.data	12.43 KB	-rw-r--r--
php-errors.data	74.21 KB	-rw-r--r--
php-function-names-933150.data	3.33 KB	-rw-r--r--
php-function-names-933151.data	37.21 KB	-rw-r--r--
php-variables.data	610 B	-rw-r--r--
restricted-files.data	3.97 KB	-rw-r--r--
restricted-upload.data	2.45 KB	-rw-r--r--
scanners-headers.data	216 B	-rw-r--r--
scanners-urls.data	418 B	-rw-r--r--
scanners-user-agents.data	1.9 KB	-rw-r--r--
scripting-user-agents.data	717 B	-rw-r--r--
sig_inspect.lua	66.56 KB	-rw-r--r--
spam-mailer.data	84 B	-rw-r--r--
sql-errors.data	4.27 KB	-rw-r--r--
staminus.ips.data	228 B	-rw-r--r--
unix-shell.data	7.65 KB	-rw-r--r--
windows-powershell-commands.da...	7.05 KB	-rw-r--r--

Code Editor : REQUEST-00-LOCAL-WHITELIST.conf

#Whitelist Piwik from RFI checks
SecRule REQUEST_URI "@pm /piwik.php" "id:1001, phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-rfi"

#autodiscover.xml don't block known Mail UAs. Don't want to F2B customers
SecRule REQUEST_HEADERS:User-Agent "@pm Office MacOutlook Android-SAMSUNG-SM-" "id:1002,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

SecRule REQUEST_URI "@pm /autodiscover/autodiscover.xml" "id:1003,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveById=941100-941380"

#wc-ajax exempt from SQLi
SecRule REQUEST_URI "@pm /?wc-ajax" "id:1004,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

# Whitelist for ManageWP Requests
SecRule REQUEST_URI "@pm wp-load.php"  "chain,id:1005,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"
	SecRule ARGS_NAMES "mwprid"

# Wordpress admin-ajax and admin exempt from attack rules.
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "id:1006,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/admin.php" "id:1007,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/post.php" "id:1009,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/options.php" "id:1010,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"
SecRule REQUEST_URI "@pm /wp-admin/edit.php" "id:1015,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-lfi,ctl:ruleRemoveByTag=attack-rfi,ctl:ruleRemoveByTag=attack-rce,ctl:ruleRemoveByTag=attack-generic"

#Wordpress whitelist aliexpress wp plugin
SecRule REQUEST_URI "@pm /wp-json/woocommerce_aliexpress_dropship/" "id:1008,ctl:ruleRemoveById=1990070"

#WordPress WhiteLists vs. RCE
SecRule REQUEST_HEADERS:Referer "@pm /options-general.php" "id:1011, phase:1,pass,ctl:ruleRemoveByTag=attack-rce"
SecRule REQUEST_HEADERS:Referer "@pm /admin.php?page=layerslider&action" "id:1012, phase:1,pass,ctl:ruleRemoveByTag=attack-rce"
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "chain,id:1013,phase:2,pass,ctl:ruleRemovebyTag=attack-rce"
	SecRule ARGS:query "@pm timeout"

SecRule REQUEST_URI "@pm /adm/index.php?sid=" "chain,id:1014,phase:1,pass,ctl:ruleRemovebyTag=attack-lfi"
	 SecRule REQUEST_METHOD "@streq POST"

#WordPress Whitelist vs PHP
SecRule REQUEST_HEADERS:Referer "@pm /wp-admin/admin.php?page=gf_edit_forms" "id:1016, phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
SecRule ARGS_NAMES "@pm jform[" "id:1017, phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
SecRule REQUEST_HEADERS:User-Agent "@pm SFDC-Callout/" "id:1018, phase:1, pass , ctl:ruleRemoveByTag=attack-xss"
SecRule ARGS_NAMES "@pm mepr-emails" "id:1019, phase:1, pass, ctl:ruleRemoveByTag=attack-xss"

#Moodle WhiteList AutoSave from XSS
SecRule REQUEST_URI "@pm /lib/editor/atto/autosave-ajax.php" "chain,id:1020,phase:1,pass,ctl:ruleRemoveByTag=attack-xss"
	SecRule REQUEST_METHOD "@streq POST"

#Oxygen Editor WhiteList
SecRule REQUEST_URI "@pm ct_save_components_tree" "chain,id:1021,phase:1,allow,ctl:ruleEngine=Off"
	SecRule REQUEST_METHOD "@streq POST"

#WordPress PHP Injection in editor
SecRule REQUEST_URI "@pm /wp-admin/admin-ajax.php" "id:1022,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-injection-php"

SecRule REQUEST_URI "@pm /update-zone" "id:1023,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli"

#WordPress Contact Form 7 Whitelist
SecRule REQUEST_URI "@pm /wp-json/contact-form-7" "id:1024,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-injection-php"

#Joomla Whitelist administrator page /administrator/index.php
SecRule REQUEST_URI "@pm /administrator/index.php" "id:1025,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-rce"

#Opencart whitelist administrator page
SecRule REQUEST_URI "@pm /admin/index.php" "id:1026,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-rce"

#Mercurial Repo whitelist publishing
SecRule REQUEST_URI "@pm /hgweb.cgi" "id:1027,phase:1,pass,nolog,ctl:ruleEngine=Off"

#ProcessWire whitelist admin edit page
SecRule REQUEST_URI "@pm /login/page/edit/" "id:1028,phase:1,pass,nolog,ctl:ruleEngine=Off"

#DokuWiki whitelist upload
SecRule REQUEST_URI "@pm /exe/ajax.php" "id:1029,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav files whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/files/" "id:1030,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav uploads whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/uploads/" "id:1031,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Next/Owncloud dav calendars whitelist
SecRule REQUEST_URI "@pm /remote.php/dav/calendars/" "id:1032,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Processwire CMS page edit whitelist
SecRule REQUEST_URI "@pm /processwire/page/edit/" "id:1033,phase:1,pass,nolog,ctl:ruleEngine=Off"

#Exclude Wordpress Cookie: wordpress_sec
SecRule REQUEST_COOKIES:wordpress_sec "@rx ^[0-9a-f]+\|\|\d+\|\|\d+$" "id:1034,phase:1,pass,t:none,nolog,chain"
	SecRule &REQUEST_COOKIES:wordpress_sec "@eq 1" "t:none, ctl:ruleRemoveTargetById=942100;REQUEST_COOKIES:wordpress_sec"

#Whitelist nav-menu.php from attack-protocol
SecRule REQUEST_URI "@pm wp-admin/includes/nav-menu.php" "id:1035,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-protocol"

#Whitelist Wordpress wp-admin/themes.php referer
SecRule REQUEST_HEADERS:Referer "@pm wp-admin/themes.php" "id:1036, phase:2,pass,ctl:ruleRemoveByTag=attack-rce"

#Jetpack-boost whitelist rule. Prevents anomaly-score breaking Jetpack.
SecRule REQUEST_URI "@pm /wp-json/jetpack-boost/v1/critical-css/?:(core_front_page|singular_page)/success" "id:1037,phase:1,pass,nolog,ctl:ruleEngine=off"

#Wpmudev backup whitelist rule.
SecRule REQUEST_URI "@pm /wp-load.php?wpmudev-hub" "id:1038,phase:1,pass,nolog,ctl:ruleRemoveById=921130"

#AmazonProductImporter plug-in whitelist
SecRule REQUEST_URI "@pm /amazonproductimporter" "id:1039,phase:1,pass,nolog,ctl:ruleEngine=Off"

#WhiteList Stripe User-Agent
SecRule REQUEST_HEADERS:User-Agent "@pm Stripe/1.0 (+https://stripe.com/docs/webhooks)" "id:1040,pass,nolog,ctl:ruleEngine=Off"

#Whitelist Site Editor on TwentyTwentyThree
SecRule ARGS:postId "@pm twentytwentythree" "id:1041,phase:1,pass,nolog,ctl:ruleRemoveById=942100,chain"
	SecRule REQUEST_URI "@pm /wp-admin/site-editor.php"

#Whitelist mothership directory per customer request
SecRule REQUEST_URI "@pm /mothership" "id:1042,phase:1,pass,nolog,ctl:ruleEngine=Off"

#stop viewing WordPress Site Editor as SQL Injection or generic attack
SecRule REQUEST_URI "@rx ^/wp-admin/site-editor\.php" "id:1043,phase:1,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-generic"

#test rules
SecRule REQUEST_FILENAME "@endsWith /wp-json/wp/v2/global-styles" "id:1044,phase:2,pass,nolog,ctl:ruleRemoveById=942100"

SecRule &ARGS_NAMES:jetpack_publicize_connections.jetpack_publicize_connections.profile_picture "@gt 0" "id:1045,phase:1,pass,t:none,nolog,chain"
 	SecRule ARGS_NAMES:jetpack_publicize_connections.jetpack_publicize_connections.profile_picture "@contains .profile" "ctl:ruleRemoveById=930120"

SecRule ARGS "@rx f$n$" "id:1046,phase:2,nolog,pass,ctl:ruleRemoveById=942100"

SecRule REQUEST_COOKIES "@rx mcfw-wp-user-cookie" "id:1047,phase:2,nolog,pass,ctl:ruleRemoveById=942100"

#whitelist astra theme issues
SecRule REQUEST_URI "@contains /wp-json/wp/v2/pages/" "id:1048,phase:2,pass,nolog,ctl:ruleRemoveByTag=attack-sqli,ctl:ruleRemoveByTag=attack-generic;ARGS:meta.ast-content-background-meta.mobile.background-color"

# prevent 942100 catch on posting 
SecRule REQUEST_HEADERS:Referer "@contains wp-admin/post-new.php" "id:1049,phase:1,pass,nolog,ctl:ruleRemoveById=942100"

SecRule REQUEST_URI "@contains /wp-json/wp/v2/posts/" "id:1050,phase:2,pass,nolog,ctl:ruleRemoveById=942100"

#whitelists AI content generation in astra themes
SecRule REQUEST_URI "@contains /wp-json/zipwp/v1/" "id:1051,phase:1,pass,nolog,ctl:ruleRemoveById=949110"

#Moar AI whitelisting
SecRule REQUEST_URI "@contains /wp-json/wp/v2/templates/" "id:1052,phase:1,pass,nolog,ctl:ruleRemoveById=1990092"

# Disable rule 949110 for requests under /wp-json/
SecRule REQUEST_URI "^/wp-json/" "id:1053,phase:1,nolog,allow,ctl:ruleRemoveById=949110"

#Disable rule 949110 for requests under async-upload.php
SecRule REQUEST_URI "^/wp-admin/async-upload.php" "id:1054,phase:1,nolog,allow,ctl:ruleRemoveById=949110"

#clears issues with stripe
SecRule REQUEST_URI "@contains /wp-admin/" "id:1055,phase:1,nolog,allow,ctl:ruleRemoveById=1990091"

#Disable rule 942100 for requests under async-upload.php
SecRule REQUEST_URI "^/wp-admin/async-upload.php" "id:1056,phase:1,nolog,allow,ctl:ruleRemoveById=942100"

${this.title}

Code Editor : REQUEST-00-LOCAL-WHITELIST.conf