aboutsummaryrefslogtreecommitdiffstats
path: root/config/apache_mod_security/rules/10_asl_rules.conf
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@G5.local>2009-10-27 19:29:22 -0400
committerScott Ullrich <sullrich@G5.local>2009-10-27 19:29:22 -0400
commitcefe0accd2b44cacd17c8f35f76dbdac66241a6d (patch)
treef62978454790fe32a367caf1ed9956131c5b06a7 /config/apache_mod_security/rules/10_asl_rules.conf
parent84c595a7e87439865edc8d77143f7737df4eb720 (diff)
downloadpfsense-packages-cefe0accd2b44cacd17c8f35f76dbdac66241a6d.tar.gz
pfsense-packages-cefe0accd2b44cacd17c8f35f76dbdac66241a6d.tar.bz2
pfsense-packages-cefe0accd2b44cacd17c8f35f76dbdac66241a6d.zip
Adding additional rules from http://www.gotroot.com
Diffstat (limited to 'config/apache_mod_security/rules/10_asl_rules.conf')
-rw-r--r--config/apache_mod_security/rules/10_asl_rules.conf3637
1 files changed, 3637 insertions, 0 deletions
diff --git a/config/apache_mod_security/rules/10_asl_rules.conf b/config/apache_mod_security/rules/10_asl_rules.conf
new file mode 100644
index 00000000..06be218d
--- /dev/null
+++ b/config/apache_mod_security/rules/10_asl_rules.conf
@@ -0,0 +1,3637 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2009 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+SecDefaultAction "log,deny,auditlog,phase:2,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace"
+
+# Rule 340001: Don't accept transfer encodings we know we don't handle
+SecRule REQUEST_HEADERS:Transfer-Encoding "!^$" \
+ "id:340001,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Dis-allowed Transfer Encoding'"
+
+# Rule 340002: deny TRACE method
+SecRule REQUEST_METHOD "trac(?:e|k)" \
+ "phase:1,t:lowercase,id:340002,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: TRACE/TRACK method denied'"
+
+# Rule 340361: deny CONNECT method
+SecRule REQUEST_METHOD "connect" \
+ "phase:1,t:lowercase,id:340361,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: CONNECT method denied'"
+
+#block nulls and invalid characters
+SecRule REQUEST_URI|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer \
+ "@validateByteRange 1-255" \
+ "phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Invalid character in request or headers',rev:3,id:'390613',severity:'2',t:none,t:urlDecodeUni"
+SecRule ARGS|ARGS_NAMES "@validateByteRange 1-255" \
+ "phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Invalid character in ARGS',rev:1,id:'390614',severity:'2',t:none,t:urlDecodeUni"
+
+#block encoding attacks
+SecRule REQUEST_BODY|REQUEST_URI|XML:/* "\%(?!$|\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" \
+ "chain,phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: URL Encoding Attack Attempt',rev:1,id:'390615',severity:'4'"
+SecRule REQUEST_BODY|REQUEST_URI|XML:/* "@validateUrlEncoding"
+
+#protocol violation
+SecRule REQUEST_METHOD "^POST$" "chain,rev:2,id:'390616',phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: POST request must have a Content-Length header',severity:'4'"
+SecRule &REQUEST_HEADERS:Content-Length "@eq 0" t:none
+
+#GET or HEAD mascarating as a POST/with body
+SecRule REQUEST_METHOD "^(?:GET|HEAD)$" "chain,phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: GET or HEAD requests with bodies', severity:'2',rev:1,id:'390617'"
+SecRule REQUEST_HEADERS:Content-Length "!^0?$" t:none
+
+SecRule REQUEST_HEADERS:Content-Length "!^\d+$" "phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Content-Length HTTP header is not numeric', severity:'2',rev:1,id:'390618'"
+
+#HTTP smuggling attack
+SecRule REQUEST_HEADERS:'/(Content-Length|Transfer-Encoding)/' "," "phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: HTTP Smuggling Attack.',id:'390619',rev:1,severity:'1'"
+
+#totally bogus request
+#SecRule REQUEST_LINE "!^(?:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$" \
+# "t:none,t:lowercase,phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus HTTP Request Line',id:'390620',rev:1,severity:'2'"
+
+#Unicode attack
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "\%u[fF]{2}[0-9a-fA-F]{2}" \
+ "t:none,phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Unicode Width Attack Attempt',id:'390621',rev:2,severity:'4'"
+
+# Rule 340000: Enforce proper HTTP requests
+# GET /robots.txt HTTP/1.0
+# modsecurity does not seem to handle this correctly, its treating spaces
+# as delimiters and assumes the first space indicates the protocol field starts.
+# disabling for now
+#SecRule REQUEST_PROTOCOL "!(?:^|\n|\r)(?:http|HTTP)/(0\.9|1\.[01])$" \
+# "t:none,id:340000,rev:7,severity:1,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bad HTTP Protocol <%{TX.0}>'"
+
+# Rule 34000X: Generic rule for allowed characters, very broken at the moment
+# dont use it unless you can fix it
+#SecRule REQUEST_URI "!^[-a-zA-z0-9\.\+_/\-\?\=]+$" "chain,id:340002,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Restricted HTTP character set'"
+
+
+# Rule 340003: XSS insertion into headers
+SecRule REQUEST_URI "!(modules/tinytinymce/tinymce/jscripts/tiny_mce/utils/validate\.js$)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,chain,id:340003,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS attack in request headers'"
+SecRule REQUEST_HEADERS "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)*>.*(?:script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)"
+
+
+# Rule 340004: Don't accept chunked encodings
+# modsecurity can not look at these, so this is a hole that can bypass your rules,
+# the rule before this oneshould cover this, but hey paranoia is cheap
+SecRule REQUEST_HEADERS:Transfer-Encoding "chunked" \
+ "id:340004,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Chunked Transfer Encoding denied'"
+
+# Rule 340262
+#SecRule REQUEST_HEADERS:Content-Length "!ˆ\d+$" \
+# "id:340262,rev:1,severity:2,msg:’Content-Length HTTP header violation’"
+
+# Rule 340006: generic recursion signatures
+SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors|phpthumb/phpthumb\.php\?src=\.\./\.\./uploads)" \
+ "t:normalisePath,id:340006,rev:29,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS', chain"
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|!ARGS:/description/|!ARGS:videoplayer|!ARGS:css_data|!ARGS:/txt/|!ARGS:/text/|!ARGS:body|!ARGS:pagecontent|!ARGS:wysiwyg_input|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:/content/ "(?:\.\./\.\./|\.\|\./\.\|\./\.\|)"
+
+
+#Rule 340007: generic recursion signatures
+SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \
+ "chain,t:none,t:lowercase,id:340007,rev:18,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+SecRule REQUEST_URI|ARGS|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"
+
+# Rule 340008: generic bogus path sigs
+SecRule REQUEST_URI|REQUEST_HEADERS "/\.{3,}/" \
+ "t:normalisePath,id:340008,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus Path denied'"
+
+# Rule 340009: generic recursion signatures
+SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors|phpthumb/phpthumb\.php\?src=\.\./\.\./uploads|^/etc/[a-z0-9-_]+\.(css|html?|jpe?g|gif|png|te?xt)$|^/\?cx=.*q=)" \
+ "t:normalisePath,id:340009,rev:16,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Protected Path Access denied in URI/ARGS', chain"
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(/etc/|/proc/|/var/tmp/)"
+
+# Rule 340012:
+#Proxy Protection
+#SecRule REQUEST_METHOD "!^(ACL|BASELINE-CONTROL|BCOPY|BDELETE|BIND|BMOVE|BPROPFIND|BPROPPATCH|CHECKIN|CHECKOUT|CONNECT|COPY|DELETE|GET|HEAD|LABEL|LINK|LOCK|MERGE|MKACTIVITY|MKCALENDAR|MKCOL|MKREDIRECTREF|MKWORKSPACE|MOVE|NOTIFY|OPTIONS|ORDERPATCH|PATCH|POLL|POST|PROPFIND|PROPPATCH|PUT|REBIND|REPORT|SEARCH|SUBSCRIBE|TRACE|UNBIND|UNCHECKOUT|UNLINK|UNLOCK|UNSUBSCRIBE|UPDATE|UPDATEREDIRECTREF|VERSION-CONTROL|X-MS-ENUMATTS)$" \
+SecRule REQUEST_METHOD "^CONNECT$" \
+"chain,phase:2,t:none,deny,log,auditlog,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Unauthorized Proxy access attempt',severity:'2',id:'340012',rev:2"
+SecRule REQUEST_URI_RAW "^\w+:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+# Rule 340013:
+#Prevent SQL injection in cookies
+SecRule REQUEST_COOKIES "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" \
+ "t:replaceComments,id:340013,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection in cookie'"
+
+# Rule 340014:
+#Prevent command injection through cookies
+SecRule REQUEST_COOKIES "\; ?cmd ?=" \
+ "id:340014,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: CMD injection'"
+
+# Rule 340015:
+#Prevent SQL injection in UA
+SecRule REQUEST_HEADERS:User-Agent "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"\
+ "t:replaceComments,id:340015,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection in User Agent header'"
+
+# Rule 340016:
+# Generic filter to prevent SQL injection attacks
+# Understand that all SQL filters are very limited and are very difficult
+# to prevent false postives and negatives.
+# Please report false positives/negatives to support@atomicorp.com
+SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=PNphpBB2&file=posting&mode=reply.*|/phpMyAdmin/|/PNphpBB2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/_mmServerScripts/|/node/[0-9]+/edit|/_vti_bin/.*\.exe/)" \
+ "t:replaceComments,chain,id:340016,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'"
+SecRule REQUEST_URI|REQUEST_BODY "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"
+
+
+# Rule 340017:
+#Generic SQL sigs
+#
+SecRule REQUEST_URI "!(?:^/edit_page$|/node/[0-9]+/edit|^/forum/posting\.php|^/admins/wnedit\.php|/alt_doc\.php\?returnUrl=.*edit|^/admin/categories\.php\?cPath=.*|modules\.php\?name=Forums&file=posting&mode=.*|^/joomla/administrator/index2\.php|^/wiki/index\.php?.*action=submit|^/imp/compose\.php|^/horde/imp/compose\.php|ubbthreads\.php|/sql.php|/tbl_(?:change|sql)\.php|/admincp/template\.php\?do=(?:insert|update)template|admin/area/save-page\.php$|^/cgi-bin/cookmail\.exe$|^/catalog/secure_admin/categories\.php\?cPath=)" \
+ "chain,id:340017,rev:44,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection in ARGS'"
+SecRule ARGS|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?:insert into values|select from [a-z|A-Z|0-9]!( and)|bulk insert|union select|convert \(.*from)"
+
+# Rule 340018:
+#Generic command line attack filter
+SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" \
+ "chain,id:340018,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic command line attack filter'"
+SecRule REQUEST_URI|REQUEST_BODY|!ARGS:site_first "\|+.*[\x20].*[\x20].*\|"
+
+# Rule 340019:
+#Generic PHP bad functions protection
+#PHP copy() function: http://securitytracker.com/alerts/2006/Apr/1015882.html
+SecRule ARGS "compress\.zlib ?:" \
+ "id:340019,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP bad functions protection'"
+
+# Rule 340020:
+#XSS in referrer and UA headers
+SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php|/tinymce/jscripts/|swf/pageear_[a-z]\.swf\?)" \
+ "id:340020,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS in referrer and UA headers',chain"
+SecRule REQUEST_HEADERS:REFERER "!(pagead[0-9]\.googlesyndication\.com/pagead/|/gills\.swf?txt=<a href= ?asfunction:_root\.launchURL|vbscript.*convert.*&hl=.*client=|convert.*vbscript.*Search|\?_RW_=http|/tinymce/jscripts/|/pageear_[a-z]\.swf)" chain
+SecRule REQUEST_HEADERS:REFERER|REQUEST_HEADERS:User-Agent "(?:<[[:space:]]*(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome)[[:space:]]*>|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\<input|(?:java|live|j)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|keydown|keypress|keyup|load)!(\.)|!\|on(?:mouse(?:down|move|out|over|up|submit)|(?:resize|select!i|unload))|script |settimeout|shell\:|(?:vb|x-java)script|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)"
+
+# Rule 340021: PHP Injection Attack generic signature
+SecRule REQUEST_URI "(!/lightboxjs\.php\?path=http:/)" \
+ "t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,chain,id:340021,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection Attack 1'"
+SecRule REQUEST_URI "\.php" chain
+SecRule REQUEST_URI|REQUEST_BODY "(?:\?(?:(?:LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|path|pathtoroot|cat|pagina|path|include_location|root|page|gorumDir|site|topside|pun_root|open|seite)=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |id|cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./|whoami|killall |rm \-[a-z|A-Z]))"
+
+
+# Rule 340022: PHP Injection Attack generic signature
+SecRule REQUEST_URI "!(/lightboxjs\.php\?path=http://)" \
+ "chain,id:340022,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection Attack 2'"
+SecRule REQUEST_URI "\.php\?(?:(?:(?:LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|pagina|path|pathtoroot|cat|include_location|gorumDir|root|page|site|topside|pun_root|open|seite)=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|.*(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z]))"
+
+
+# Rule 340023: Generic PHP remote file inclusion attack signature
+SecRule REQUEST_URI "\.php\?" \
+ "chain,id:340023,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP remote file inclusion'"
+SecRule REQUEST_URI "(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule REQUEST_URI|REQUEST_BODY "(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])"
+
+
+# Rule 340026: Generic PHP code injection protection in URI
+SecRule REQUEST_FILENAME|REQUEST_URI "!(^/signup\.php|^/go\.php\?u=affilorama&t=http://|^/cgi-bin/mirror_xml\.php\?bg_image=http://|^/frame\.php\?ref=&from=http://.*&url=.*/$|^/spam/gethref\.php\?img=http://|/gethref\.php\?img=http://|/frame\.php\?.*&from=http://|/lightboxjs\.php\?path=|/wimpy\.swf\?wimpyApp=http|^/opentape/res/jw_player\.swf\?)" \
+ "capture,chain,id:340026,rev:49,severity:2,ctl:auditLogParts=+E,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection attempt in URI',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&)).*=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule REQUEST_URI "!(?:/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=)" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:wpu|!ARGS:target|!ARGS:store|!ARGS:txtReturn|!ARGS:eself|!ARGS:dcsref|!ARGS:/link/|!ARGS:page|!ARGS:dcsqry|!ARGS:prev|!ARGS:src|!ARGS:link|!ARGS:avatar|!ARGS:u|!ARGS:Stream|!ARGS:imgfile|!ARGS:CARTDIR|!ARGS:custom_welcome_page|!ARGS:action|!ARGS:image|!ARGS:t|!ARGS:redirect_to|!ARGS:dir|!ARGS:vthumb|!ARGS:pic|!ARGS:path|!ARGS:clickTAG|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:ureferrer|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:redirect|!ARGS:product[media_gallery][images]|!ARGS:loc|!ARGS:backurl|!ARGS:r_uri|!ARGS:oaparams|!ARGS:bg_image|!ARGS:imageFile|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:body|!ARGS:subdir[0] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+# Rule 340027: Genenric PHP body attack
+SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)" \
+ "chain,id:340027,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic php body attack attempt'"
+SecRule REQUEST_BODY "^PHP\:*(?:(?:cd|mkdir)[[:space:]]+(?:/|[A-Z|a-z|0-9]|\.)*|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |chmod |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])"
+
+# Rule 340029: script, perl, etc. code in REQUEST_HEADERS:Referer string
+SecRule REQUEST_HEADERS:Referer "\#\!.*/" \
+ "id:340029,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command in Referer string'"
+
+# Rule 340030: generic command line attack
+SecRule REQUEST_URI|ARGS "\|*id ?\; ?echo*\|" \
+ "id:340030,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command line attack'"
+
+# Rule 340031: remote file inclusion generic attack signature
+SecRule REQUEST_URI "\.(?:dat|gif|jpg|png|bmp|txt|vir|dot)\?" \
+ "chain,id:340031,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote file inclusion'"
+SecRule REQUEST_URI|REQUEST_BODY "(?:(?:pm_path|pagina|path|include_location|root|page|open)=(?:ogg|gopher|zlib|(?:ht|f)tps?)|(?:cmd|command|inc)=)"
+
+# Rule 340035: Bogus file extensions generic signature
+SecRule REQUEST_URI "[A-Za-z0-9]\.(?:gif|jpe?g|png|bmp)\.(?:txt|dat)" \
+ "id:340035,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus file extensions'"
+
+# Rule 340036: PHP remote path attach generic signature
+#SecRule REQUEST_URI "!(?:/cowadmin/editor/.*/editor)" \
+# "id:340036,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Remote path attack',chain"
+#SecRule REQUEST_URI "\.ph(?:p(?:3|4)?).*path=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/"
+
+# Rule 340037: generic attack sig
+SecRule REQUEST_URI "cd *\;(?:cd|\;|echo|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |g?cc |cpp |g\+\+ |\./| uname -a|/bin/(xterm|id|bash|sh|echo|kill|chmod|ch?sh|python|perl|nasm|ping|mail|ssh))" \
+ "id:340037,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic command injection'"
+
+# Rule 3400XX: Generic argument protection rule against bad meta characters
+#SecRule "ARGS" "!^[A-Za-z0-9.&/?@_%=:;, -]+$"
+
+# Rule 340039: generic php attack sigs
+SecRule REQUEST_URI "(?:&(?:cmd|command)=(?:id|uname) |cmd\?(?:cmd|command)=|(?:spy|cmd|cmd_out|sh)\.(?:gif|jpg|png|bmp|txt)\?&(?:cmd|command)=|\.php\?&(?:cmd|command)=)" \
+ "id:340039,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP command injection attempt'"
+
+# Rule 340041: WEB-ATTACKS /etc/shadow access
+SecRule REQUEST_URI "/etc/shadow"\
+ "t:normalisePath,id:340041,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /etc/shadow read attempt'"
+
+# Rule 340059: WEB-ATTACKS traceroute command attempt
+SecRule REQUEST_URI "traceroute" \
+ "chain,id:340059,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (traceroute)'"
+SecRule REQUEST_URI " (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"
+
+
+# Rule 340064: WEB-ATTACKS /etc/inetd.conf access
+SecRule REQUEST_URI "/etc/(?:x?inetd|motd|passwd|shadow)" \
+ "id:340064,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Access attempt (protected file)'"
+
+# Rule 340067: protected file access
+SecRule REQUEST_URI "!(^/amember/admin/setup\.php\?notebook=|^/\?(S|V)|^\?(S|V)).*" \
+ "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,chain,id:340067,rev:7,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Direct access attempt of protected file'"
+SecRule REQUEST_URI|REQUEST_FILENAME "@pm .www_acl .htpasswd .htaccess boot.ini httpd.conf .htgroup global.asa .wwwacl"
+
+# Rule 340069: WEB-MISC nessus 1.X 404 probe
+SecRule REQUEST_URI "(nessus_is_probing_you_|NessusTest)" \
+ "id:340069,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Nessus scan'"
+
+# Rule 340072: WEB-MISC apache directory disclosure attempt
+SecRule REQUEST_URI "////////" \
+ "id:340072,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Directory disclosure'"
+
+# Rule 340076: PHP defenses
+SecRule ARGS:PHPSESSID "(!^[0-9a-z]*$|!^[0-9a-z]*;www)" \
+ "id:340076,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Session attack'"
+
+# Rule 340077: PHP defenses
+SecRule ARGS|!ARGS:operate|!ARGS:search_keywords "^(?:globals(?:$|\[)|php:/)" \
+ "id:340077,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation'"
+
+# Rule 340078: PHP defenses
+#SecRule REQUEST_COOKIES:PHPSESSID "!^[0-9a-z, ]*$" \
+# "id:340078,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP cookie policy violation'"
+
+# Rule 340079: PHP defenses
+SecRule REQUEST_COOKIES:sessionid "![0-9a-z]*$" \
+ "id:340079,rev:10,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation'"
+
+# Rule 340080: Web-attacks chdir
+SecRule REQUEST_URI "&(?:cmd|command)=chdir " \
+ "id:340080,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (chdir)'"
+
+# Rule 340082: SMTP redirects
+SecRule REQUEST_URI_RAW "^(?:(?:ht|f)tps?|connect)\:/.+:25" \
+ "id:340082,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SMTP redirect over http attempt'"
+
+
+# Rule 340083: very experimental generic remote download sig
+# These are VERY experiemental, please report false positives/negatives, etc.
+# foo IP or FQDN, or foo http/https/ftp://whatever
+SecRule REQUEST_URI "(?:perl|t?ftp|links|elinks|lynx|ncftp|(?:s|r)(?:cp|sh)|wget|lwp-(?:download|request|mirror|rget)|curl|cvs|svn).* (?:(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" \
+ "id:340083,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Command attempt'"
+
+# Rule 340084: Command inline detection
+SecRule REQUEST_URI "!(?:/scp/tickets\.php|/cgi-bin/stats\.cgi)" \
+ "chain,id:340084,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command injection attempt'"
+SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:(?:s|r)(?:sh|cp)) *(?:.*\@.*|(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"
+
+
+# Rule 340085: very experimental connect command sig
+SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:perl|nc|telnet|(?:rs)sh|rexec) .*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[A-Za-z|0-9]\.[a-zA-Z]{2,4}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" \
+ "id:340085,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command injection attempt'"
+
+
+# Rule 340086: Commands, also need a major rework, these also have issues
+SecRule REQUEST_URI "\;perl [A-Za-z|0-9]+;" \
+ "id:340086,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (perl)'"
+
+# Rule 340087: SecRule REQUEST_URI "echo"
+SecRule REQUEST_URI "(?:lynx|curl|wget|links) -dump " \
+ "id:340087,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (links)'"
+
+# Rule 340088: Command attempt (links)
+SecRule REQUEST_URI "links (?:-(?:dump-(?:charset|width)|source)|(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/)" \
+ "id:340088,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (links)'"
+
+# Rule 340091: cd to tmp
+#SecRule REQUEST_URI "mkdir"
+SecRule REQUEST_URI "cd /(?:tmp|/var/tmp|/etc|\.\.)" \
+ "id:340091,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (cd tmp)'"
+
+# Rule 340093: Access bash_history
+SecRule REQUEST_URI "/\.(?:history|bash_history)$" \
+ "id:340093,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Access attempt (.history/.bash_history)'"
+
+# Rule 340094: generic block for fwrite fopen uploads
+SecRule REQUEST_URI "fwrite" \
+ "chain,id:340094,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP fwrite/fopen attempt'"
+SecRule REQUEST_URI "fopen"
+
+
+# Rule 340095: generic sig for more bad PHP functions
+SecRule REQUEST_URI "chr\(?:(?:[0-9]{1,3})\)" \
+ "id:340095,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation (chr)'"
+
+# Rule 340096: PHP policy violation
+SecRule ARGS_NAMES "^php:/" \
+ "id:340096,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy viloation'"
+
+
+# Rule 340097: WEB-MISC Tomcat view source attempt
+SecRule REQUEST_URI "\x252ejsp" \
+ "id:340097,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Tomcat view source attempt'"
+
+# Rule 340098: WEB-FRONTPAGE .... request
+SecRule REQUEST_URI "\.\.\.\./" \
+ "id:340098,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: FRONTPAGE .... request'"
+
+# Rule 3400XX: experimental CSS rule
+#SecRule REQUEST_URI "/(?:\x3C|<)(?:\x2F|\/)*[a-z0-9\%]+(?:\x3E|>)"
+
+# Rule 340099: cross site scripting attempt IMG onerror or onload
+SecRule REQUEST_URI "\<IMG.*/\bonerror\b[\s]*=" \
+ "id:340099,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt IMG onerror or onload'"
+
+# Rule 340100: cross site scripting attempt TYPE + JAVASCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/javascript" \
+ "id:340100,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt TYPE + JAVASCRIPT'"
+
+# Rule 340101: cross site scripting attempt STYLE + JAVASCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]application\/x-javascript" \
+ "id:340101,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + JAVASCRIPT'"
+
+
+# Rule 340102: cross site scripting attempt STYLE + JSCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/jscript" \
+ "id:340102,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + JSCRIPT'"
+
+
+# Rule 340103: cross site scripting attempt STYLE + VBSCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/vbscript" \
+ "id:340103,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + VBSCRIPT'"
+
+
+# Rule 340104: cross site scripting attempt STYLE + VBSCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]application\/x-vbscript" \
+ "id:340104,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + VBSCRIPT'"
+
+
+
+# Rule 340105: cross site scripting attempt STYLE + ECMACRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/ecmascript" \
+ "id:340105,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + ECMACRIPT'"
+
+
+# Rule 340106: cross site scripting attempt STYLE + EXPRESSION
+SecRule REQUEST_URI "STYLE[\s]*=[\s]*[^>]expression[\s]*\(" \
+ "id:340106,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + EXPRESSION'"
+
+
+# Rule 340107: cross site scripting attempt STYLE + EXPRESSION
+SecRule REQUEST_URI "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>" \
+ "id:340107,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + EXPRESSION'"
+
+# Rule 340108: There is no 340108.
+
+# Rule 340109: cross site scripting attempt using XML
+SecRule REQUEST_URI "<!\[CDATA\[<\]\]>SCRIPT" \
+ "id:340109,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt using XML'"
+
+
+# Rule 340110: cross site scripting attempt executing hidden Javascript
+SecRule REQUEST_URI "eval[\s]*\([\s]*[^\.]\.innerHTML[\s]*\)" \
+ "id:340110,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt executing hidden Javascript'"
+
+
+# Rule 340111: cross site scripting attempt executing hidden Javascript
+SecRule REQUEST_URI "window\.execScript[\s]*\(" \
+ "id:340111,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt executing hidden Javascript'"
+
+# Rule 340112: cross site scripting attempt to execute Javascript code
+SecRule REQUEST_URI "(?:(?:(?:URL|SRC|HREF|LOWSRC)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*javascript[\:]" \
+ "id:340112,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt to execute Javascript code'"
+
+
+# Rule 340113: cross site scripting stealth attempt to execute Javascript code
+# may false alarm for some language sets
+SecRule REQUEST_URI "!(?:/index\.php\?module=Blocks&type=admin&func=update|/index\.php\?go=.*&edit=)"\
+ "chain,id:340113,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting stealth attempt to execute Javascript code'"
+SecRule REQUEST_URI|REQUEST_BODY "(?:(?:(?:URL|SRC|HREF|LOWSRC)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:]" \
+
+
+# Rule 340114: Apache /server-info accessible
+SecRule REQUEST_URI "^server-info/?$" \
+ "chain,id:340114,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /server-info access attempt'"
+SecRule REMOTE_ADDR "!^127\.0\.0\.1$"
+
+
+# Rule 340115: Apache /server-status accessible
+# Modified so apache-protect can run
+SecRule REQUEST_URI "^server-status/?$" \
+ "chain,id:340115,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /server-status access attempt'"
+SecRule REMOTE_ADDR "!^127\.0\.0\.1$"
+
+
+# Rule 340116: generic Common HTTP vulnerability
+SecRule REQUEST_URI "/\?cwd=/" \
+ "id:340116,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Common HTTP vulnerability'"
+
+
+# Rule 340117: General [url] php forum protections (phpbb and others, to protect against script injection attacks in url links)
+SecRule REQUEST_URI "\.php\?" \
+ "chain,id:340117,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: General [url] php forum protections'"
+SecRule REQUEST_URI|REQUEST_BODY "\[url=(?:script|javascript|applet|about|chrome|activex)\:/.*\].*\[/url\]"
+
+
+# Rule 340118: Experimental XML-RPC generic attack sigs
+SecRule REQUEST_BODY|ARGS "(\'\,\'\'\)\)\;|\<param\>\<name\>.*\'\)\;)" \
+ "id:340118,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML-RPC attack'"
+
+# Rule 340120: XML-RPC generic attack sigs
+SecRule REQUEST_HEADERS "^Content-Type\: application/xml" \
+ "chain,id:340120,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML-RPC attack'"
+SecRule REQUEST_BODY|ARGS "(?:\<xml|\<.*xml)" chain
+SecRule REQUEST_BODY|ARGS "(?:echo(?: |\(|\').*\;|chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" chain
+SecRule REQUEST_BODY|ARGS "methodCall\>"
+
+
+# Rule 340121: Specific XML-RPC attacks on xmlrpc.php
+SecRule REQUEST_URI "(?:xmlrpc|xmlrpc.*)\.php" \
+ "chain,id:340121,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XML-RPC attacks on xmlrpc.php'"
+SecRule REQUEST_BODY|ARGS "(?:\<xml|\<.*xml)" chain
+SecRule REQUEST_BODY|ARGS "(?:echo(?: |\(|\').*\;|chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;"
+
+
+# Rule 340XXX:
+#Too generic, unless you know you won't see this in any of the fields of an XMLRPC message on your system
+#SecRule REQUEST_URI "/xmlrpc\.php" chain
+#SecRule "(?:cd|perl |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./)"
+
+# Rule 340122: XML-RPC SQL injection generic signature
+SecRule REQUEST_URI "(?:xmlrpc|xmlrpc_.*)\.php" \
+ "id:340122,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XML-RPC SQL injection ',chain"
+SecRule REQUEST_BODY|ARGS "<methodName>.*</methodName>.*<value><string>.*(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](?:from|into|table|database|index|view).*methodName\>"
+
+# Rule 340125: Remote file inclusion attempt
+SecRule REQUEST_URI "index\.php\?libDir=:/" \
+ "id:340125,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote file inclusion attempt'"
+
+# Rule 340XXX
+#catch smuggling attacks
+#SecRule "^(?:GET|POST).*Host:.*^(?:GET|POST)"
+
+# Rule 340127: Drupal remote command execution vulnerability exploit signature
+# This is already covered in another generic signature, but just in case you leave it out, here it is
+# again with a slightly tigher regexp
+SecRule REQUEST_BODY|ARGS "\<.*php .*\(.*\)\;system\(.*\).*php ?\>" \
+ "id:340127,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote command exection (system)'"
+
+# Rule 340128: Slightly stronger version of the above
+SecRule REQUEST_BODY "\<.*php .*\(.*\)\;(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\).*php*\>" \
+ "id:340128,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote command exection (generic)'"
+
+
+# Rule 340129: Generic PHP attack sig
+SecRule REQUEST_BODY|REQUEST_URI "system\(getenv\(HTTP_PHP\)\)" \
+ "id:340129,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP attack sig'"
+
+
+# Rule 340130: Generic Nessus request filter
+SecRule REQUEST_URI "NessusTest*\.html" \
+ "id:340130,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Nessus Scan'"
+
+
+# Rule 340131: Generic PHP payload command injection and upload vulnerabilities
+SecRule REQUEST_BODY "<\?php" \
+ "id:340131,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP payload command injection and upload vulnerabilities',chain"
+SecRule REQUEST_BODY "(?:(?:fputs|fread)\(.*\,.*\)\;|fsockopen\(gethostbyname|chr\(.*\)\.chr\(.*\)\.chr\(|(?:fclose|fgets)\(.*\)\;|(?:system|exec)\(.*\)\;)" chain
+SecRule REQUEST_BODY "\<\?php"
+
+# Rule 340132: Generic XML RPC attack sig
+SecRule REQUEST_BODY "\'(?:______BEGIN______|_____FIM_____)\'\;" \
+ "id:340132,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML RPC attack'"
+
+
+# Rule 340133: HTTP header PHP code injection attacks
+SecRule REQUEST_HEADERS:Client-Ip|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "(?:<\?php|<[[:space:]]?\?[[:space:]]?php|<\? php)" \
+ "id:340133,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: HTTP header PHP code injection attack'"
+
+# Rule 340134: wormsign
+SecRule REQUEST_HEADERS "XXXXXX+\: \+\+\+\+\+\+\+\+\+\+\+\+\+" \
+ "id:340134,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Worm signature'"
+
+# Rule 340135: THMC worm
+SecRule REQUEST_BODY "THMC\.\$dbhost\.THMC\.\$dbname\.THMC\.\$dbuser\.THMC\.\$dbpasswd\.THMC" \
+ "id:340135,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: THMC worm'"
+
+
+# Rule 340136: phpbb wormsign
+SecRule REQUEST_URI|REQUEST_BODY "echo _GHC/RST_" \
+ "id:340136,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHPBB worm'"
+
+
+# Rule 340137: Generic PHP avatar upload exploits
+SecRule REQUEST_URI "\.php" \
+ "id:340137,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHPBB avatar exploit',chain"
+SecRule REQUEST_BODY "Content-Disposition\: form-data\; name=\"avatar\"\;" chain
+SecRule REQUEST_BODY "\<\?php" chain
+SecRule REQUEST_BODY "\?>"
+
+
+# Rule 340138: Fake image file shell attacvk
+SecRule REQUEST_HEADERS:Content-Type "image/.*" \
+ "id:340138,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Fake image file shell attack',chain"
+SecRule REQUEST_BODY "chr\(.*\)"
+
+
+# Rule 340140: bogus graphics file
+SecRule REQUEST_HEADERS:Content-Disposition "\.(?:php|txt)" \
+ "id:340140,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus graphics file',chain"
+SecRule REQUEST_HEADERS:Content-Type "(?:image/gif|image/jpg|image/png|image/bmp)" \
+
+
+# Rule 340141: wormsign
+SecRule REQUEST_URI "Hacked ?by ?member ?of" \
+ "id:340141,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: worm'"
+
+
+# Rule 340142: Special account protection
+SecRule REQUEST_URI "~(?:root|ftp|bin|nobody|named|guest|logs|sshd)/" \
+ "t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,id:340142,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Special account protection'"
+
+
+# Rule 340143: Generic PHP fopen sig
+SecRule REQUEST_URI|REQUEST_BODY "fp=fopen\(" \
+ "id:340143,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP fopen attack'"
+
+
+# Rule 340144: Generic SQL sigs
+SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=PNphpBB2&file=posting&mode=reply.*|/phpMyAdmin/|/PNphpBB2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/_mmServerScripts/|/node/[0-9]+/edit|/_vti_bin/.*\.exe/|/joomla/administrator/index2\.php|module=admin&act=dispLayoutAdminEdit&layout_srl=|upgrade.php?step=|^/ubbthreads/install/|^/projects/csb/milestone$)" \
+ "id:340144,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+SecRule ARGS|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"
+
+# Rule 340145: Generic SQL sigs
+SecRule ARGS|!ARGS:content|!ARGS:/descr/|!ARGS:newcontent|!ARGS:/text/|!ARGS:/txt/|!ARGS:khxc_incphp--filename|!ARGS:/file_content/|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp|!ARGS:gbu0_prodcatdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]]1|(?:or 1=1|'.+)--')" \
+ "id:340145,rev:10,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'"
+
+# Rule 340146: Meta character SQL injection
+SecRule REQUEST_URI "\'.*(?:insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)|and.*char\(.*\)" \
+ "id:340146,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL metacharacter URI injection protection'"
+
+# Rule 340147: Generic XSS filter
+SecRule REQUEST_URI "!(/mt\.cgi|/node/[0-9]+/edit|/wizard/edit/html)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340147,rev:48,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter',chain"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"
+
+# Rule 340148: XSS injection
+SecRule REQUEST_URI "!(^/\?(S|V)|^\?(S|V)|/node/[0-9]+/edit|/wizard/edit/html)" \
+ "chain,multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340148,rev:56,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:finish_survey|ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"
+
+# Rule 340149: XSS injection
+SecRule REQUEST_URI "!(^/\?(S|V)|^\?(S|V)|/node/[0-9]+/edit|/wizard/edit/html|\.(gif|jpe?g|png|bmp)$)" \
+ "chain,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340149,rev:66,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+SecRule REQUEST_URI|ARGS|!ARGS:finish_survey|!ARGS:embeddump|ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)"
+
+# Rule 340150: Dfind signature
+# w00tw00t.at.ISC.SANS.DFind
+SecRule REQUEST_URI "w00tw00t" \
+ "id:340150,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: DFind scanner attempt'"
+
+
+#Rule 340152: PHP Injection attack
+#SecRule REQUEST_URI "!(?:^/newsletter/admin/\?page=spageedit|\?c=clipart&u=http:|^\?q=node/add/page$|^\?q=(?:en|de)/node/[0-9]/edit$|^/(?:maillist|lists)/admin/\?page=(template|template&id=[0-9]+)$|^/leap/\?admin\.menus\.edit\.[0-9]+$|\?mode=addshout|\?feed=http://)" \
+# "t:normalisePath,id:340152,rev:55,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 2',chain"
+#SecRule REQUEST_URI "/+\?" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+#SecRule ARGS|!ARGS:/link/|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/href/|!ARGS:dcsref|!ARGS:gb_link|!ARGS:entry_author_website|!ARGS:attribute29|!ARGS:request|!ARGS:oaparams|!ARGS:/html_content/|!ARGS:subscribemessage|!ARGS:menu[link_path]|!ARGS:en_description|!ARGS:Stream|!ARGS:footer|!ARGS:site_frontpage|!ARGS:openid.return_to|!ARGS:/^description/|!ARGS:text_block|!ARGS:template_content|!ARGS:/^edit/|!ARGS:header|!ARGS:/homepage/|!ARGS:messagebody|!ARGS:content|!ARGS:newText|!ARGS:pagedata|!ARGS:/url/|!ARGS:clickTAG|!ARGS:page|!ARGS:utmr|!ARGS:archive_chrono|!ARGS:return|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:message|!ARGS:serverurl|!ARGS:redirect_to|!ARGS:external_link|!ARGS:site_footer|!ARGS:body_html|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:attach-url|!ARGS:url2send|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:loc|!ARGS:backurl|!ARGS:referer|!ARGS:resource|!ARGS:siteurl|!ARGS:feed|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:text|!ARGS:newDescription|!ARGS:rid|!ARGS:enlace|!ARGS:video|!ARGS:body|!ARGS:g2_return|!ARGS:newComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+# Rule 340151: Generic PHP code injection protection in URI w/ anti-evasion
+SecRule REQUEST_FILENAME|REQUEST_URI "!(?:^/signup\.php|^/go\.php\?u=affilorama&t=http://|/slideshow/admin/p\.php)" \
+ "id:340151,t:normalisePath,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection attempt in URI'"
+SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&)).*=(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/" chain
+SecRule REQUEST_URI "!(?:/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http)" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:store|!ARGS:txtReturn|!ARGS:src|!ARGS:Stream|!ARGS:eself|!ARGS:gb_link|!ARGS:action|!ARGS:redirect_to|!ARGS:/^description/|!ARGS:vthumb|!ARGS:image|!ARGS:footer|!ARGS:header|!ARGS:entry_author_website|!ARGS:/homepage/|!ARGS:clickTAG|!ARGS:page|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:enlace|!ARGS:page|!ARGS:subdir[0] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+#Rule 340153: PHP Injection attack w/ antievasion
+SecRule REQUEST_URI "!(?:^/newsletter/admin/\?page=spageedit|^\?q=node/add/page$|^\?q=(?:en|de)/node/[0-9]/edit$|\?mode=addshout|\?feed=http://)" \
+ "id:340153,t:normalisePath,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 3'"
+SecRule REQUEST_URI "/\?" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:/link/|!ARGS:next|!ARGS:entry_author_website|!ARGS:gb_link|!ARGS:goto|!ARGS:/html_content/|!ARGS:openid.return_to|!ARGS:values[pageheader]|!ARGS:content|!ARGS:description|!ARGS:content|!ARGS:body|!ARGS:header|!ARGS:footer|!ARGS:utmr|!ARGS:edit[site_mission]|!ARGS:return|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:message|!ARGS:serverurl|!ARGS:redirect_to|!ARGS:external_link|!ARGS:site_footer|!ARGS:body_html|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:attach-url|!ARGS:url2send|!ARGS:ureferrer|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:referer|!ARGS:resource|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:op|!ARGS:enlace|!ARGS:page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+#Rule 340154: Enhanced XSS protection w/antievasion
+#SecRule ARGS|ARGS_NAMES|REQUEST_FILNAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pmFromFile xss.txt" \
+# "t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:340154,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 3'"
+
+
+#Always SQL injection cases w/ antievasion
+SecRule REQUEST_URI "(!^/node/add/story)" \
+ "t:replaceComments,chain,id:340155,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL Injection protection'"
+SecRule REQUEST_HEADERS:Cookie "!(utmctr=)" chain
+SecRule ARGS|!ARGS:Db_submit|!ARGS:/^sql/|!ARGS:prev_sql_query|!ARGS:sql_query|ARGS_NAMES|!ARGS_NAMES:table_name|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_COOKIES:utmctr "@pmFromFile sql.txt"
+
+#Always bad SQL injection case w/ antievasion
+#SecRule ARGS|!ARGS:/^fulltext/|!ARGS:message|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+SecRule ARGS|!ARGS:Db_submit|!ARGS:/^fulltext/|!ARGS:prev_sql_query|!ARGS:/^sql/|!ARGS:sql_query|!ARGS:message|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+ "id:340156,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:13,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',logdata:'%{TX.0}'"
+
+#SQL inline command attack
+SecRule REQUEST_URI "!(?:/ubbthreads/ubbthreads\.php|/phpBB3/install/index\.php|/index\.php\?mode=install&sub=create_table$|^/admin/test/examples/txtSQLAdmin/index\.php|^/store/images/)" \
+ "id:340157,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:24,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection',chain"
+SecRule REQUEST_URI|ARGS|!ARGS:comment|!ARGS:body|!ARGS:fulldescr|!ARGS:article_content|!ARGS:text|!ARGS:txt|!ARGS:action|!ARGS:Db_submit|!ARGS:/sql/|!ARGS:saved_data|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:steps|!ARGS:fck_body "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )"
+
+# Rule 340158:
+#XSS in referrer
+SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(?:/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php)" \
+ "id:340158,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS in referrer',chain"
+SecRule REQUEST_HEADERS:REFERER "!(^pagead[0-9]\.googlesyndication\.com/pagead/)" chain
+SecRule REQUEST_HEADERS:REFERER "(?:\' ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|<[[:space:]]*(?:script|about|applet|activex|chrome)*>.*(?:script|about|applet|activex|chrome)[[:space:]]*>|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|exec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|<input|(?:java|live|j)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click|dragdrop|focus|keydown|move|resize|submit|unload|key(?:press|up)|load)|onmouse(?:down|move|out|over|up)|script |settimeout|shell:|(?:vb|x-java)script|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)"
+
+#SQL inline command attack with more AE cases
+SecRule REQUEST_URI "!(/ubbthreads/ubbthreads\.php|/install/index\.php|/admin/fetch_data_af\.php\?action=create_txt_file_from_af_table$|/phpmyadmin/tbl_change\.php)" \
+ "id:340159,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:22,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (MM)',chain"
+SecRule ARGS|!ARGS:/descr/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:/sql_query/|!ARGS:/^sql/|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:/^sql_/|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select | cast\b\W*?\(|xecresultset|';DECLARE\b\W*?|;set @)" multiMatch
+
+#Always SQL injection cases w/ antievasion
+SecRule REQUEST_URI "!(/node/add/story)" \
+ "chain,id:340160,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:21,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL Injection protection'"
+SecRule ARGS|!ARGS:/text/|!ARGS:Db_submit|!ARGS:/table/|!ARGS:/^sql/|!ARGS:EXPORTTABLE|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:message|!ARGS:previous_field|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:X-PageView|!ARGS_NAMES:cfg_xsp_password|!ARGS:body|!ARGS:runQuery|!ARGS:field_type[]|!ARGS:/^field_type/|!ARGS:/^fieldtype_/|!ARGS:wpTextbox1 "@pmFromFile sql.txt" "t:base64Decode,t:hexDecode,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,multimatch"
+
+#Simple Image file enforcement rules for PHP args that include images
+#advanced analysis occurs thru the scanner
+SecRule REQUEST_URI "!(^/products/product_view_newrel\.php\?image=product_image$|/image-details\.php\?image=|/photocart/index\.php\?image=[0-9]+|^/image\.page\.php\?image=[0-9].*\||/cms/index\.php\?image=docs$)" \
+ "chain,id:340161,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:25,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection protection for Image ARGS (S)'"
+SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&))" chain
+SecRule ARGS:vthumb|ARGS:imagen|ARGS:imgfile|ARGS:imageFile|ARGS:ppicture|ARGS:featured2-image|ARGS:ARGS:featured1-image|ARGS:premiumnews_banner_image|ARGS:defaultImage|ARGS:pagearBigImg|ARGS:image|ARGS:mainimage|ARGS:bg_image|ARGS:team[logo]|ARGS:userpicpersonal|ARGS:iconnew|ARGS:img_src|ARGS:vthumb|ARGS:ViewState[LargeImage]|ARGS:ViewState[SmallImage] "!(\.(?:gif|jpe?g|png|bmp|wct|pdf)|^docs$|^http://$|^[0-9]+\|?|^$|^true$|^false$|^product_image/$)"
+
+# Rule 340162: Generic PHP code injection protection in URI w/ anti-evasion
+SecRule REQUEST_FILENAME|REQUEST_URI "!(/[a-z0-9]+\.html\?&L=http:/|/mirrors/startdl/.*\?path=http:/|/wp-content/themes/indomagz_2/thumb.php?src=http|/pl/download\?file=http|/index\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedia|$/mysqldumper/dump\.php^|(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=http|^/xmlrpc\.php$|^/go\.php\?u=affilorama&t=http://|/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http://|/ubbthreads/ubbthreads\.php|/wimpy\.php\?action=serveMP3&theFile=http://|/lg\.php\?bannerid=.*&amp;campaignid=.*loc=http://|\?mode=addshout|\?feed=http://|/joomla15_2/administrator/index\.php|/wp-admin/(page|post|widgets|link|options)\.php|/batch\.html\.php\?code=http|/media-upload\.php|/admin-ajax\.php|/administrator/index2?\.php|/mt-(upgrade|wizard)\.cgi\?|/email-a-friend\.php|/cgi-bin/PManage/pmanage\.cgi|ubbthreads/admin/dofeatures\.php|cgi-bin/(?:inforx|wwiinfo|mvforms)\.(?:pl|cgi)|/admin/(?:edittemplate|webpage_update)\.php|/(?:signup|cpinquiry|profile)\.php|/catalog/secure_admin/categories\.php|plugins/unique_articles/add_article\.php|/images/banners/.*\.swf\?.*url=http://|/frame\.aspx\?u=http://|/index\.php\?sc=track&action=.*&cur=http://|/mynav\?right_frame=http://|/phpBB/install/install\.php|/count\.asp\?w=.*&r=http://)" \
+ "capture,id:340162,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:166,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:/site/|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/!ARGS:/webseite/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:cmessage|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:/web/|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:img|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:ccb_newmessage|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:V_feed_email|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:img_alt|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:form_img|!ARGS:loc|!ARGS:/^description/|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:descripcion|!ARGS:body_html|!ARGS:txtSignature|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:notice_message|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:req_message|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:your-message|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:imgfile|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:openid.return_to|!ARGS:emailmessage|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:emessage|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:autoresp_message|!ARGS:babynaam|!ARGS:visitormessage|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:welcome_message|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:commontemplate[header]|!ARGS:uri|!ARGS:wp_home|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:/^message/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:reply_message|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:/^PLUGIN_FEED/|!ARGS:user_sig|!ARGS:news_message|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:footmessage|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:messagebody|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:img_src|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wpTextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:team[logo]|!ARGS:helpbox|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:message|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:html_message|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:tj_message|!ARGS:cc_message|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+# Rule 340163: Generic PHP code injection protection in URI w/ anti-evasion and multimatch
+SecRule REQUEST_FILENAME|REQUEST_URI "!(/[a-z0-9]+\.html\?&L=http:/|/mirrors/startdl/.*\?path=http:/|/wp-content/themes/indomagz_2/thumb.php?src=http|/pl/download\?file=http|/index\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedia|^/mysqldumper/dump\.php$|(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=http|^/xmlrpc\.php$|^/__utm.gif\?|^/go\.php\?u=affilorama&t=http://|/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http://|/ubbthreads/ubbthreads\.php|/plugin_jw_allvideos/jw_allvideos_player\.swf\?file=http://|/wimpy\.php\?action=serveMP3&theFile=http://|/lg\.php\?bannerid=.*&amp;campaignid=.*loc=http://|\?mode=addshout|\?feed=http://|/joomla15_2/administrator/index\.php|/wp-admin/(page|post|widgets|link|options)\.php|/batch\.html\.php\?code=http|/media-upload\.php|/admin-ajax\.php|/administrator/index2?\.php|/mt-(upgrade|wizard)\.cgi\?|/email-a-friend\.php|/cgi-bin/PManage/pmanage\.cgi|ubbthreads/admin/dofeatures\.php|cgi-bin/(?:inforx|wwiinfo|mvforms)\.(?:pl|cgi)|/admin/(?:edittemplate|webpage_update)\.php|/(?:cpinquiry|signup|profile)\.php|/catalog/secure_admin/categories\.php|plugins/unique_articles/add_article\.php|/images/banners/.*\.swf\?.*url=http://|/frame\.aspx\?u=http://|/index\.php\?sc=track&action=.*&cur=http://|/mynav\?right_frame=http://|/phpBB/install/install\.php|/count\.asp\?w=.*&r=http://|/index\.php\?option=com_content&view=article&id=.*http:/)" \
+ "capture,id:340163,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:166,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:/site/|!ARGS:source_location/!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/webseite/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:clickTag1|!ARGS:rf|!ARGS:web|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:img|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:img_alt|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:form_img|!ARGS:loc|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/^topic_content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:body_html|!ARGS:txtSignature|!ARGS:wpUploadDescription|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:webpath|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:email_forward|!ARGS:bannercode|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:newDesc|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:newwebpath|!ARGS:ima|!ARGS:imgfile|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:Direccionsitioweb|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:ud_web|!ARGS:openid.return_to|!ARGS:definition|!ARGS:emailmessage|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:emessage|!ARGS:new_tng_path|!ARGS:autoresp_message|!ARGS:babynaam|!ARGS:visitormessage|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:welcome_message|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:commontemplate[header]|!ARGS:wp_home|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^message/|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:webcam|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:reply_message|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/webaddress/|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:/^PLUGIN_FEED/|!ARGS:user_sig|!ARGS:news_message|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:messagebody|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:web_site|!ARGS:img_src|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:agendWebPage|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wpTextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:message|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:data[Label][website]|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:webeditor1|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:user_website|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:html_message|!ARGS:userDetails[web_address]|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:web_address|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:tj_message|!ARGS:cc_message|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:x_website|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,chain"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+#SQL Injection cases
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/text/|!ARGS:pass|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?: cast\b\W*?\(|xecresultset|;DECLARE\b\W*?)" \
+ "id:340164,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Injection Attack'"
+
+#SQL Injection cases
+SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_COOKIES:utmctr "(?:cast\b\W*?\(|xecresultset|';DECLARE\b\W*?)" \
+ "id:340165,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Injection Attack'"
+
+#
+# Rule 340011:
+#slightly tighter rules with narrower focus
+SecRule REQUEST_URI|REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \
+ "id:340011,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'"
+
+# Rule 340005: Code injection via content length
+SecRule REQUEST_HEADERS:Content-Length "\;(?:system|passthru|exec)\(" \
+ "id:340005,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Code Injection in Content-Length header'"
+
+# Rule 340010:
+#Generic PHP exploit signatures
+SecRule REQUEST_BODY|REQUEST_URI "<\?php (?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \
+ "id:340010,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'"
+
+# Rule 340011:
+#Generic PHP exploit signatures
+SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \
+ "id:340011,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'"
+
+
+# Rule 380000: phpbb Session Cookie
+SecRule REQUEST_COOKIES:sessionid|REQUEST_URI|ARGS|REQUEST_BODY "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D" \
+ "id:380000,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380002: schema overflow attempt
+SecRule REQUEST_URI|ARGS|REQUEST_BODY "\|3A\|///^[^\/]{14,}?\x3a\/\/" \
+ "id:380002,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380003: HappyMall Command Execution member_html.cgi
+SecRule REQUEST_URI "member_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" \
+ "id:380003,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380004: HappyMall Command Execution normal_html.cgi
+SecRule REQUEST_URI "normal_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" \
+ "id:380004,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380005: phpBB Remote Code Execution Attempt
+SecRule REQUEST_URI "viewtopic\.php\?" \
+ "id:380005,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack',chain"
+SecRule ARGS:highlight "(\'|\%[a-f0-9]{4})(\.|\/|\\|\%[a-f0-9]{4}).+?(\'|\%[a-f0-9]{4})"
+
+# Rule 380006: XSS generic sig
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:message|!ARGS:text|!ARGS:filecontent "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" \
+ "id:380006,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS Generic attack'"
+
+# Rule 380007: generic SQL injection sigs using PCRE
+SecRule REQUEST_URI "!(/immagini/)" \
+ "chain,id:380007,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Inject Generic signature'"
+SecRule REQUEST_URI|ARGS|REQUEST_BODY "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52).*!(\.(jpe?g|png|bmp|gif|mpe?g|avi|wmv|ico)$)" \
+
+#PDF XSS attack 1
+#SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|!ARGS:message|!ARGS:/text/ "(?:ogg|gopher|zlib|(?:ht|f)tps?):\/\/[\w\.]+?\/.*?\.pdf\b[^\x0d\x0a]*#" \
+# "capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PDF XSS attack 1',id:'380011',rev:6,severity:'2'"
+#PDF XSS attack 2
+SecRule REQUEST_HEADERS|XML:/*|!ARGS:/^products_description/|ARGS:introtext|!ARGS:/^message/|!ARGS:fulldescr|!ARGS:/^data/|!ARGS:introtext "(?:ogg|gopher|zlib|(?:ht|f)tps?):\/\/[\w\.]+?\/.*?\.pdf\b[^\x0d\x0a]*#" \
+ "chain,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PDF XSS attack 2',id:'380012',rev:4,severity:'2'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+#prevents exposure of ASL config files on customer machine
+SecRule RESPONSE_BODY "---ASL-CONFIG-FILE---" \
+ "phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: ASL Configuration Leak Prevented',id:'380013',severity:'2',rev:1"
+
+#prevents leakage of web application source code
+#SecRule RESPONSE_BODY "((?:\b(?:(?:s(?:erver\.(?:(?:(?:htm|ur)lencod|execut)e|createobject|mappath)|cripting\.filesystemobject)|(?:response\.(?:binary)?writ|vbscript\.encod)e|wscript\.(?:network|shell))\b|javax\.servlet)|\.(?:(?:(?:createtex|ge)t|loadfrom)file|addheader)\b|<jsp:)|(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\$_(?:(?:pos|ge)t|session))\b)" \
+# "phase:4,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Web Application Source code leakage prevented',id:'380014',severity:'4'"
+#
+#
+
+#duplicate argument polution detection
+#must be tuned to the application
+#SecRule ARGS_NAMES ".*" "chain,phase:2,t:none,nolog,pass,capture,setvar:'tx.%{matched_var_name}=+1'"
+#SecRule TX:/ARGS_NAMES:*/ "@gt 1" "setvar:tx.http_parameter_pollution=%{matched_var_name}"
+
+#SecRule TX:HTTP_PARAMETER_POLLUTION ".*" "phase:2,t:none,log,pass,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Suspicious Behavior: Multiple Parameters with the same Name.',logdata:'%{matched_var}'"
+#
+
+#Possible command injection attack
+SecRule ARGS "` ?`.*\+ ?\".*` ?`" \
+ "capture,t:urlDecodeUni,t:base64Decode,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,multimatch,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Possible Command Injection Attack',id:'380014',rev:1,severity:'2'"
+SecRule ARGS "` ?`.*\+ ?\".*` ?`" \
+ "capture,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Possible Command Injection Attack',id:'380015',rev:1,severity:'2'"
+
+# SSI injection
+#
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)" \
+ "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SSI injection Attack',id:'380016',logdata:'%{TX.0}',severity:'2'"
+SecRule REQUEST_HEADERS|XML:/* "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)" \
+ "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SSI injection Attack',id:'380017',logdata:'%{TX.0}',severity:'2'"
+
+#special exclusions for this rule file
+<LocationMatch /modules.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340463,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340462,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+
+<LocationMatch /admin.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/referrer/|!ARGS:/^gbu0_/|!ARGS:/website/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_image|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:icon|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:/comments/|!ARGS:email|!ARGS:enlace_video|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:sfhome|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:cforms_action_page|!ARGS:ecards_more_pic_target|!ARGS:message|!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/url/|!ARGS:/page/|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:/referer/|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/image_path/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340464,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (admin.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/referrer/|!ARGS:/^gbu0_/|!ARGS:/website/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_image|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:icon|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:email|!ARGS:enlace_video|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:ecards_more_pic_target|!ARGS:cforms_action_page|!ARGS:message/!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/page/|!ARGS:/url/|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:/referer/|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:/comments/|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sfhome|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/image_path/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340465,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (admin.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cpinquiry.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340466,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340467,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /admin/area/save-page.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340468,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (save-page.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340469,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (save-page.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /cgi-bin/guestbook.pl>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340470,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340471,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /modules/wysiwyg/save.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340472,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340473,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /cgi-bin/blog/mt.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340474,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340475,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /admin/index.php>
+ SecRuleRemoveById 340157
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:comments "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:340457,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/admin/index.php exclude)'"
+SecRule ARGS|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:Exlink|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:/page/|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:code|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340476,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:Exlink|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:/page/|!ARGS:code|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340477,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /forums/admincp/user.php>
+ SecRuleRemoveById 340147
+ SecRuleRemoveById 340148
+ SecRuleRemoveById 340149
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340478,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340479,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forum/admincp/user.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340480,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340481,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forum/admincp/template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340482,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340483,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /contact.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:homepage|!ARGS:field4|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340484,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (contact.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340485,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (contact.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /admin/conf.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340486,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340487,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/posted/edit_listing.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340488,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340489,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forums/private.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340490,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340491,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forums/newreply.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340144
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340492,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340493,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+# Rule 340444: Generic SQL sigs
+ SecRule ARGS|!ARGS:message "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340444,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/forums/newreply.php)'"
+</LocationMatch>
+<LocationMatch /frontend3/admin/area/add-edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340494,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340495,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /links.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340496,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/links.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340497,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/links.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forums/newreply.php>
+ SecRuleRemoveById 340156
+#Always bad SQL injection case w/ antievasion
+SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS:message "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+ "id:340498,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:7,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/forums/newreply.php)',logdata:'%{TX.0}'"
+</LocationMatch>
+<LocationMatch /wysiwyg-edit>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340499,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340500,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /forums/bb-login.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:re|!ARGS:_wp_http_referer \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340501,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/bb-login.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:re|!ARGS:_wp_http_referer \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340502,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/bb-login.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/mt4/mt-comments.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340503,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340504,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ubbthreads/admin/dogen_display.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340505,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340506,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/dada/mail.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:location|!ARGS:physical_address|!ARGS:text_message_body \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340507,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/dada/mail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:location|!ARGS:physical_address|!ARGS:text_message_body \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340508,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/dada/mail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modernbill5/app-modernbill-admin/clients.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:emailBody \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340509,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:emailBody \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340510,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/database/dbpro.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:admin_email_text \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340511,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:admin_email_text \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340512,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /calendar/install/index.php>
+ SecRuleRemoveById 340157
+ SecRuleRemoveById 340159
+#SQL inline command attack
+SecRule REQUEST_URI|ARGS|!ARGS:saved_data "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:344513,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/calendar/install/index.php)'"
+#SQL inline command attack with more AE cases
+SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:saved_data "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:344514,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/calendar/install/index.php)',multimatch"
+#
+</LocationMatch>
+<LocationMatch /admin/patch.php>
+ SecRuleRemoveById 340144
+ SecRuleRemoveById 340157
+SecRule ARGS|!ARGS:patch_query "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+"id:340515,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/admin/patch.php)'"
+SecRule REQUEST_URI|ARGS|!ARGS:patch_query "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:344516,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/admin/patch.php)'"
+</LocationMatch>
+<LocationMatch /images/logdnet.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:a|!ARGS:u \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340517,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:a|!ARGS:u \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340518,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /contact_form.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340519,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340520,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /forum/register.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340521,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340522,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /manager/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:text_2|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:/page/|!ARGS:ta|!ARGS:post \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340523,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:text_2|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:/page/|!ARGS:ta|!ARGS:post \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340524,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/class/class_add.pl >
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340525,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340526,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /insert_image>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:DirName "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340527,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/insert_image)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:DirName "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340528,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/insert_uimage)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /administration/news.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340529,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /administration/news.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340530,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/administration/news.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/editor.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340531,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340532,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-sys/FormMail.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340533,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340544,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /frame.aspx>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340545,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340546,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /spaw/gethref.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340547,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340548,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/mt/mt.fcgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340549,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340550,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/google_cse/google_cse.js>
+ SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /runmodule.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340551,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340552,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/frame.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:pagina "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340553,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340554,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /videos/install>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:sitefolder "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340555,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/videos/install)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:sitefolder "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340556,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/videos/install)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /support/staff/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/contents/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340557,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/contents/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340558,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/procform.pl>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340559,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340560,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/editcontent.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^content_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340561,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^content_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340562,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /html2rss/rss.aspx>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:U "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340563,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:U "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340564,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /winnder_step2.1.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:rules|!ARGS:terms "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340565,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:rules|!ARGS:terms "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340566,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /contact/website.php >
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:txtComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340567,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:txtComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340568,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wbb/acp/template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340569,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340570,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /sregister2-p.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:skills "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:346144,rev:12,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/sregister2-p.php)'"
+</LocationMatch>
+<LocationMatch /Board/posting.php>
+ SecRuleRemoveById 340156
+SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring] "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+ "id:344156,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/Board/posting.php)',logdata:'%{TX.0}'"
+</LocationMatch>
+<LocationMatch /phpmysupport/trackerimage.php>
+ SecRuleRemoveById 340026
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:base "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340571,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:base "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340572,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /livehelp/chat.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:dep "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340573,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/livehelp/chat.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:dep "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340574,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/livehelp/chat.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/mod_dgm-news_ultra/img/phpThumb.php>
+ SecRuleRemoveById 340006
+SecRule REQUEST_URI|ARGS|!ARGS:src "(?:\.\./\.\./)" \
+ "t:normalisePath,id:346006,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS (/modules/mod_dgm-news_ultra/img/phpThumb.php)'"
+</LocationMatch>
+<LocationMatch /wp-admin/edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340575,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340576,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /egroupware/etemplate/process_exec.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340577,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340578,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install.php>
+ SecRuleRemoveById 341057
+ SecRuleRemoveById 340144
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:file|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340712,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'"
+SecRule ARGS|!ARGS:hos|!ARGS:wp_home|!ARGS:domain_in|!ARGS:ftpPath|!ARGS:f_license|!ARGS:f_site|!ARGS:/txt/|!ARGS:/text/|!ARGS:/uri/|!ARGS:/url/|!ARGS:site_addr|!ARGS:uusDatabaseHost|!ARGS:DB_SERVER|!ARGS:BosClassifiedsDatabaseHost|!ARGS:/url/|!ARGS:upload_dir|!ARGS:ftp_server|!ARGS:/WWW/|!ARGS:config|!ARGS:/http/|!ARGS:cptpl_dir|!ARGS:dbhost "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340579,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:hos|!ARGS:wp_home|!ARGS:domain_in|!ARGS:ftpPath|!ARGS:f_license|!ARGS:f_site|!ARGS:/txt/|!ARGS:/text/|!ARGS:/uri/|!ARGS:/url/|!ARGS:site_addr|!ARGS:uusDatabaseHost|!ARGS:DB_SERVER|!ARGS:BosClassifiedsDatabaseHost|!ARGS:/url/|!ARGS:upload_dir|!ARGS:ftp_server|!ARGS:/WWW/|!ARGS:config|!ARGS:/http/|!ARGS:cptpl_dir|!ARGS:dbhost "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340580,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /acollab/install/install.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:upload_dir "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340581,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:upload_dir "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340582,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /includes/popup.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:z "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340583,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:z "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340584,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/cgiemail/testform.txt>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:success "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340585,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:success "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340586,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ubbthreads/admin/doeditboard.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340587,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340588,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /anyinventory/admin/item_processor.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:pictureremote "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340589,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:pictureremote "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340590,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser.html>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340591,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340592,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/mod_shoutbox.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340592,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340593,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/options-general.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/page/|!ARGS:/address/|!ARGS:/url/|!ARGS:/^sm_pages_ur/|!ARGS:/^campaign_feed/|!ARGS:/^IMConfig/|!ARGS:/url/|!ARGS:ddsg_xml_path|!ARGS:sm_b_style|!ARGS:regplus_login_redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,id:340594,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/page/|!ARGS:/address/|!ARGS:/url/|!ARGS:/^sm_pages_ur/|!ARGS:/^campaign_feed/|!ARGS:/^IMConfig/!ARGS:/url/|!ARGS:ddsg_xml_path|!ARGS:sm_b_style|!ARGS:regplus_login_redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340595,rev:7,severity:4,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modernbill/app-modernbill-admin/configs.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340596,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340597,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/formmail.pl>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340598,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340599,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /mainsettings.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340600,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340601,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /site.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:dict "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340602,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:dict "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340603,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/ciadmin.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340604,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340605,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /vb/admincp/template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:searchstring|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340605,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:searchstring|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340606,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /category.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:desc|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340607,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:desc|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340608,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/newbbex/post.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340609,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340610,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/mb/index2.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340611,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340612,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cerberus/parser.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340613,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340614,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /imp/expand.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340615,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340616,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /livehelp/mastersettings.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340617,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340618,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /manager/edit_template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340619,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340620,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /clip/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:route_to "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340621,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:route_to "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340622,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/moduleinterface.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/template/|!ARGS:m1_subscribe_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340623,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/template/|!ARGS:m1_subscribe_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340624,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cpanel/saveType.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:embed "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340625,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:embed "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340626,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/basic_settings.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:custom_promo_code "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340627,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:custom_promo_code "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340628,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/site_setup.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340629,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340630,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /syssite/shopadmin/core.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340631,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340632,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /system/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340633,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340634,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /Mailer/TrueFM.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340635,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340636,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ummmanager.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:login "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340637,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:login "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340638,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/step6.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^site_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340639,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^site_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340640,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /homeCounter.php>
+ SecRuleRemoveById 340024
+ SecRuleRemoveById 340028
+ SecRuleRemoveById 340151
+</LocationMatch>
+<LocationMatch /admincp/options.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340641,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340641,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /media/hochron.html>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:MemberSelectList "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340643,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:MemberSelectList "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340644,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/settings/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340645,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340646,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cmspopouts/shortcuts.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:target_title "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340647,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:target_title "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340648,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /manufacturers_edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^edit/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340649,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^edit/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340650,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/contactmanage.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:response "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340651,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:response "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340652,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /giftcert.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:recipient_address "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340653,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:recipient_address "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340654,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /pages/news.htm>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:store "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340655,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:store "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340656,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /bb-login.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:re "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340657,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:re "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340658,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /adview.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:target1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340659,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:target1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340660,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ajCart/cart.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:CARTDIR "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340661,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:CARTDIR "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /index.php/install/-/configure>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:DIR_REL "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340661,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:DIR_REL "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /store/zc_install/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /admin_config.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:pagename "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340663,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:pagename "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340664,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cutenews/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340665,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340666,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /data/nanoadmin.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340667,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340668,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /auctions/rsstml.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:XML "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340669,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:XML "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340670,chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/util.php>
+ SecRuleRemoveById 340157
+</LocationMatch>
+<LocationMatch /wp-admin/theme-editor.php>
+ SecRuleRemoveById 340006
+SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors)" \
+ "chain,t:normalisePath,id:340671,rev:19,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS', chain"
+SecRule REQUEST_URI|ARGS|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:newcontent "(?:\.\./\.\./|\.\|\./\.\|\./\.\|)"
+</LocationMatch>
+<LocationMatch /egroupware/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340672,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /lclaccounts/setup/config.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340672,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/post_property.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:map|!ARGS:photo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340674,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:map|!ARGS:photo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340675,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /filemanager/browser/default/browser.html>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340676,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340677,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin.mvc>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340678,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340679,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /delivery/ck.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340680,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340681,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /proxy/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340682,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340683,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch ^/imp>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:message|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340684,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:message|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340685,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch modules/mod_wowstatus/wowserverstatus.php>
+ SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /ucp.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340686,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340687,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /shopping/search.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340688,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340689,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /app-modernbill-admin/configs.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340690,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340691,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cidevents/install/index.php>
+ SecRuleRemoveById 340157
+ SecRuleRemoveById 340159
+</LocationMatch>
+<LocationMatch /sysadminarea.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340692,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340693,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /download.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:file|!ARGS:referer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340694,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:file|!ARGS:referer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340695,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /net2ftp_installer.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:package "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340696,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:package "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340697,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /mediaplayer.swf>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340698,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340699,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /adm-misc.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340700,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340701,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /piwik/piwik.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340702,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340703,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/file_edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340704,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340705,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/plugin-editor.php>
+SecRuleRemoveById 380006
+</LocationMatch>
+<LocationMatch /fplayer.swf>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340706,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340707,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+
+<LocationMatch /mailer/images.php>
+SecRuleRemoveById 340084
+</LocationMatch>
+<LocationMatch /mailer/redir.php>
+SecRuleRemoveById 340084
+</LocationMatch>
+<LocationMatch /store/admin/sqlpatch.php>
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /cgi-bin/cart.cgi>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340708,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340709,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /typo3/tce_file.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340710,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340711,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /writeToSFDC.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340712,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340713,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/nmanage.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340714,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340715,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /login.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340716,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340717,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /amember/admin/email.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340718,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340719,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /webinstall.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340720,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340721,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /pap.swf>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340722,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340723,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fckeditor.html>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340724,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340725,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /editcontent.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /timthumb.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340726,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340727,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /upload.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src|!ARGS:filepath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340728,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src|!ARGS:filepath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340729,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /idevaffiliate/admin/setup.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340730,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340731,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/index.php>
+SecRuleRemoveById 340159
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /tbl_select.php>
+SecRuleRemoveById 340159
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /movieonline.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340732,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340733,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /listings/client.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340734,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340735,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /test_index.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340736,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340737,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /recommend.cgi>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340738,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340739,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /goodsCounter.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340151
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340740,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340741,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fla_video.swf>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /admin/admin_board.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340742,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340743,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /search_results.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340744,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340745,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-content/plugins/wordtube/lib/statistic.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340746,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340747,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /paadmin/categories.php>
+SecRuleRemoveById 380011
+</LocationMatch>
+<LocationMatch /typo3/alt_clickmenu.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /get.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /wp-admin/admin-ajax.php>
+SecRuleRemoveById 340007
+SecRule REQUEST_URI|ARGS|!ARGS:content "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \
+ "t:none,t:lowercase,id:340748,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+</LocationMatch>
+<LocationMatch /administrator/index.php>
+SecRuleRemoveById 380011
+SecRuleRemoveById 380012
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+SecRuleRemoveById 380011
+SecRuleRemoveById 380012
+SecRuleRemoveById 340159
+SecRuleRemoveById 340151
+SecRule ARGS|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:/sql_query/|!ARGS:/^sql/|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:/^sql_/|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |cast\b\W*?\(|xecresultset|';DECLARE\b\W*?|;set @)" \
+ "multiMatch,id:340808,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (MM)'"
+SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \
+ "chain,t:none,t:lowercase,id:340794,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+SecRule REQUEST_URI|ARGS|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"
+
+</LocationMatch>
+<LocationMatch /req.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340026
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407449,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340750,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/news/news.cgi>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340026
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407451,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340752,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/themes.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407453,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340754,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /edit-item.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /removed.php>
+SecRuleRemoveById 340084
+</LocationMatch>
+<LocationMatch /ezGctrlpanel.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:pthanks "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407455,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:pthanks "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340756,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /magazine/index.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407457,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340758,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fckeditor/editor/filemanager/browser/default/browser.html>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /track.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407459,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340760,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /flashgallery.php>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /phpmyadmin/tbl_change.php>
+SecRuleRemoveById 340157
+</LocationMatch>
+<LocationMatch /req.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340761,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340762,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/patch.php>
+SecRuleRemoveById 340157
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /etc/reality-info.css>
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /typo3/alt_doc.php>
+SecRuleRemoveById 380011
+</LocationMatch>
+<LocationMatch /product_modify.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,id:340763,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340764,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /fix.swf>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340765,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340766,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /typo3/alt_mod_frameset.php>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /cnf_config.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340767,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340768,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /classes/crop_image.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /members/create_listing.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /livesupport/install/dbperform.php>
+SecRuleRemoveById 340144
+SecRuleRemoveById 340155
+</LocationMatch>
+<LocationMatch /st/out.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340769,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340770,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /db_sql.php>
+SecRuleRemoveById 340144
+SecRuleRemoveById 340155
+</LocationMatch>
+<LocationMatch /catch.php >
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340771,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340772,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/index.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/web/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:docroot|!ARGS:server_protocol "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340773,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/web/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:docroot|!ARGS:server_protocol "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340774,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/languages.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340775,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340776,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /slideshow/admin/p.php>
+SecRuleRemoveById 340151
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340776,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340778,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/theme-editor.php>
+SecRuleRemoveById 341045
+SecRule ARGS|!ARGS:newcontent|!ARGS:khxc_incphp--filename|!ARGS:file_contents|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]]1|(?:or 1=1|'.+)--')" \
+ "id:340777,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'"
+</LocationMatch>
+<LocationMatch /components/com_oziogallery/preview.swf>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340779,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340780,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fla_music.swf>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /mickadmincp/user.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340781,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340782,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/tools.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^mban/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340783,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^mban/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340784,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /includes/c0ntaktu3.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340785,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340786,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /formmail.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340787,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340788,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /free.cgi>
+SecRuleRemoveById 340018
+</LocationMatch>
+<LocationMatch /wp-content/plugins/wp-postratings/postratings-admin-ajax.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+ SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:task|!ARGS:q "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+"id:340544,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
+ SecRuleRemoveById 380006
+ SecRuleRemoveById 380011
+SecRule ARGS|!ARGS:task "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+"id:340544,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:message|!ARGS:text "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" \
+ "id:380006,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS Generic attack'"
+SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \
+ "chain,t:none,t:lowercase,id:340789,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:videoplayer|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"
+</LocationMatch>
+<LocationMatch /search.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340026
+SecRule ARGS|!ARGS:search_keywords|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340790,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:search_keywords|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340791,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /online/index.php >
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340792,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340793,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /contenido/main.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:output "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340795,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+SecRuleRemoveById 340007
+SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \
+ "t:none,t:lowercase,id:340796,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+</LocationMatch>
+<LocationMatch /imageresize.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /taguchitest.php>
+SecRuleRemoveById 340022
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340797,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340798,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /forums/modcp/moderate.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:/text/|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340799,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+</LocationMatch>
+<LocationMatch /odp/index.php>
+SecRuleRemoveById 380007
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:c "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52)" \
+ "id:340800,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Inject Generic signature'"
+</LocationMatch>
+<LocationMatch /Yanner.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /pluskernel/settings.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340801,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340802,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /sql_error.php>
+SecRuleRemoveById 340145
+</LocationMatch>
+<LocationMatch /login-register.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340803,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340804,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /lecture.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340805,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340806,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /response.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340807,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340808,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /edit_css.ph>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /modules/mod_oneononechat/phpfunctions.php>
+SecRuleRemoveById 340149
+SecRuleRemoveById 340148
+</LocationMatch>
+<LocationMatch /sql/fileman2.php>
+SecRuleRemoveById 340007
+SecRule REQUEST_URI|ARGS|!ARGS:dir|!ARGS:/txt/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \
+ "t:none,t:lowercase,id:340810,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+</LocationMatch>
+<LocationMatch /wp-content/plugins/simple-popup-images/popup.php>
+SecRuleRemoveById 340026
+</LocationMatch>
+<LocationMatch /design/swapimages_onmousemove.js>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /edit_image>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340811,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340812,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /server.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340813,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340814,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /php/compress.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /tbl_replace.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340157
+</LocationMatch>
+<LocationMatch wp-content/themes/bobv2/dax.swf>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-admin/plugin-install.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340815,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340816,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+</LocationMatch>
+<LocationMatch /sitemap/index.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule ARGS|!ARGS:errmsg "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340817,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tbl_row_action.php>
+SecRuleRemoveById 340157
+SecRuleRemoveById 340159
+</LocationMatch>
+<LocationMatch /adserver/www/delivery/lg.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tiny_mce/themes/advanced/source_editor.htm>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /administrator/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /forums/admincp/automediaembed_admin.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /admin.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-comments-post.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /imp/compose.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cgi-bin/database/admin.pl>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340818,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340819,rev:20,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+# XSS injection
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340820,rev:17,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+</LocationMatch>
+<LocationMatch /cynghrair/change.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /forums/admincp/user.php>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /src/compose.php>
+SecRuleRemoveById 340147
+</LocationMatch>
+<LocationMatch /adm_noticies.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /plugins/ctrt/index.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340821,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340822,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+# XSS injection
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /blog/wp-admin/options-general.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install1.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-admin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-admin/themes.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincp/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincp/css.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /modules/upl/wc/CSXML.php>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /onmouseover.js>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /provider/product_modify.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincp/vbacmps_install.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /manage/bios/edit/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cgi-bin/cp-admin.cgi>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /_admin/>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /siteadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cmsadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /administrator/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /forumadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /management/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /manager/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /edit_product>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /rssadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /order/input.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/page/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:/^B/|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^B/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340824,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /ftp/index.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:state|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340825,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+</LocationMatch>
+<LocationMatch /editField.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin1/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /edit/index.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /ticketreply.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tiny_mce/plugins/advlink/link.htm>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /webadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /front_content.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/main/>
+SecRuleRemoveById 340017
+</LocationMatch>
+<LocationMatch /install/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /FormMail.conf>
+SecRuleRemoveById 340017
+SecRule ARGS|!ARGS:CompanyType|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?:insert into values|select from [a-z|A-Z|0-9]|bulk insert|union select|convert \(.*from)" \
+ "id:340826,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection in ARGS'"
+</LocationMatch>
+<LocationMatch /Wizard/Pages>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/email.php>
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /dict.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340827,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340828,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+</LocationMatch>
+<LocationMatch /webadmin.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /admin/>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /ntunnel_mysql.ph>
+SecRuleRemoveById 340144
+</LocationMatch>
+<LocationMatch /planner.php>
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340829,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340830,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+</LocationMatch>
+<LocationMatch /phpThumb/phpThumb.php>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /facebook/>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /install2.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /stream/index.php>
+SecRuleRemoveById 340018
+</LocationMatch>
+<LocationMatch /secure.php>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /uplay/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /mapas_admin_edit.php>
+SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340831,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340832,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /projectpier/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /systemadmin/supportkb.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /manage.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin_panel/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /inc/php/img.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/media/>
+SecRuleRemoveById 340164
+</LocationMatch>
+<LocationMatch /wizard_forms.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/content/types/import>
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /administrator/index.php>
+SecRuleRemoveById 340077
+</LocationMatch>
+<LocationMatch /wp-admin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tstemplate/ts/index.php>
+SecRuleRemoveById 340017
+</LocationMatch>
+<LocationMatch /alta.php>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /setup/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/settings.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /projects/csb/ticket/>
+SecRuleRemoveById 340144
+</LocationMatch>
+<LocationMatch /contenido/main.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cgi-bin/dada/mail.cgi>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /orderform/processor.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /cgi-bin/soupermail.pl>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /read_dump.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin_center/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincenter/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /HomeDeveloper.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /bevestiging.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /imagemanager/stream/index.php>
+SecRuleRemoveById 390614
+SecRuleRemoveById 390615
+SecRuleRemoveById 380006
+</LocationMatch>
+<LocationMatch /phpadmin/export.php>
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /privado/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /webform/configure>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /portalcp/vbpoptions.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /thubservice.php >
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /user.php>
+SecRule ARGS|!ARGS:/user/|!ARGS:/pass/!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340833,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/user/|!ARGS:/pass/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340834,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /survey/index.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340835,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340836,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+SecRule REQUEST_URI|ARGS|!ARGS:/move/|!ARGS:embeddump|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340837,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /forum/post.php>
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /crop_auto.php>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340008
+</LocationMatch>
+<LocationMatch /admin/main.php>
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /thumb.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /com_virtuemart/fetchscript.php>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340026
+</LocationMatch>
+<LocationMatch /uploader.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/productadd.php>
+SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340839,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'"
+</LocationMatch>
+<LocationMatch /survey/preview.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340840,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+
+# Rule 340148: XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340841,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+# Rule 340149: XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|!ARGS:embeddump|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340842,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /linkmachine/linkmachine.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /productadd.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340144,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'"
+</LocationMatch>
+<LocationMatch /admint/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /setupCTCForm.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/db.php>
+SecRuleRemoveById 340144
+</LocationMatch>
+<LocationMatch /admin-translate/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>