aboutsummaryrefslogtreecommitdiffstats
path: root/config/apache_mod_security/rules
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@G5.local>2009-10-27 19:29:22 -0400
committerScott Ullrich <sullrich@G5.local>2009-10-27 19:29:22 -0400
commitcefe0accd2b44cacd17c8f35f76dbdac66241a6d (patch)
treef62978454790fe32a367caf1ed9956131c5b06a7 /config/apache_mod_security/rules
parent84c595a7e87439865edc8d77143f7737df4eb720 (diff)
downloadpfsense-packages-cefe0accd2b44cacd17c8f35f76dbdac66241a6d.tar.gz
pfsense-packages-cefe0accd2b44cacd17c8f35f76dbdac66241a6d.tar.bz2
pfsense-packages-cefe0accd2b44cacd17c8f35f76dbdac66241a6d.zip
Adding additional rules from http://www.gotroot.com
Diffstat (limited to 'config/apache_mod_security/rules')
-rw-r--r--config/apache_mod_security/rules/10_asl_rules.conf3637
-rw-r--r--config/apache_mod_security/rules/a_exclude.conf182
-rw-r--r--config/apache_mod_security/rules/blacklist.conf97
-rw-r--r--config/apache_mod_security/rules/default.conf73
-rw-r--r--config/apache_mod_security/rules/jitp.conf4445
-rw-r--r--config/apache_mod_security/rules/recons.conf52
-rw-r--r--config/apache_mod_security/rules/rootkits.conf184
-rw-r--r--config/apache_mod_security/rules/useragents.conf232
8 files changed, 8902 insertions, 0 deletions
diff --git a/config/apache_mod_security/rules/10_asl_rules.conf b/config/apache_mod_security/rules/10_asl_rules.conf
new file mode 100644
index 00000000..06be218d
--- /dev/null
+++ b/config/apache_mod_security/rules/10_asl_rules.conf
@@ -0,0 +1,3637 @@
+# http://www.atomicorp.com/
+# Atomicorp (Gotroot.com) ModSecurity rules
+# Application Security Rules for modsec 2.x
+#
+# Created by Prometheus Global (http://www.prometheus-group.com)
+# Copyright 2005-2009 by Prometheus Global, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Distribution of this work or derivative of this work in any form is
+# prohibited unless prior written permission is obtained from the
+# copyright holder.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+#---ASL-CONFIG-FILE---
+#
+
+SecDefaultAction "log,deny,auditlog,phase:2,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace"
+
+# Rule 340001: Don't accept transfer encodings we know we don't handle
+SecRule REQUEST_HEADERS:Transfer-Encoding "!^$" \
+ "id:340001,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Dis-allowed Transfer Encoding'"
+
+# Rule 340002: deny TRACE method
+SecRule REQUEST_METHOD "trac(?:e|k)" \
+ "phase:1,t:lowercase,id:340002,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: TRACE/TRACK method denied'"
+
+# Rule 340361: deny CONNECT method
+SecRule REQUEST_METHOD "connect" \
+ "phase:1,t:lowercase,id:340361,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: CONNECT method denied'"
+
+#block nulls and invalid characters
+SecRule REQUEST_URI|REQUEST_FILENAME|REQUEST_HEADERS_NAMES|REQUEST_HEADERS|!REQUEST_HEADERS:Referer \
+ "@validateByteRange 1-255" \
+ "phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Invalid character in request or headers',rev:3,id:'390613',severity:'2',t:none,t:urlDecodeUni"
+SecRule ARGS|ARGS_NAMES "@validateByteRange 1-255" \
+ "phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Invalid character in ARGS',rev:1,id:'390614',severity:'2',t:none,t:urlDecodeUni"
+
+#block encoding attacks
+SecRule REQUEST_BODY|REQUEST_URI|XML:/* "\%(?!$|\W|[0-9a-fA-F]{2}|u[0-9a-fA-F]{4})" \
+ "chain,phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: URL Encoding Attack Attempt',rev:1,id:'390615',severity:'4'"
+SecRule REQUEST_BODY|REQUEST_URI|XML:/* "@validateUrlEncoding"
+
+#protocol violation
+SecRule REQUEST_METHOD "^POST$" "chain,rev:2,id:'390616',phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: POST request must have a Content-Length header',severity:'4'"
+SecRule &REQUEST_HEADERS:Content-Length "@eq 0" t:none
+
+#GET or HEAD mascarating as a POST/with body
+SecRule REQUEST_METHOD "^(?:GET|HEAD)$" "chain,phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: GET or HEAD requests with bodies', severity:'2',rev:1,id:'390617'"
+SecRule REQUEST_HEADERS:Content-Length "!^0?$" t:none
+
+SecRule REQUEST_HEADERS:Content-Length "!^\d+$" "phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Content-Length HTTP header is not numeric', severity:'2',rev:1,id:'390618'"
+
+#HTTP smuggling attack
+SecRule REQUEST_HEADERS:'/(Content-Length|Transfer-Encoding)/' "," "phase:2,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: HTTP Smuggling Attack.',id:'390619',rev:1,severity:'1'"
+
+#totally bogus request
+#SecRule REQUEST_LINE "!^(?:(?:[a-z]{3,10}\s+(?:\w{3,7}?://[\w\-\./]*(?::\d+)?)?/[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?|connect (?:\d{1,3}\.){3}\d{1,3}\.?(?::\d+)?|options \*)\s+[\w\./]+|get /[^?#]*(?:\?[^#\s]*)?(?:#[\S]*)?)$" \
+# "t:none,t:lowercase,phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus HTTP Request Line',id:'390620',rev:1,severity:'2'"
+
+#Unicode attack
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie "\%u[fF]{2}[0-9a-fA-F]{2}" \
+ "t:none,phase:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Unicode Width Attack Attempt',id:'390621',rev:2,severity:'4'"
+
+# Rule 340000: Enforce proper HTTP requests
+# GET /robots.txt HTTP/1.0
+# modsecurity does not seem to handle this correctly, its treating spaces
+# as delimiters and assumes the first space indicates the protocol field starts.
+# disabling for now
+#SecRule REQUEST_PROTOCOL "!(?:^|\n|\r)(?:http|HTTP)/(0\.9|1\.[01])$" \
+# "t:none,id:340000,rev:7,severity:1,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bad HTTP Protocol <%{TX.0}>'"
+
+# Rule 34000X: Generic rule for allowed characters, very broken at the moment
+# dont use it unless you can fix it
+#SecRule REQUEST_URI "!^[-a-zA-z0-9\.\+_/\-\?\=]+$" "chain,id:340002,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Restricted HTTP character set'"
+
+
+# Rule 340003: XSS insertion into headers
+SecRule REQUEST_URI "!(modules/tinytinymce/tinymce/jscripts/tiny_mce/utils/validate\.js$)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,chain,id:340003,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS attack in request headers'"
+SecRule REQUEST_HEADERS "(?:<[[:space:]]*(?:script|about|applet|activex|chrome)*>.*(?:script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)"
+
+
+# Rule 340004: Don't accept chunked encodings
+# modsecurity can not look at these, so this is a hole that can bypass your rules,
+# the rule before this oneshould cover this, but hey paranoia is cheap
+SecRule REQUEST_HEADERS:Transfer-Encoding "chunked" \
+ "id:340004,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Chunked Transfer Encoding denied'"
+
+# Rule 340262
+#SecRule REQUEST_HEADERS:Content-Length "!ˆ\d+$" \
+# "id:340262,rev:1,severity:2,msg:’Content-Length HTTP header violation’"
+
+# Rule 340006: generic recursion signatures
+SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors|phpthumb/phpthumb\.php\?src=\.\./\.\./uploads)" \
+ "t:normalisePath,id:340006,rev:29,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS', chain"
+SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|!ARGS:/description/|!ARGS:videoplayer|!ARGS:css_data|!ARGS:/txt/|!ARGS:/text/|!ARGS:body|!ARGS:pagecontent|!ARGS:wysiwyg_input|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:/content/ "(?:\.\./\.\./|\.\|\./\.\|\./\.\|)"
+
+
+#Rule 340007: generic recursion signatures
+SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \
+ "chain,t:none,t:lowercase,id:340007,rev:18,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+SecRule REQUEST_URI|ARGS|!ARGS:obrazek|!ARGS:/txt/|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"
+
+# Rule 340008: generic bogus path sigs
+SecRule REQUEST_URI|REQUEST_HEADERS "/\.{3,}/" \
+ "t:normalisePath,id:340008,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus Path denied'"
+
+# Rule 340009: generic recursion signatures
+SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors|phpthumb/phpthumb\.php\?src=\.\./\.\./uploads|^/etc/[a-z0-9-_]+\.(css|html?|jpe?g|gif|png|te?xt)$|^/\?cx=.*q=)" \
+ "t:normalisePath,id:340009,rev:16,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Protected Path Access denied in URI/ARGS', chain"
+SecRule REQUEST_HEADERS|!REQUEST_HEADERS:X-PageView|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:REFERER|ARGS|!ARGS:/comment/|!ARGS:/content/|!ARGS:/data/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/post/|!ARGS:LiveURLSegment|!ARGS:keywords|!ARGS:/wysiwyg/|!ARGS:/ajax/|!ARGS:/description/|!ARGS:note_title|!ARGS:/^xjxargs/|!ARGS:backPath|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:/body/ "(/etc/|/proc/|/var/tmp/)"
+
+# Rule 340012:
+#Proxy Protection
+#SecRule REQUEST_METHOD "!^(ACL|BASELINE-CONTROL|BCOPY|BDELETE|BIND|BMOVE|BPROPFIND|BPROPPATCH|CHECKIN|CHECKOUT|CONNECT|COPY|DELETE|GET|HEAD|LABEL|LINK|LOCK|MERGE|MKACTIVITY|MKCALENDAR|MKCOL|MKREDIRECTREF|MKWORKSPACE|MOVE|NOTIFY|OPTIONS|ORDERPATCH|PATCH|POLL|POST|PROPFIND|PROPPATCH|PUT|REBIND|REPORT|SEARCH|SUBSCRIBE|TRACE|UNBIND|UNCHECKOUT|UNLINK|UNLOCK|UNSUBSCRIBE|UPDATE|UPDATEREDIRECTREF|VERSION-CONTROL|X-MS-ENUMATTS)$" \
+SecRule REQUEST_METHOD "^CONNECT$" \
+"chain,phase:2,t:none,deny,log,auditlog,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Unauthorized Proxy access attempt',severity:'2',id:'340012',rev:2"
+SecRule REQUEST_URI_RAW "^\w+:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+# Rule 340013:
+#Prevent SQL injection in cookies
+SecRule REQUEST_COOKIES "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" \
+ "t:replaceComments,id:340013,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection in cookie'"
+
+# Rule 340014:
+#Prevent command injection through cookies
+SecRule REQUEST_COOKIES "\; ?cmd ?=" \
+ "id:340014,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: CMD injection'"
+
+# Rule 340015:
+#Prevent SQL injection in UA
+SecRule REQUEST_HEADERS:User-Agent "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"\
+ "t:replaceComments,id:340015,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection in User Agent header'"
+
+# Rule 340016:
+# Generic filter to prevent SQL injection attacks
+# Understand that all SQL filters are very limited and are very difficult
+# to prevent false postives and negatives.
+# Please report false positives/negatives to support@atomicorp.com
+SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=PNphpBB2&file=posting&mode=reply.*|/phpMyAdmin/|/PNphpBB2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/_mmServerScripts/|/node/[0-9]+/edit|/_vti_bin/.*\.exe/)" \
+ "t:replaceComments,chain,id:340016,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'"
+SecRule REQUEST_URI|REQUEST_BODY "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"
+
+
+# Rule 340017:
+#Generic SQL sigs
+#
+SecRule REQUEST_URI "!(?:^/edit_page$|/node/[0-9]+/edit|^/forum/posting\.php|^/admins/wnedit\.php|/alt_doc\.php\?returnUrl=.*edit|^/admin/categories\.php\?cPath=.*|modules\.php\?name=Forums&file=posting&mode=.*|^/joomla/administrator/index2\.php|^/wiki/index\.php?.*action=submit|^/imp/compose\.php|^/horde/imp/compose\.php|ubbthreads\.php|/sql.php|/tbl_(?:change|sql)\.php|/admincp/template\.php\?do=(?:insert|update)template|admin/area/save-page\.php$|^/cgi-bin/cookmail\.exe$|^/catalog/secure_admin/categories\.php\?cPath=)" \
+ "chain,id:340017,rev:44,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection in ARGS'"
+SecRule ARGS|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?:insert into values|select from [a-z|A-Z|0-9]!( and)|bulk insert|union select|convert \(.*from)"
+
+# Rule 340018:
+#Generic command line attack filter
+SecRule REQUEST_URI "!(?:/count\.cgi|^/magento/index\.php/admin/dashboard/|^/images/stories/|^/content/pdf/media/print)" \
+ "chain,id:340018,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic command line attack filter'"
+SecRule REQUEST_URI|REQUEST_BODY|!ARGS:site_first "\|+.*[\x20].*[\x20].*\|"
+
+# Rule 340019:
+#Generic PHP bad functions protection
+#PHP copy() function: http://securitytracker.com/alerts/2006/Apr/1015882.html
+SecRule ARGS "compress\.zlib ?:" \
+ "id:340019,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP bad functions protection'"
+
+# Rule 340020:
+#XSS in referrer and UA headers
+SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php|/tinymce/jscripts/|swf/pageear_[a-z]\.swf\?)" \
+ "id:340020,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS in referrer and UA headers',chain"
+SecRule REQUEST_HEADERS:REFERER "!(pagead[0-9]\.googlesyndication\.com/pagead/|/gills\.swf?txt=<a href= ?asfunction:_root\.launchURL|vbscript.*convert.*&hl=.*client=|convert.*vbscript.*Search|\?_RW_=http|/tinymce/jscripts/|/pageear_[a-z]\.swf)" chain
+SecRule REQUEST_HEADERS:REFERER|REQUEST_HEADERS:User-Agent "(?:<[[:space:]]*(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome)[[:space:]]*>|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\<input|(?:java|live|j)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|keydown|keypress|keyup|load)!(\.)|!\|on(?:mouse(?:down|move|out|over|up|submit)|(?:resize|select!i|unload))|script |settimeout|shell\:|(?:vb|x-java)script|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)"
+
+# Rule 340021: PHP Injection Attack generic signature
+SecRule REQUEST_URI "(!/lightboxjs\.php\?path=http:/)" \
+ "t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,chain,id:340021,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection Attack 1'"
+SecRule REQUEST_URI "\.php" chain
+SecRule REQUEST_URI|REQUEST_BODY "(?:\?(?:(?:LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|path|pathtoroot|cat|pagina|path|include_location|root|page|gorumDir|site|topside|pun_root|open|seite)=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |id|cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./|whoami|killall |rm \-[a-z|A-Z]))"
+
+
+# Rule 340022: PHP Injection Attack generic signature
+SecRule REQUEST_URI "!(/lightboxjs\.php\?path=http://)" \
+ "chain,id:340022,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection Attack 2'"
+SecRule REQUEST_URI "\.php\?(?:(?:(?:LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|pagina|path|pathtoroot|cat|include_location|gorumDir|root|page|site|topside|pun_root|open|seite)=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|.*(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z]))"
+
+
+# Rule 340023: Generic PHP remote file inclusion attack signature
+SecRule REQUEST_URI "\.php\?" \
+ "chain,id:340023,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP remote file inclusion'"
+SecRule REQUEST_URI "(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule REQUEST_URI|REQUEST_BODY "(?:cmd|command)=(?:cd|\;|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname|cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])"
+
+
+# Rule 340026: Generic PHP code injection protection in URI
+SecRule REQUEST_FILENAME|REQUEST_URI "!(^/signup\.php|^/go\.php\?u=affilorama&t=http://|^/cgi-bin/mirror_xml\.php\?bg_image=http://|^/frame\.php\?ref=&from=http://.*&url=.*/$|^/spam/gethref\.php\?img=http://|/gethref\.php\?img=http://|/frame\.php\?.*&from=http://|/lightboxjs\.php\?path=|/wimpy\.swf\?wimpyApp=http|^/opentape/res/jw_player\.swf\?)" \
+ "capture,chain,id:340026,rev:49,severity:2,ctl:auditLogParts=+E,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection attempt in URI',logdata:'%{TX.0}'"
+SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&)).*=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule REQUEST_URI "!(?:/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=)" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:wpu|!ARGS:target|!ARGS:store|!ARGS:txtReturn|!ARGS:eself|!ARGS:dcsref|!ARGS:/link/|!ARGS:page|!ARGS:dcsqry|!ARGS:prev|!ARGS:src|!ARGS:link|!ARGS:avatar|!ARGS:u|!ARGS:Stream|!ARGS:imgfile|!ARGS:CARTDIR|!ARGS:custom_welcome_page|!ARGS:action|!ARGS:image|!ARGS:t|!ARGS:redirect_to|!ARGS:dir|!ARGS:vthumb|!ARGS:pic|!ARGS:path|!ARGS:clickTAG|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:ureferrer|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:redirect|!ARGS:product[media_gallery][images]|!ARGS:loc|!ARGS:backurl|!ARGS:r_uri|!ARGS:oaparams|!ARGS:bg_image|!ARGS:imageFile|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:body|!ARGS:subdir[0] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+# Rule 340027: Genenric PHP body attack
+SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)" \
+ "chain,id:340027,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic php body attack attempt'"
+SecRule REQUEST_BODY "^PHP\:*(?:(?:cd|mkdir)[[:space:]]+(?:/|[A-Z|a-z|0-9]|\.)*|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat)|rexec |smbclient |t?ftp |ncftp |chmod |curl |telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z])"
+
+# Rule 340029: script, perl, etc. code in REQUEST_HEADERS:Referer string
+SecRule REQUEST_HEADERS:Referer "\#\!.*/" \
+ "id:340029,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command in Referer string'"
+
+# Rule 340030: generic command line attack
+SecRule REQUEST_URI|ARGS "\|*id ?\; ?echo*\|" \
+ "id:340030,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command line attack'"
+
+# Rule 340031: remote file inclusion generic attack signature
+SecRule REQUEST_URI "\.(?:dat|gif|jpg|png|bmp|txt|vir|dot)\?" \
+ "chain,id:340031,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote file inclusion'"
+SecRule REQUEST_URI|REQUEST_BODY "(?:(?:pm_path|pagina|path|include_location|root|page|open)=(?:ogg|gopher|zlib|(?:ht|f)tps?)|(?:cmd|command|inc)=)"
+
+# Rule 340035: Bogus file extensions generic signature
+SecRule REQUEST_URI "[A-Za-z0-9]\.(?:gif|jpe?g|png|bmp)\.(?:txt|dat)" \
+ "id:340035,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus file extensions'"
+
+# Rule 340036: PHP remote path attach generic signature
+#SecRule REQUEST_URI "!(?:/cowadmin/editor/.*/editor)" \
+# "id:340036,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Remote path attack',chain"
+#SecRule REQUEST_URI "\.ph(?:p(?:3|4)?).*path=(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/"
+
+# Rule 340037: generic attack sig
+SecRule REQUEST_URI "cd *\;(?:cd|\;|echo|perl |killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(?:download|request|mirror|rget) |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |net(?:stat|cat) |rexec |smbclient |t?ftp |ncftp |curl |telnet |g?cc |cpp |g\+\+ |\./| uname -a|/bin/(xterm|id|bash|sh|echo|kill|chmod|ch?sh|python|perl|nasm|ping|mail|ssh))" \
+ "id:340037,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic command injection'"
+
+# Rule 3400XX: Generic argument protection rule against bad meta characters
+#SecRule "ARGS" "!^[A-Za-z0-9.&/?@_%=:;, -]+$"
+
+# Rule 340039: generic php attack sigs
+SecRule REQUEST_URI "(?:&(?:cmd|command)=(?:id|uname) |cmd\?(?:cmd|command)=|(?:spy|cmd|cmd_out|sh)\.(?:gif|jpg|png|bmp|txt)\?&(?:cmd|command)=|\.php\?&(?:cmd|command)=)" \
+ "id:340039,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP command injection attempt'"
+
+# Rule 340041: WEB-ATTACKS /etc/shadow access
+SecRule REQUEST_URI "/etc/shadow"\
+ "t:normalisePath,id:340041,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /etc/shadow read attempt'"
+
+# Rule 340059: WEB-ATTACKS traceroute command attempt
+SecRule REQUEST_URI "traceroute" \
+ "chain,id:340059,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (traceroute)'"
+SecRule REQUEST_URI " (?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"
+
+
+# Rule 340064: WEB-ATTACKS /etc/inetd.conf access
+SecRule REQUEST_URI "/etc/(?:x?inetd|motd|passwd|shadow)" \
+ "id:340064,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Access attempt (protected file)'"
+
+# Rule 340067: protected file access
+SecRule REQUEST_URI "!(^/amember/admin/setup\.php\?notebook=|^/\?(S|V)|^\?(S|V)).*" \
+ "t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,chain,id:340067,rev:7,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Direct access attempt of protected file'"
+SecRule REQUEST_URI|REQUEST_FILENAME "@pm .www_acl .htpasswd .htaccess boot.ini httpd.conf .htgroup global.asa .wwwacl"
+
+# Rule 340069: WEB-MISC nessus 1.X 404 probe
+SecRule REQUEST_URI "(nessus_is_probing_you_|NessusTest)" \
+ "id:340069,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Nessus scan'"
+
+# Rule 340072: WEB-MISC apache directory disclosure attempt
+SecRule REQUEST_URI "////////" \
+ "id:340072,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Directory disclosure'"
+
+# Rule 340076: PHP defenses
+SecRule ARGS:PHPSESSID "(!^[0-9a-z]*$|!^[0-9a-z]*;www)" \
+ "id:340076,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Session attack'"
+
+# Rule 340077: PHP defenses
+SecRule ARGS|!ARGS:operate|!ARGS:search_keywords "^(?:globals(?:$|\[)|php:/)" \
+ "id:340077,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation'"
+
+# Rule 340078: PHP defenses
+#SecRule REQUEST_COOKIES:PHPSESSID "!^[0-9a-z, ]*$" \
+# "id:340078,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP cookie policy violation'"
+
+# Rule 340079: PHP defenses
+SecRule REQUEST_COOKIES:sessionid "![0-9a-z]*$" \
+ "id:340079,rev:10,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation'"
+
+# Rule 340080: Web-attacks chdir
+SecRule REQUEST_URI "&(?:cmd|command)=chdir " \
+ "id:340080,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (chdir)'"
+
+# Rule 340082: SMTP redirects
+SecRule REQUEST_URI_RAW "^(?:(?:ht|f)tps?|connect)\:/.+:25" \
+ "id:340082,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SMTP redirect over http attempt'"
+
+
+# Rule 340083: very experimental generic remote download sig
+# These are VERY experiemental, please report false positives/negatives, etc.
+# foo IP or FQDN, or foo http/https/ftp://whatever
+SecRule REQUEST_URI "(?:perl|t?ftp|links|elinks|lynx|ncftp|(?:s|r)(?:cp|sh)|wget|lwp-(?:download|request|mirror|rget)|curl|cvs|svn).* (?:(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" \
+ "id:340083,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Command attempt'"
+
+# Rule 340084: Command inline detection
+SecRule REQUEST_URI "!(?:/scp/tickets\.php|/cgi-bin/stats\.cgi)" \
+ "chain,id:340084,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command injection attempt'"
+SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:(?:s|r)(?:sh|cp)) *(?:.*\@.*|(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|.*[A-Za-z|0-9]\.[a-zA-Z]{2,4}/|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)"
+
+
+# Rule 340085: very experimental connect command sig
+SecRule REQUEST_URI "(?: |\;|/|\'|,|\&|\=|\.)(?:perl|nc|telnet|(?:rs)sh|rexec) .*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[A-Za-z|0-9]\.[a-zA-Z]{2,4}|[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" \
+ "id:340085,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command injection attempt'"
+
+
+# Rule 340086: Commands, also need a major rework, these also have issues
+SecRule REQUEST_URI "\;perl [A-Za-z|0-9]+;" \
+ "id:340086,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (perl)'"
+
+# Rule 340087: SecRule REQUEST_URI "echo"
+SecRule REQUEST_URI "(?:lynx|curl|wget|links) -dump " \
+ "id:340087,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (links)'"
+
+# Rule 340088: Command attempt (links)
+SecRule REQUEST_URI "links (?:-(?:dump-(?:charset|width)|source)|(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/)" \
+ "id:340088,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (links)'"
+
+# Rule 340091: cd to tmp
+#SecRule REQUEST_URI "mkdir"
+SecRule REQUEST_URI "cd /(?:tmp|/var/tmp|/etc|\.\.)" \
+ "id:340091,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Command attempt (cd tmp)'"
+
+# Rule 340093: Access bash_history
+SecRule REQUEST_URI "/\.(?:history|bash_history)$" \
+ "id:340093,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Access attempt (.history/.bash_history)'"
+
+# Rule 340094: generic block for fwrite fopen uploads
+SecRule REQUEST_URI "fwrite" \
+ "chain,id:340094,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP fwrite/fopen attempt'"
+SecRule REQUEST_URI "fopen"
+
+
+# Rule 340095: generic sig for more bad PHP functions
+SecRule REQUEST_URI "chr\(?:(?:[0-9]{1,3})\)" \
+ "id:340095,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy violation (chr)'"
+
+# Rule 340096: PHP policy violation
+SecRule ARGS_NAMES "^php:/" \
+ "id:340096,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP policy viloation'"
+
+
+# Rule 340097: WEB-MISC Tomcat view source attempt
+SecRule REQUEST_URI "\x252ejsp" \
+ "id:340097,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Tomcat view source attempt'"
+
+# Rule 340098: WEB-FRONTPAGE .... request
+SecRule REQUEST_URI "\.\.\.\./" \
+ "id:340098,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: FRONTPAGE .... request'"
+
+# Rule 3400XX: experimental CSS rule
+#SecRule REQUEST_URI "/(?:\x3C|<)(?:\x2F|\/)*[a-z0-9\%]+(?:\x3E|>)"
+
+# Rule 340099: cross site scripting attempt IMG onerror or onload
+SecRule REQUEST_URI "\<IMG.*/\bonerror\b[\s]*=" \
+ "id:340099,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt IMG onerror or onload'"
+
+# Rule 340100: cross site scripting attempt TYPE + JAVASCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/javascript" \
+ "id:340100,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt TYPE + JAVASCRIPT'"
+
+# Rule 340101: cross site scripting attempt STYLE + JAVASCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]application\/x-javascript" \
+ "id:340101,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + JAVASCRIPT'"
+
+
+# Rule 340102: cross site scripting attempt STYLE + JSCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/jscript" \
+ "id:340102,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + JSCRIPT'"
+
+
+# Rule 340103: cross site scripting attempt STYLE + VBSCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/vbscript" \
+ "id:340103,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + VBSCRIPT'"
+
+
+# Rule 340104: cross site scripting attempt STYLE + VBSCRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]application\/x-vbscript" \
+ "id:340104,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + VBSCRIPT'"
+
+
+
+# Rule 340105: cross site scripting attempt STYLE + ECMACRIPT
+SecRule REQUEST_URI "TYPE\s*=\s*[\'\"]text\/ecmascript" \
+ "id:340105,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + ECMACRIPT'"
+
+
+# Rule 340106: cross site scripting attempt STYLE + EXPRESSION
+SecRule REQUEST_URI "STYLE[\s]*=[\s]*[^>]expression[\s]*\(" \
+ "id:340106,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + EXPRESSION'"
+
+
+# Rule 340107: cross site scripting attempt STYLE + EXPRESSION
+SecRule REQUEST_URI "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>" \
+ "id:340107,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt STYLE + EXPRESSION'"
+
+# Rule 340108: There is no 340108.
+
+# Rule 340109: cross site scripting attempt using XML
+SecRule REQUEST_URI "<!\[CDATA\[<\]\]>SCRIPT" \
+ "id:340109,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt using XML'"
+
+
+# Rule 340110: cross site scripting attempt executing hidden Javascript
+SecRule REQUEST_URI "eval[\s]*\([\s]*[^\.]\.innerHTML[\s]*\)" \
+ "id:340110,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt executing hidden Javascript'"
+
+
+# Rule 340111: cross site scripting attempt executing hidden Javascript
+SecRule REQUEST_URI "window\.execScript[\s]*\(" \
+ "id:340111,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt executing hidden Javascript'"
+
+# Rule 340112: cross site scripting attempt to execute Javascript code
+SecRule REQUEST_URI "(?:(?:(?:URL|SRC|HREF|LOWSRC)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*javascript[\:]" \
+ "id:340112,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting attempt to execute Javascript code'"
+
+
+# Rule 340113: cross site scripting stealth attempt to execute Javascript code
+# may false alarm for some language sets
+SecRule REQUEST_URI "!(?:/index\.php\?module=Blocks&type=admin&func=update|/index\.php\?go=.*&edit=)"\
+ "chain,id:340113,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: cross site scripting stealth attempt to execute Javascript code'"
+SecRule REQUEST_URI|REQUEST_BODY "(?:(?:(?:URL|SRC|HREF|LOWSRC)[\s]*=)|(?:url[\s]*[\(]))[\s]*[\'\"]*[\x09\x0a\x0b\x0c\x0d]*j[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*v[\x09\x0a\x0b\x0c\x0d]*a[\x09\x0a\x0b\x0c\x0d]*s[\x09\x0a\x0b\x0c\x0d]*c[\x09\x0a\x0b\x0c\x0d]*r[\x09\x0a\x0b\x0c\x0d]*i[\x09\x0a\x0b\x0c\x0d]*p[\x09\x0a\x0b\x0c\x0d]*t[\x09\x0a\x0b\x0c\x0d]*[\:]" \
+
+
+# Rule 340114: Apache /server-info accessible
+SecRule REQUEST_URI "^server-info/?$" \
+ "chain,id:340114,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /server-info access attempt'"
+SecRule REMOTE_ADDR "!^127\.0\.0\.1$"
+
+
+# Rule 340115: Apache /server-status accessible
+# Modified so apache-protect can run
+SecRule REQUEST_URI "^server-status/?$" \
+ "chain,id:340115,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: /server-status access attempt'"
+SecRule REMOTE_ADDR "!^127\.0\.0\.1$"
+
+
+# Rule 340116: generic Common HTTP vulnerability
+SecRule REQUEST_URI "/\?cwd=/" \
+ "id:340116,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Common HTTP vulnerability'"
+
+
+# Rule 340117: General [url] php forum protections (phpbb and others, to protect against script injection attacks in url links)
+SecRule REQUEST_URI "\.php\?" \
+ "chain,id:340117,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: General [url] php forum protections'"
+SecRule REQUEST_URI|REQUEST_BODY "\[url=(?:script|javascript|applet|about|chrome|activex)\:/.*\].*\[/url\]"
+
+
+# Rule 340118: Experimental XML-RPC generic attack sigs
+SecRule REQUEST_BODY|ARGS "(\'\,\'\'\)\)\;|\<param\>\<name\>.*\'\)\;)" \
+ "id:340118,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML-RPC attack'"
+
+# Rule 340120: XML-RPC generic attack sigs
+SecRule REQUEST_HEADERS "^Content-Type\: application/xml" \
+ "chain,id:340120,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML-RPC attack'"
+SecRule REQUEST_BODY|ARGS "(?:\<xml|\<.*xml)" chain
+SecRule REQUEST_BODY|ARGS "(?:echo(?: |\(|\').*\;|chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" chain
+SecRule REQUEST_BODY|ARGS "methodCall\>"
+
+
+# Rule 340121: Specific XML-RPC attacks on xmlrpc.php
+SecRule REQUEST_URI "(?:xmlrpc|xmlrpc.*)\.php" \
+ "chain,id:340121,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XML-RPC attacks on xmlrpc.php'"
+SecRule REQUEST_BODY|ARGS "(?:\<xml|\<.*xml)" chain
+SecRule REQUEST_BODY|ARGS "(?:echo(?: |\(|\').*\;|chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;"
+
+
+# Rule 340XXX:
+#Too generic, unless you know you won't see this in any of the fields of an XMLRPC message on your system
+#SecRule REQUEST_URI "/xmlrpc\.php" chain
+#SecRule "(?:cd|perl |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |id|uname |cvs |svn |(?:s|r)(?:cp|sh) |rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./)"
+
+# Rule 340122: XML-RPC SQL injection generic signature
+SecRule REQUEST_URI "(?:xmlrpc|xmlrpc_.*)\.php" \
+ "id:340122,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XML-RPC SQL injection ',chain"
+SecRule REQUEST_BODY|ARGS "<methodName>.*</methodName>.*<value><string>.*(?:select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](?:from|into|table|database|index|view).*methodName\>"
+
+# Rule 340125: Remote file inclusion attempt
+SecRule REQUEST_URI "index\.php\?libDir=:/" \
+ "id:340125,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote file inclusion attempt'"
+
+# Rule 340XXX
+#catch smuggling attacks
+#SecRule "^(?:GET|POST).*Host:.*^(?:GET|POST)"
+
+# Rule 340127: Drupal remote command execution vulnerability exploit signature
+# This is already covered in another generic signature, but just in case you leave it out, here it is
+# again with a slightly tigher regexp
+SecRule REQUEST_BODY|ARGS "\<.*php .*\(.*\)\;system\(.*\).*php ?\>" \
+ "id:340127,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote command exection (system)'"
+
+# Rule 340128: Slightly stronger version of the above
+SecRule REQUEST_BODY "\<.*php .*\(.*\)\;(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\).*php*\>" \
+ "id:340128,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote command exection (generic)'"
+
+
+# Rule 340129: Generic PHP attack sig
+SecRule REQUEST_BODY|REQUEST_URI "system\(getenv\(HTTP_PHP\)\)" \
+ "id:340129,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP attack sig'"
+
+
+# Rule 340130: Generic Nessus request filter
+SecRule REQUEST_URI "NessusTest*\.html" \
+ "id:340130,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Nessus Scan'"
+
+
+# Rule 340131: Generic PHP payload command injection and upload vulnerabilities
+SecRule REQUEST_BODY "<\?php" \
+ "id:340131,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP payload command injection and upload vulnerabilities',chain"
+SecRule REQUEST_BODY "(?:(?:fputs|fread)\(.*\,.*\)\;|fsockopen\(gethostbyname|chr\(.*\)\.chr\(.*\)\.chr\(|(?:fclose|fgets)\(.*\)\;|(?:system|exec)\(.*\)\;)" chain
+SecRule REQUEST_BODY "\<\?php"
+
+# Rule 340132: Generic XML RPC attack sig
+SecRule REQUEST_BODY "\'(?:______BEGIN______|_____FIM_____)\'\;" \
+ "id:340132,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XML RPC attack'"
+
+
+# Rule 340133: HTTP header PHP code injection attacks
+SecRule REQUEST_HEADERS:Client-Ip|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "(?:<\?php|<[[:space:]]?\?[[:space:]]?php|<\? php)" \
+ "id:340133,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: HTTP header PHP code injection attack'"
+
+# Rule 340134: wormsign
+SecRule REQUEST_HEADERS "XXXXXX+\: \+\+\+\+\+\+\+\+\+\+\+\+\+" \
+ "id:340134,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Worm signature'"
+
+# Rule 340135: THMC worm
+SecRule REQUEST_BODY "THMC\.\$dbhost\.THMC\.\$dbname\.THMC\.\$dbuser\.THMC\.\$dbpasswd\.THMC" \
+ "id:340135,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: THMC worm'"
+
+
+# Rule 340136: phpbb wormsign
+SecRule REQUEST_URI|REQUEST_BODY "echo _GHC/RST_" \
+ "id:340136,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHPBB worm'"
+
+
+# Rule 340137: Generic PHP avatar upload exploits
+SecRule REQUEST_URI "\.php" \
+ "id:340137,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHPBB avatar exploit',chain"
+SecRule REQUEST_BODY "Content-Disposition\: form-data\; name=\"avatar\"\;" chain
+SecRule REQUEST_BODY "\<\?php" chain
+SecRule REQUEST_BODY "\?>"
+
+
+# Rule 340138: Fake image file shell attacvk
+SecRule REQUEST_HEADERS:Content-Type "image/.*" \
+ "id:340138,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Fake image file shell attack',chain"
+SecRule REQUEST_BODY "chr\(.*\)"
+
+
+# Rule 340140: bogus graphics file
+SecRule REQUEST_HEADERS:Content-Disposition "\.(?:php|txt)" \
+ "id:340140,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Bogus graphics file',chain"
+SecRule REQUEST_HEADERS:Content-Type "(?:image/gif|image/jpg|image/png|image/bmp)" \
+
+
+# Rule 340141: wormsign
+SecRule REQUEST_URI "Hacked ?by ?member ?of" \
+ "id:340141,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: worm'"
+
+
+# Rule 340142: Special account protection
+SecRule REQUEST_URI "~(?:root|ftp|bin|nobody|named|guest|logs|sshd)/" \
+ "t:lowercase,t:replaceNulls,t:compressWhitespace,t:normalisePath,id:340142,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Special account protection'"
+
+
+# Rule 340143: Generic PHP fopen sig
+SecRule REQUEST_URI|REQUEST_BODY "fp=fopen\(" \
+ "id:340143,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP fopen attack'"
+
+
+# Rule 340144: Generic SQL sigs
+SecRule REQUEST_URI "!(?:(?:/wp-admin/post|privmsg|/ticket/admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/modules\.php\?op=modload&name=(?:Downloads|Submit_News)|/admin\.php\?module=NS\-AddStory\&op=|/index\.php\?name=PNphpBB2&file=posting&mode=reply.*|/phpMyAdmin/|/PNphpBB2-posting\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?title=.*&action=edit|/_mmServerScripts/|/node/[0-9]+/edit|/_vti_bin/.*\.exe/|/joomla/administrator/index2\.php|module=admin&act=dispLayoutAdminEdit&layout_srl=|upgrade.php?step=|^/ubbthreads/install/|^/projects/csb/milestone$)" \
+ "id:340144,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+SecRule ARGS|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)"
+
+# Rule 340145: Generic SQL sigs
+SecRule ARGS|!ARGS:content|!ARGS:/descr/|!ARGS:newcontent|!ARGS:/text/|!ARGS:/txt/|!ARGS:khxc_incphp--filename|!ARGS:/file_content/|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp|!ARGS:gbu0_prodcatdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]]1|(?:or 1=1|'.+)--')" \
+ "id:340145,rev:10,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'"
+
+# Rule 340146: Meta character SQL injection
+SecRule REQUEST_URI "\'.*(?:insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)|and.*char\(.*\)" \
+ "id:340146,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL metacharacter URI injection protection'"
+
+# Rule 340147: Generic XSS filter
+SecRule REQUEST_URI "!(/mt\.cgi|/node/[0-9]+/edit|/wizard/edit/html)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340147,rev:48,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter',chain"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:finish_survey|!ARGS:photolater|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)"
+
+# Rule 340148: XSS injection
+SecRule REQUEST_URI "!(^/\?(S|V)|^\?(S|V)|/node/[0-9]+/edit|/wizard/edit/html)" \
+ "chain,multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340148,rev:56,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:finish_survey|ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)"
+
+# Rule 340149: XSS injection
+SecRule REQUEST_URI "!(^/\?(S|V)|^\?(S|V)|/node/[0-9]+/edit|/wizard/edit/html|\.(gif|jpe?g|png|bmp)$)" \
+ "chain,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340149,rev:66,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+SecRule REQUEST_URI|ARGS|!ARGS:finish_survey|!ARGS:embeddump|ARGS:photolater|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|shell\:|window\.location|asfunction:_root\.launch|\%env)"
+
+# Rule 340150: Dfind signature
+# w00tw00t.at.ISC.SANS.DFind
+SecRule REQUEST_URI "w00tw00t" \
+ "id:340150,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: DFind scanner attempt'"
+
+
+#Rule 340152: PHP Injection attack
+#SecRule REQUEST_URI "!(?:^/newsletter/admin/\?page=spageedit|\?c=clipart&u=http:|^\?q=node/add/page$|^\?q=(?:en|de)/node/[0-9]/edit$|^/(?:maillist|lists)/admin/\?page=(template|template&id=[0-9]+)$|^/leap/\?admin\.menus\.edit\.[0-9]+$|\?mode=addshout|\?feed=http://)" \
+# "t:normalisePath,id:340152,rev:55,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 2',chain"
+#SecRule REQUEST_URI "/+\?" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+#SecRule ARGS|!ARGS:/link/|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/href/|!ARGS:dcsref|!ARGS:gb_link|!ARGS:entry_author_website|!ARGS:attribute29|!ARGS:request|!ARGS:oaparams|!ARGS:/html_content/|!ARGS:subscribemessage|!ARGS:menu[link_path]|!ARGS:en_description|!ARGS:Stream|!ARGS:footer|!ARGS:site_frontpage|!ARGS:openid.return_to|!ARGS:/^description/|!ARGS:text_block|!ARGS:template_content|!ARGS:/^edit/|!ARGS:header|!ARGS:/homepage/|!ARGS:messagebody|!ARGS:content|!ARGS:newText|!ARGS:pagedata|!ARGS:/url/|!ARGS:clickTAG|!ARGS:page|!ARGS:utmr|!ARGS:archive_chrono|!ARGS:return|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:message|!ARGS:serverurl|!ARGS:redirect_to|!ARGS:external_link|!ARGS:site_footer|!ARGS:body_html|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:attach-url|!ARGS:url2send|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:loc|!ARGS:backurl|!ARGS:referer|!ARGS:resource|!ARGS:siteurl|!ARGS:feed|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:text|!ARGS:newDescription|!ARGS:rid|!ARGS:enlace|!ARGS:video|!ARGS:body|!ARGS:g2_return|!ARGS:newComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+#SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+
+# Rule 340151: Generic PHP code injection protection in URI w/ anti-evasion
+SecRule REQUEST_FILENAME|REQUEST_URI "!(?:^/signup\.php|^/go\.php\?u=affilorama&t=http://|/slideshow/admin/p\.php)" \
+ "id:340151,t:normalisePath,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection attempt in URI'"
+SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&)).*=(?:ogg|gopger|zlib|(?:ht|f)tps?)\:/" chain
+SecRule REQUEST_URI "!(?:/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http)" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:store|!ARGS:txtReturn|!ARGS:src|!ARGS:Stream|!ARGS:eself|!ARGS:gb_link|!ARGS:action|!ARGS:redirect_to|!ARGS:/^description/|!ARGS:vthumb|!ARGS:image|!ARGS:footer|!ARGS:header|!ARGS:entry_author_website|!ARGS:/homepage/|!ARGS:clickTAG|!ARGS:page|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:goto|!ARGS:from|!ARGS:cmstr|!ARGS:/^wimpy/|!ARGS:enlace|!ARGS:page|!ARGS:subdir[0] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+#Rule 340153: PHP Injection attack w/ antievasion
+SecRule REQUEST_URI "!(?:^/newsletter/admin/\?page=spageedit|^\?q=node/add/page$|^\?q=(?:en|de)/node/[0-9]/edit$|\?mode=addshout|\?feed=http://)" \
+ "id:340153,t:normalisePath,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 3'"
+SecRule REQUEST_URI "/\?" chain
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:/link/|!ARGS:next|!ARGS:entry_author_website|!ARGS:gb_link|!ARGS:goto|!ARGS:/html_content/|!ARGS:openid.return_to|!ARGS:values[pageheader]|!ARGS:content|!ARGS:description|!ARGS:content|!ARGS:body|!ARGS:header|!ARGS:footer|!ARGS:utmr|!ARGS:edit[site_mission]|!ARGS:return|!ARGS:/url/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:message|!ARGS:serverurl|!ARGS:redirect_to|!ARGS:external_link|!ARGS:site_footer|!ARGS:body_html|!ARGS:referrer|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:attach-url|!ARGS:url2send|!ARGS:ureferrer|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:referer|!ARGS:resource|!ARGS:ret|!ARGS:ref|!ARGS:img|!ARGS:site|!ARGS:op|!ARGS:enlace|!ARGS:page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+#Rule 340154: Enhanced XSS protection w/antievasion
+#SecRule ARGS|ARGS_NAMES|REQUEST_FILNAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer "@pmFromFile xss.txt" \
+# "t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,id:340154,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP code injection protection via ARGS 3'"
+
+
+#Always SQL injection cases w/ antievasion
+SecRule REQUEST_URI "(!^/node/add/story)" \
+ "t:replaceComments,chain,id:340155,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL Injection protection'"
+SecRule REQUEST_HEADERS:Cookie "!(utmctr=)" chain
+SecRule ARGS|!ARGS:Db_submit|!ARGS:/^sql/|!ARGS:prev_sql_query|!ARGS:sql_query|ARGS_NAMES|!ARGS_NAMES:table_name|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_COOKIES:utmctr "@pmFromFile sql.txt"
+
+#Always bad SQL injection case w/ antievasion
+#SecRule ARGS|!ARGS:/^fulltext/|!ARGS:message|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+SecRule ARGS|!ARGS:Db_submit|!ARGS:/^fulltext/|!ARGS:prev_sql_query|!ARGS:/^sql/|!ARGS:sql_query|!ARGS:message|ARGS_NAMES|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring]|!REQUEST_HEADERS:X-PageView "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+ "id:340156,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:13,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection',logdata:'%{TX.0}',logdata:'%{TX.0}'"
+
+#SQL inline command attack
+SecRule REQUEST_URI "!(?:/ubbthreads/ubbthreads\.php|/phpBB3/install/index\.php|/index\.php\?mode=install&sub=create_table$|^/admin/test/examples/txtSQLAdmin/index\.php|^/store/images/)" \
+ "id:340157,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:24,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection',chain"
+SecRule REQUEST_URI|ARGS|!ARGS:comment|!ARGS:body|!ARGS:fulldescr|!ARGS:article_content|!ARGS:text|!ARGS:txt|!ARGS:action|!ARGS:Db_submit|!ARGS:/sql/|!ARGS:saved_data|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:steps|!ARGS:fck_body "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )"
+
+# Rule 340158:
+#XSS in referrer
+SecRule REQUEST_HEADERS:REFERER|REQUEST_URI "!(?:/plugins/editors/tinymce/jscripts/|/modules/tinymce/tinymce/jscripts|/phpinfo_iframe\.php)" \
+ "id:340158,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS in referrer',chain"
+SecRule REQUEST_HEADERS:REFERER "!(^pagead[0-9]\.googlesyndication\.com/pagead/)" chain
+SecRule REQUEST_HEADERS:REFERER "(?:\' ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|<[[:space:]]*(?:script|about|applet|activex|chrome)*>.*(?:script|about|applet|activex|chrome)[[:space:]]*>|activexobject|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|exec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|<input|(?:java|live|j)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click|dragdrop|focus|keydown|move|resize|submit|unload|key(?:press|up)|load)|onmouse(?:down|move|out|over|up)|script |settimeout|shell:|(?:vb|x-java)script|>( |\+)?<( |\+)?img( |\+)?src( |\+)?=( |\+)?(ht|f)tps?:/)"
+
+#SQL inline command attack with more AE cases
+SecRule REQUEST_URI "!(/ubbthreads/ubbthreads\.php|/install/index\.php|/admin/fetch_data_af\.php\?action=create_txt_file_from_af_table$|/phpmyadmin/tbl_change\.php)" \
+ "id:340159,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:22,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (MM)',chain"
+SecRule ARGS|!ARGS:/descr/|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:/sql_query/|!ARGS:/^sql/|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:/^sql_/|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select | cast\b\W*?\(|xecresultset|';DECLARE\b\W*?|;set @)" multiMatch
+
+#Always SQL injection cases w/ antievasion
+SecRule REQUEST_URI "!(/node/add/story)" \
+ "chain,id:340160,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:21,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL Injection protection'"
+SecRule ARGS|!ARGS:/text/|!ARGS:Db_submit|!ARGS:/table/|!ARGS:/^sql/|!ARGS:EXPORTTABLE|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:message|!ARGS:previous_field|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:X-PageView|!ARGS_NAMES:cfg_xsp_password|!ARGS:body|!ARGS:runQuery|!ARGS:field_type[]|!ARGS:/^field_type/|!ARGS:/^fieldtype_/|!ARGS:wpTextbox1 "@pmFromFile sql.txt" "t:base64Decode,t:hexDecode,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,multimatch"
+
+#Simple Image file enforcement rules for PHP args that include images
+#advanced analysis occurs thru the scanner
+SecRule REQUEST_URI "!(^/products/product_view_newrel\.php\?image=product_image$|/image-details\.php\?image=|/photocart/index\.php\?image=[0-9]+|^/image\.page\.php\?image=[0-9].*\||/cms/index\.php\?image=docs$)" \
+ "chain,id:340161,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:25,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP Injection protection for Image ARGS (S)'"
+SecRule REQUEST_URI "(?:\.php(?:3|4|5)?(?:\?|&)|^/(?:\?|&))" chain
+SecRule ARGS:vthumb|ARGS:imagen|ARGS:imgfile|ARGS:imageFile|ARGS:ppicture|ARGS:featured2-image|ARGS:ARGS:featured1-image|ARGS:premiumnews_banner_image|ARGS:defaultImage|ARGS:pagearBigImg|ARGS:image|ARGS:mainimage|ARGS:bg_image|ARGS:team[logo]|ARGS:userpicpersonal|ARGS:iconnew|ARGS:img_src|ARGS:vthumb|ARGS:ViewState[LargeImage]|ARGS:ViewState[SmallImage] "!(\.(?:gif|jpe?g|png|bmp|wct|pdf)|^docs$|^http://$|^[0-9]+\|?|^$|^true$|^false$|^product_image/$)"
+
+# Rule 340162: Generic PHP code injection protection in URI w/ anti-evasion
+SecRule REQUEST_FILENAME|REQUEST_URI "!(/[a-z0-9]+\.html\?&L=http:/|/mirrors/startdl/.*\?path=http:/|/wp-content/themes/indomagz_2/thumb.php?src=http|/pl/download\?file=http|/index\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedia|$/mysqldumper/dump\.php^|(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=http|^/xmlrpc\.php$|^/go\.php\?u=affilorama&t=http://|/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http://|/ubbthreads/ubbthreads\.php|/wimpy\.php\?action=serveMP3&theFile=http://|/lg\.php\?bannerid=.*&amp;campaignid=.*loc=http://|\?mode=addshout|\?feed=http://|/joomla15_2/administrator/index\.php|/wp-admin/(page|post|widgets|link|options)\.php|/batch\.html\.php\?code=http|/media-upload\.php|/admin-ajax\.php|/administrator/index2?\.php|/mt-(upgrade|wizard)\.cgi\?|/email-a-friend\.php|/cgi-bin/PManage/pmanage\.cgi|ubbthreads/admin/dofeatures\.php|cgi-bin/(?:inforx|wwiinfo|mvforms)\.(?:pl|cgi)|/admin/(?:edittemplate|webpage_update)\.php|/(?:signup|cpinquiry|profile)\.php|/catalog/secure_admin/categories\.php|plugins/unique_articles/add_article\.php|/images/banners/.*\.swf\?.*url=http://|/frame\.aspx\?u=http://|/index\.php\?sc=track&action=.*&cur=http://|/mynav\?right_frame=http://|/phpBB/install/install\.php|/count\.asp\?w=.*&r=http://)" \
+ "capture,id:340162,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:166,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (AE)',logdata:'%{TX.0}'"
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:/site/|!ARGS:source_location|!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/!ARGS:/webseite/|!ARGS:/^utm/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:cmessage|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:/click/|!ARGS:rf|!ARGS:/web/|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:/^win/|!ARGS:lec_rm|!ARGS:n-state|!ARGS:img|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:ccb_newmessage|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:/server/|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:V_feed_email|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:rules|!ARGS:img_alt|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:form_img|!ARGS:loc|!ARGS:/^description/|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long_/|!ARGS:/^topic_content_/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:descripcion|!ARGS:body_html|!ARGS:txtSignature|!ARGS:wpUploadDescription|!ARGS:customer_footer|!ARGS:notice_message|!ARGS:FAQTitle|!ARGS:host|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:admin_footer|!ARGS:email_sig|!ARGS:req_message|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:pingback_service|!ARGS:showStr|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:bannercode|!ARGS:email_forward|!ARGS:fetch|!ARGS:/txt/|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:footer_scripts|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:your-message|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:newDesc|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:ima|!ARGS:imgfile|!ARGS:art_summary|!ARGS:art_source|!ARGS:cat_sponsor|!ARGS:stretch|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:definition|!ARGS:openid.return_to|!ARGS:emailmessage|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:emessage|!ARGS:searchstring|!ARGS:new_tng_path|!ARGS:autoresp_message|!ARGS:babynaam|!ARGS:visitormessage|!ARGS:from_href|!ARGS:Comentario|!ARGS:dynadata[_SIGNATURE]|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:welcome_message|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:commontemplate[header]|!ARGS:uri|!ARGS:wp_home|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^ViewState/|!ARGS:/^message/|!ARGS:vars[DBhostname]|!ARGS:postvars|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:reply_message|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:/^PLUGIN_FEED/|!ARGS:user_sig|!ARGS:news_message|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:/^css/|!ARGS:short_story|!ARGS:ecards_more_pic_target|!ARGS:footmessage|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:messagebody|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:img_src|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:agendWebPage|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wpTextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:note|!ARGS:c_msg|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:team[logo]|!ARGS:helpbox|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:ret|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:message|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:notes|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:html_message|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:fb_ref|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:tj_message|!ARGS:cc_message|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:ret|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:map_description_1|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" chain
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+# Rule 340163: Generic PHP code injection protection in URI w/ anti-evasion and multimatch
+SecRule REQUEST_FILENAME|REQUEST_URI "!(/[a-z0-9]+\.html\?&L=http:/|/mirrors/startdl/.*\?path=http:/|/wp-content/themes/indomagz_2/thumb.php?src=http|/pl/download\?file=http|/index\.php/admin/system_config/save/section/payment/|^/b/ss/mxmacromedia|^/mysqldumper/dump\.php$|(?:jw_allvideos_player|mod_mp3player)\?(?:file|playlist)=http|^/xmlrpc\.php$|^/__utm.gif\?|^/go\.php\?u=affilorama&t=http://|/imp/compose\.php|/tiki-(?:objectpermissions|editpage)|/cowadmin/editor/.*/editor|index\.php\?url=|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs|signup\.php|calendar/index\.php\?act=calendar&code=edit&cal_id=.*&event_id=|cgi-bin/stats\.cgi\?id=shop&loc=http://|/ubbthreads/ubbthreads\.php|/plugin_jw_allvideos/jw_allvideos_player\.swf\?file=http://|/wimpy\.php\?action=serveMP3&theFile=http://|/lg\.php\?bannerid=.*&amp;campaignid=.*loc=http://|\?mode=addshout|\?feed=http://|/joomla15_2/administrator/index\.php|/wp-admin/(page|post|widgets|link|options)\.php|/batch\.html\.php\?code=http|/media-upload\.php|/admin-ajax\.php|/administrator/index2?\.php|/mt-(upgrade|wizard)\.cgi\?|/email-a-friend\.php|/cgi-bin/PManage/pmanage\.cgi|ubbthreads/admin/dofeatures\.php|cgi-bin/(?:inforx|wwiinfo|mvforms)\.(?:pl|cgi)|/admin/(?:edittemplate|webpage_update)\.php|/(?:cpinquiry|signup|profile)\.php|/catalog/secure_admin/categories\.php|plugins/unique_articles/add_article\.php|/images/banners/.*\.swf\?.*url=http://|/frame\.aspx\?u=http://|/index\.php\?sc=track&action=.*&cur=http://|/mynav\?right_frame=http://|/phpBB/install/install\.php|/count\.asp\?w=.*&r=http://|/index\.php\?option=com_content&view=article&id=.*http:/)" \
+ "capture,id:340163,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,chain,rev:166,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (MM)',logdata:'%{TX.0}'"
+#SecRule ARGS "!@pmFromFile trusted-domains.conf" chain
+SecRule ARGS|!ARGS:/site/|!ARGS:source_location/!ARGS:/^fetch/|!ARGS:/web/|!ARGS:/openid_identifier|!ARGS:/adres/|!ARGS:/logo/|!ARGS:/webseite/|!ARGS:resolution|!ARGS:/link/|!ARGS:new_channel|!ARGS:/wsdl/|!ARGS:/soap/|!ARGS:/message/|!ARGS:/^utm/|!ARGS:fighter_name|!ARGS:/^element/|!ARGS:/youtube/|!ARGS:camefrom|!ARGS:ucapi|!ARGS:pic1|!ARGS:clickTag1|!ARGS:rf|!ARGS:web|!ARGS:payment_home|!ARGS:sourcetitle|!ARGS:form_pathscript|!ARGS:embeddump|!ARGS:/www/|!ARGS:/page/|!ARGS:hdwok|!ARGS:result|!ARGS:/^setting/|!ARGS:store|!ARGS:continue|!ARGS:/href/|!ARGS:dcsref|!ARGS:lec_rm|!ARGS:n-state|!ARGS:img|!ARGS:Stream|!ARGS:CP_email|!ARGS:flvsite|!ARGS:eself|!ARGS:tax23_RefDocLoc|!ARGS:goback|!ARGS:OVRAW|!ARGS:outputfile|!ARGS:background|!ARGS:dcsref|!ARGS:path|!ARGS:ico|!ARGS:big|!ARGS:/^clickTagFrame/|!ARGS:attribute29|!ARGS:gmu|!ARGS:entry|!ARGS:tos|!ARGS:/image/|!ARGS:user_xup|!ARGS:value_3|!ARGS:request|!ARGS:confirm|!ARGS:/^groups/|!ARGS:came_from|!ARGS:prodLogo|!ARGS:prodDownload|!ARGS:/^V_feed/|!ARGS:itemIntro|!ARGS:photo|!ARGS:/^stylevar/|!ARGS:dcsqry|!ARGS:typePageCode|!ARGS:/^GARS_existing/|!ARGS:rules|!ARGS:img_alt|!ARGS:/^config/|!ARGS:/^revchurch/|!ARGS:goto|!ARGS:form_img|!ARGS:loc|!ARGS:notification_body|!ARGS:sitead|!ARGS:/^product_long/|!ARGS:/server/|!ARGS:/^topic_content/|!ARGS:banner_top|!ARGS:banners_list|!ARGS:heading|!ARGS:packageComments|!ARGS:cl_post|!ARGS:address|!ARGS:board_msg|!ARGS:logo_path|!ARGS:prehtml_root|!ARGS:revpro_video|!ARGS:arg2|!ARGS:/^cf_field_/|!ARGS:msg|!ARGS:configuration_key|!ARGS:search|!ARGS:/comment/|!ARGS:enquiry|!ARGS:/html_content/|!ARGS:desc|!ARGS:body_html|!ARGS:txtSignature|!ARGS:wpUploadDescription|!ARGS:/footer/|!ARGS:FAQTitle|!ARGS:host|!ARGS:webpath|!ARGS:/text/|!ARGS:whereto|!ARGS:/description/|!ARGS:item[content]|!ARGS:pathToPiwik|!ARGS:email_sig|!ARGS:minicms_content|!ARGS:feed|!ARGS:/^artsee_banner_/|!ARGS:fetch|!ARGS:pingback_service|!ARGS:hostname|!ARGS:htmlSource|!ARGS:/virtual_http_path/|!ARGS:/virtual_https_path/|!ARGS:f_content|!ARGS:email_forward|!ARGS:bannercode|!ARGS:blog|!ARGS:RTServerName|!ARGS:mesg|!ARGS:forward|!ARGS:atc_content|!ARGS:announce_post|!ARGS:/^data/|!ARGS:/^commontemplate/|!ARGS:teaser_js|!ARGS:/^item_/|!ARGS:advBannerMessage|!ARGS:thumb|!ARGS:question_content|!ARGS:u|!ARGS:header|!ARGS:action|!ARGS:cptpl_dir|!ARGS:newDesc|!ARGS:forum_desc|!ARGS:file_contents|!ARGS:return_to|!ARGS:Stream|!ARGS:contents|!ARGS:arg6|!ARGS:dbhost|!ARGS:copyright|!ARGS:newwebpath|!ARGS:ima|!ARGS:imgfile|!ARGS:art_summary|!ARGS:art_source|!ARGS:stretch|!ARGS:cat_sponsor|!ARGS:/^fields_prev/|!ARGS:automode|!ARGS:myfilm1|!ARGS:/^tp_article/|!ARGS:newsettings[files_dir]|!ARGS:contactMessage|!ARGS:var_value[usps_labels_help_2]|!ARGS:short_story|!ARGS:intro_content|!ARGS:vinculo|!ARGS:openid_return_to|!ARGS:cts|!ARGS:response|!ARGS:hd_request|!ARGS:relocate|!ARGS:add_fd3|!ARGS:headers-28|!ARGS:fulldescr|!ARGS:soundname|!ARGS:bbcode_tpl|!ARGS:Direccionsitioweb|!ARGS:/link/|!ARGS:faqText|!ARGS:request_uri|!ARGS:google|!ARGS:ud_web|!ARGS:openid.return_to|!ARGS:definition|!ARGS:emailmessage|!ARGS:tpl_cont|!ARGS:/domain/|!ARGS:searchstring|!ARGS:emessage|!ARGS:new_tng_path|!ARGS:autoresp_message|!ARGS:babynaam|!ARGS:visitormessage|!ARGS:from_href|!ARGS:Comentario|!ARGS:/^dynadata/|!ARGS:ppicture|!ARGS:paypal_ipn|!ARGS:defaultImage|!ARGS:welcome_message|!ARGS:title|!ARGS:html|!ARGS:dbody|!ARGS:right_frame|!ARGS:l1_bdy|!ARGS:theMessage|!ARGS:edit_full|!ARGS:article|!ARGS:forum|!ARGS:uri|!ARGS:commontemplate[header]|!ARGS:wp_home|!ARGS:/^blockbody/|!ARGS:field11|!ARGS:field_id_7|!ARGS:/^message/|!ARGS:/^ViewState/|!ARGS:postvars|!ARGS:vars[DBhostname]|!ARGS:base1|!ARGS:cart_header|!ARGS:setting[description]|!ARGS:webcam|!ARGS:video_google|!ARGS:layout|!ARGS:GMAP_KEY|!ARGS:full_story|!ARGS:source|!ARGS:set_static_uri_to|!ARGS:livesite|!ARGS:reply_message|!ARGS:Infos|!ARGS:rev_you_tube|!ARGS:ret_address|!ARGS:GMAP_KEY|!ARGS:newsBody|!ARGS:html_code|!ARGS:/webaddress/|!ARGS:/http_script_dir/|!ARGS:cfgfilecontent|!ARGS:/^PLUGIN_FEED/|!ARGS:user_sig|!ARGS:news_message|!ARGS:cur|!ARGS:yahoo|!ARGS:/Website/|!ARGS:sig|!ARGS:template_data|!ARGS:template|!ARGS:option[ping_sites]|!ARGS:KT_Update1|!ARGS:flds[Message]|!ARGS:EditorHTML|!ARGS:theVisibility|!ARGS:friend_M|!ARGS:before|!ARGS:option[home]|!ARGS:vars[siteName]|!ARGS:replycontents|!ARGS:sitedisclaimer|!ARGS:sm_b_style|!ARGS:success|!ARGS:short_story|!ARGS:/^css/|!ARGS:ecards_more_pic_target|!ARGS:vthumb|!ARGS:introduction|!ARGS:register_at|!ARGS:/^products_description/|!ARGS:terms_content|!ARGS:messagebody|!ARGS:statusaddress|!ARGS:revnews_ad_120|!ARGS:revnews_video|!ARGS:/sponsor_banner/|!ARGS:videoPath|!ARGS:web_site|!ARGS:img_src|!ARGS:newText|!ARGS:PageCopy|!ARGS:amp;loc|!ARGS:f_header|!ARGS:option[78]|!ARGS:savecontent|!ARGS:params[helpsite]|!ARGS:iconnew|!ARGS:agendWebPage|!ARGS:wpau-ftphost|!ARGS:gen_header|!ARGS:button_dir|!ARGS:news_desc|!ARGS:x_organizational|!ARGS:href|!ARGS:form_element3|!ARGS:wpTextbox1|!ARGS:edit[site_mission]|!ARGS:answer|!ARGS:intro|!ARGS:c_msg|!ARGS:note|!ARGS:domain|!ARGS:how_did_you_hear_about_us|!ARGS:back_to|!ARGS:/^sql_/|!ARGS:clickTAG|!ARGS:problem|!ARGS:default_banner|!ARGS:archive_chrono|!ARGS:home|!ARGS:thm|!ARGS:_RW_|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/url/|!ARGS:outbound|!ARGS:out|!ARGS:/refer/|!ARGS:team[logo]|!ARGS:team[url]|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:ureferrer|!ARGS:basehref|!ARGS:/^redirect/|!ARGS:redir|!ARGS:refertoyouby|!ARGS:oaparams|!ARGS:loc|!ARGS:resource|!ARGS:wimpyApp|!ARGS:wimpySkin|!ARGS:params[altTag]|!ARGS:message|!ARGS:referredby|!ARGS:portal_body|!ARGS:filecontent|!ARGS:inc|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:body|!ARGS:Post|!ARGS:data[Label][website]|!ARGS:reply|!ARGS:last_msg|!ARGS:tresc|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:missing_fields_redirect|!ARGS:templatePath|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:view|!ARGS:howhear|!ARGS:webeditor1|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:/referer/|!ARGS:/refer/|!ARGS:/redirect/|!ARGS:src|!ARGS:/^FCKeditor/|!ARGS:excerpt|!ARGS:saved_data|!ARGS:signature|!ARGS:disc|!ARGS:utmr|!ARGS:site_desc|!ARGS:user[signature]|!ARGS:Query|!ARGS:steps|!ARGS:bbcode_replace|!ARGS:jumpTo|!ARGS:site|!ARGS:memo|!ARGS:live_site|!ARGS:flvSource|!ARGS:_docSelector|!ARGS:user_website|!ARGS:g2_return|!ARGS:goto|!ARGS:site_first|!ARGS:from|!ARGS:footer|!ARGS:cmstr|!ARGS:remotefile|!ARGS:html_message|!ARGS:userDetails[web_address]|!ARGS:location|!ARGS:dest|!ARGS:Dialog30|!ARGS:Dialog7|!ARGS:configParams[api][configParamValue]|!ARGS:/^wimpy/|!ARGS:web_address|!ARGS:msgpreview|!ARGS:fb_ref|!ARGS:notes|!ARGS:pn_domain|!ARGS:newidentities[0][signature]|!ARGS:addendum|!ARGS:tj_message|!ARGS:cc_message|!ARGS:utmp|!ARGS:whydowork_code|!ARGS:value_190|!ARGS:pp_bio_content|!ARGS:xajaxargs[]|!ARGS:backto|!ARGS:/^http/|!ARGS:/^rsargs/|!ARGS:op|!ARGS:BLK_block_content|!ARGS:ret|!ARGS:Store_CustomerEmail_Header|!ARGS:old_file[]|!ARGS:zajawka|!ARGS:summary|!ARGS:hamechalets_desc|!ARGS:input_name[4]|!ARGS:input_name[0]|!ARGS:description|!ARGS:newDescription|!ARGS:area|!ARGS:content|!ARGS:/^data\[tt_content\]/|!ARGS:Brief_Profile|!ARGS:summary|!ARGS:data|!ARGS:newcontent|!ARGS:st_widget|!ARGS:video|!ARGS:ban_reason|!ARGS:def|!ARGS:data[Email][comment]|!ARGS:playlist|!ARGS:enlace|!ARGS:data_codepress|!ARGS:home_top|!ARGS:Store_OUI_GlobalFooter|!ARGS:in[http]|!ARGS:map|!ARGS:dynafield[_SIGNATURE]|!ARGS:payment_extrainfo|!ARGS:virtual_http_path|!ARGS:cta_content|!ARGS:x_website|!ARGS:wysiwyg|!ARGS:banner|!ARGS:env_ping_list|!ARGS:subdir[0]|!ARGS:x_Instructions|!ARGS:/^virtual_http/|!ARGS:cta_content|!ARGS:f_license|!ARGS:env_ping_list|!ARGS:xsponsor2|!ARGS:code|!ARGS:field5|!ARGS:p_content|!ARGS:f_site|!ARGS:CANCEL_RETURN "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,chain"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+#SQL Injection cases
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES|!ARGS:/text/|!ARGS:pass|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?: cast\b\W*?\(|xecresultset|;DECLARE\b\W*?)" \
+ "id:340164,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Injection Attack'"
+
+#SQL Injection cases
+SecRule REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_COOKIES:utmctr "(?:cast\b\W*?\(|xecresultset|';DECLARE\b\W*?)" \
+ "id:340165,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Injection Attack'"
+
+#
+# Rule 340011:
+#slightly tighter rules with narrower focus
+SecRule REQUEST_URI|REQUEST_BODY "(?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \
+ "id:340011,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'"
+
+# Rule 340005: Code injection via content length
+SecRule REQUEST_HEADERS:Content-Length "\;(?:system|passthru|exec)\(" \
+ "id:340005,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Code Injection in Content-Length header'"
+
+# Rule 340010:
+#Generic PHP exploit signatures
+SecRule REQUEST_BODY|REQUEST_URI "<\?php (?:chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \
+ "id:340010,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'"
+
+# Rule 340011:
+#Generic PHP exploit signatures
+SecRule REQUEST_BODY "(?:chr|fwrite|fopen|system|e?chr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" \
+ "id:340011,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic PHP exploit pattern denied'"
+
+
+# Rule 380000: phpbb Session Cookie
+SecRule REQUEST_COOKIES:sessionid|REQUEST_URI|ARGS|REQUEST_BODY "phpbb2mysql_data=a\x3A2\x3A\x7Bs\x3A11\x3A\x22autologinid\x22\x3Bb\x3A1\x3Bs\x3A6\x3A\x22userid\x22\x3Bs\x3A1\x3A\x222\x22\x3B\x7D" \
+ "id:380000,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380002: schema overflow attempt
+SecRule REQUEST_URI|ARGS|REQUEST_BODY "\|3A\|///^[^\/]{14,}?\x3a\/\/" \
+ "id:380002,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380003: HappyMall Command Execution member_html.cgi
+SecRule REQUEST_URI "member_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" \
+ "id:380003,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380004: HappyMall Command Execution normal_html.cgi
+SecRule REQUEST_URI "normal_html\.cgi\x3F.*file\x3D(\x3B|\x7C)" \
+ "id:380004,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack'"
+
+# Rule 380005: phpBB Remote Code Execution Attempt
+SecRule REQUEST_URI "viewtopic\.php\?" \
+ "id:380005,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PHP session cookie attack',chain"
+SecRule ARGS:highlight "(\'|\%[a-f0-9]{4})(\.|\/|\\|\%[a-f0-9]{4}).+?(\'|\%[a-f0-9]{4})"
+
+# Rule 380006: XSS generic sig
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:message|!ARGS:text|!ARGS:filecontent "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" \
+ "id:380006,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS Generic attack'"
+
+# Rule 380007: generic SQL injection sigs using PCRE
+SecRule REQUEST_URI "!(/immagini/)" \
+ "chain,id:380007,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Inject Generic signature'"
+SecRule REQUEST_URI|ARGS|REQUEST_BODY "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52).*!(\.(jpe?g|png|bmp|gif|mpe?g|avi|wmv|ico)$)" \
+
+#PDF XSS attack 1
+#SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|!ARGS:message|!ARGS:/text/ "(?:ogg|gopher|zlib|(?:ht|f)tps?):\/\/[\w\.]+?\/.*?\.pdf\b[^\x0d\x0a]*#" \
+# "capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PDF XSS attack 1',id:'380011',rev:6,severity:'2'"
+#PDF XSS attack 2
+SecRule REQUEST_HEADERS|XML:/*|!ARGS:/^products_description/|ARGS:introtext|!ARGS:/^message/|!ARGS:fulldescr|!ARGS:/^data/|!ARGS:introtext "(?:ogg|gopher|zlib|(?:ht|f)tps?):\/\/[\w\.]+?\/.*?\.pdf\b[^\x0d\x0a]*#" \
+ "chain,capture,t:none,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: PDF XSS attack 2',id:'380012',rev:4,severity:'2'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+#prevents exposure of ASL config files on customer machine
+SecRule RESPONSE_BODY "---ASL-CONFIG-FILE---" \
+ "phase:4,t:none,ctl:auditLogParts=+E,auditlog,status:404,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: ASL Configuration Leak Prevented',id:'380013',severity:'2',rev:1"
+
+#prevents leakage of web application source code
+#SecRule RESPONSE_BODY "((?:\b(?:(?:s(?:erver\.(?:(?:(?:htm|ur)lencod|execut)e|createobject|mappath)|cripting\.filesystemobject)|(?:response\.(?:binary)?writ|vbscript\.encod)e|wscript\.(?:network|shell))\b|javax\.servlet)|\.(?:(?:(?:createtex|ge)t|loadfrom)file|addheader)\b|<jsp:)|(?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\$_(?:(?:pos|ge)t|session))\b)" \
+# "phase:4,t:none,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Web Application Source code leakage prevented',id:'380014',severity:'4'"
+#
+#
+
+#duplicate argument polution detection
+#must be tuned to the application
+#SecRule ARGS_NAMES ".*" "chain,phase:2,t:none,nolog,pass,capture,setvar:'tx.%{matched_var_name}=+1'"
+#SecRule TX:/ARGS_NAMES:*/ "@gt 1" "setvar:tx.http_parameter_pollution=%{matched_var_name}"
+
+#SecRule TX:HTTP_PARAMETER_POLLUTION ".*" "phase:2,t:none,log,pass,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Suspicious Behavior: Multiple Parameters with the same Name.',logdata:'%{matched_var}'"
+#
+
+#Possible command injection attack
+SecRule ARGS "` ?`.*\+ ?\".*` ?`" \
+ "capture,t:urlDecodeUni,t:base64Decode,t:htmlEntityDecode,t:compressWhiteSpace,t:lowercase,multimatch,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Possible Command Injection Attack',id:'380014',rev:1,severity:'2'"
+SecRule ARGS "` ?`.*\+ ?\".*` ?`" \
+ "capture,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,auditlog,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Possible Command Injection Attack',id:'380015',rev:1,severity:'2'"
+
+# SSI injection
+#
+SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)" \
+ "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SSI injection Attack',id:'380016',logdata:'%{TX.0}',severity:'2'"
+SecRule REQUEST_HEADERS|XML:/* "<!--\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd)" \
+ "phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,status:501,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SSI injection Attack',id:'380017',logdata:'%{TX.0}',severity:'2'"
+
+#special exclusions for this rule file
+<LocationMatch /modules.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340463,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/target/|!ARGS:/redirect/|!ARGS:cforms_action_page|!ARGS:storyext|!ARGS:/^config/|!ARGS:/url/|!ARGS:message|!ARGS:/^config/|!ARGS:SitePath|!ARGS:PreviewImage|!ARGS:Exlink|!ARGS:story|!ARGS:/page/|!ARGS:user_website|!ARGS:configuration[MODULE_PAYMENT_GOOGLECHECKOUT_MODE]|!ARGS:configParams[api][configParamValue]|!ARGS:q|!ARGS:stories_topics|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340462,rev:9,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (modules.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+
+<LocationMatch /admin.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/referrer/|!ARGS:/^gbu0_/|!ARGS:/website/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_image|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:icon|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:/comments/|!ARGS:email|!ARGS:enlace_video|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:sfhome|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:cforms_action_page|!ARGS:ecards_more_pic_target|!ARGS:message|!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/url/|!ARGS:/page/|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:/referer/|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/image_path/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340464,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (admin.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/logo/|!ARGS:/path/|!ARGS:/page/|!ARGS:field_b|!ARGS:/referrer/|!ARGS:/^gbu0_/|!ARGS:/website/|!ARGS:guestbookLink|!ARGS:xmlpath|!ARGS:/^update/|!ARGS:/^woo_ad/|!ARGS:act_filepath|!ARGS:act_image|!ARGS:act_link|!ARGS:opphomepage|!ARGS:event_link|!ARGS:echi_google_analytics|!ARGS:/^echi_block_/|!ARGS:/^echi_ad/|!ARGS:/^permalink/|!ARGS:icon|!ARGS:descripcion|!ARGS:xcont_priv|!ARGS:email|!ARGS:enlace_video|!ARGS:hometext|!ARGS:/text/|!ARGS:web|!ARGS:/^config/|!ARGS:/^g2_manualpath/|!ARGS:/^sDescription/|!ARGS:hidepost_content_text|!ARGS:sText|!ARGS:homepage|!ARGS:field_3_name|!ARGS:cforms_cmsg|!ARGS:bcontent|!ARGS:form_location|!ARGS:sslloginlink|!ARGS:footer|!ARGS:field_4_name|!ARGS:cforms_redirect_page|!ARGS:ecards_more_pic_target|!ARGS:cforms_action_page|!ARGS:message/!ARGS:/^xfoot/|!ARGS:/^rss/|!ARGS:/rss$/|!ARGS:/^FCKeditor/|!ARGS:/page/|!ARGS:/url/|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:/referer/|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:/comments/|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:config[latestNewsRRS]|!ARGS:sfhome|!ARGS:sponsor|!ARGS:config[ftp_server]|!ARGS:listViewerCode|!ARGS:/image_path/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340465,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (admin.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cpinquiry.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340466,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340467,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /admin/area/save-page.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340468,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (save-page.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:signature|!ARGS:website|!ARGS:/url/|!ARGS:/page/|!ARGS:page-content|!ARGS:comments|!ARGS:content|!ARGS:q|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340469,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (save-page.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /cgi-bin/guestbook.pl>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340470,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:FOOTER|!ARGS:MESSAGE|!ARGS:header|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340471,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /modules/wysiwyg/save.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340472,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^content/|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340473,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /cgi-bin/blog/mt.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340474,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340475,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /admin/index.php>
+ SecRuleRemoveById 340157
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:comments "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:340457,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/admin/index.php exclude)'"
+SecRule ARGS|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:Exlink|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:/page/|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:code|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340476,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/img/|!ARGS:pp_path|!ARGS:vidid|!ARGS:bic|!ARGS:cubecart4_path|!ARGS:osc_path|!ARGS:events_map|!ARGS:xmlpath|!ARGS:homepage|!ARGS:input|!ARGS:email_contents|!ARGS:Exlink|!ARGS:page_content|!ARGS:feed_copyright|!ARGS:/url/|!ARGS:/page/|!ARGS:code|!ARGS:comments|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:SitePath|!ARGS:Exlink|!ARGS:contents|!ARGS:PreviewImage|!ARGS:pagelink|!ARGS:pagefeed|!ARGS:ShopPath|!ARGS:content|!ARGS:right|!ARGS:left|!ARGS:/^myDevEditControl_/|!ARGS:/link/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340477,rev:23,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /forums/admincp/user.php>
+ SecRuleRemoveById 340147
+ SecRuleRemoveById 340148
+ SecRuleRemoveById 340149
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340478,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^userfield/|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340479,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forum/admincp/user.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340480,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340481,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forum/admincp/template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340482,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:olduser|!ARGS:user[signature]|!ARGS:userfield[field10]|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340483,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /contact.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:homepage|!ARGS:field4|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340484,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (contact.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/domain/|!ARGS:fm_comments|!ARGS:contact_message|!ARGS:Page|!ARGS:msg|!ARGS:comments|!ARGS:yourmessage|!ARGS:howhear|!ARGS:information|!ARGS:/url/|!ARGS:/page/|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url|!ARGS:Message "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340485,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (contact.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /admin/conf.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340486,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/^opts/|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340487,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/posted/edit_listing.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340488,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:my_description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340489,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forums/private.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340490,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340491,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forums/newreply.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340144
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340492,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:weblink|!ARGS:weblink_title|!ARGS:message|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340493,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+# Rule 340444: Generic SQL sigs
+ SecRule ARGS|!ARGS:message "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340444,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/forums/newreply.php)'"
+</LocationMatch>
+<LocationMatch /frontend3/admin/area/add-edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340494,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:description|!ARGS:text|!ARGS:base_url|!ARGS:outbound|!ARGS:out|!ARGS:referer|!ARGS:serverurl|!ARGS:referrer|!ARGS:url|!ARGS:team[url]|!ARGS:helpurl|!ARGS:helpbox|!ARGS:website|!ARGS:return|!ARGS:url2send|!ARGS:attach-url|!ARGS:ureferrer|!ARGS:comment|!ARGS:basehref|!ARGS:redirect|!ARGS:refertoyouby|!ARGS:ajaxurl|!ARGS:product[media_gallery][images]|!ARGS:oaparams|!ARGS:loc|!ARGS:backurl|!ARGS:bg_image|!ARGS:imageFile|!ARGS:siteurl|!ARGS:install_url|!ARGS:comments_commentFind|!ARGS:resource|!ARGS:thelink|!ARGS:x_receipt_link_url|!ARGS:params[altTag]|!ARGS:referredby|!ARGS:clickurl|!ARGS:filecontent|!ARGS:inc|!ARGS:link|!ARGS:fck_body|!ARGS:fck_brief|!ARGS:introtext|!ARGS:resource_box|!ARGS:areaContent2|!ARGS:ref|!ARGS:userpicpersonal|!ARGS:blog_url|!ARGS:body|!ARGS:linkdescr|!ARGS:Post|!ARGS:last_msg|!ARGS:params[link]|!ARGS:texty|!ARGS:params[request_url]|!ARGS:pay_list_type|!ARGS:FULL_URL|!ARGS:HOMEPAGE_URL|!ARGS:ATTACHMENTS_URL|!ARGS:templatePath|!ARGS:fulltext|!ARGS:stories_cat|!ARGS:sUrl|!ARGS:config_helpurl|!ARGS:website_link|!ARGS:view|!ARGS:redirect_to|!ARGS:return_link_url|!ARGS:products_image|!ARGS:_wp_original_http_referer|!ARGS:refer|!ARGS:oldmsg|!ARGS:lk_url "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340495,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /links.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340496,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/links.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:S1|!ARGS:/url/|!ARGS:/page/|!ARGS:website|!ARGS:reciprocal \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340497,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/links.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+
+</LocationMatch>
+<LocationMatch /forums/newreply.php>
+ SecRuleRemoveById 340156
+#Always bad SQL injection case w/ antievasion
+SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS:message "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+ "id:340498,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:7,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/forums/newreply.php)',logdata:'%{TX.0}'"
+</LocationMatch>
+<LocationMatch /wysiwyg-edit>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340499,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:PageCopy|!ARGS:S1 \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340500,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /forums/bb-login.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:re|!ARGS:_wp_http_referer \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340501,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/bb-login.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:re|!ARGS:_wp_http_referer \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340502,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forums/bb-login.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/mt4/mt-comments.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340503,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:static|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340504,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ubbthreads/admin/dogen_display.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340505,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/referrer/|!ARGS:headerfile|!ARGS:footerfile|!ARGS:insertfile|!ARGS:/file$/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340506,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/dada/mail.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:location|!ARGS:physical_address|!ARGS:text_message_body \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340507,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/dada/mail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:location|!ARGS:physical_address|!ARGS:text_message_body \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340508,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/dada/mail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modernbill5/app-modernbill-admin/clients.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:emailBody \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340509,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:emailBody \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340510,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/database/dbpro.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:admin_email_text \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340511,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:admin_email_text \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340512,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /calendar/install/index.php>
+ SecRuleRemoveById 340157
+ SecRuleRemoveById 340159
+#SQL inline command attack
+SecRule REQUEST_URI|ARGS|!ARGS:saved_data "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:344513,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/calendar/install/index.php)'"
+#SQL inline command attack with more AE cases
+SecRule REQUEST_URI|ARGS|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:saved_data "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:344514,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/calendar/install/index.php)',multimatch"
+#
+</LocationMatch>
+<LocationMatch /admin/patch.php>
+ SecRuleRemoveById 340144
+ SecRuleRemoveById 340157
+SecRule ARGS|!ARGS:patch_query "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+"id:340515,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/admin/patch.php)'"
+SecRule REQUEST_URI|ARGS|!ARGS:patch_query "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select )" \
+ "id:344516,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (/admin/patch.php)'"
+</LocationMatch>
+<LocationMatch /images/logdnet.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:a|!ARGS:u \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340517,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:a|!ARGS:u \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340518,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /contact_form.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340519,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:Comments|!ARGS:/^Explain_/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340520,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /forum/register.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340521,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:s|!ARGS:/page/|!ARGS:/url/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340522,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /manager/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:text_2|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:/page/|!ARGS:ta|!ARGS:post \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340523,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:text_2|!ARGS:description|!ARGS:suitability|!ARGS:/url/|!ARGS:/page/|!ARGS:ta|!ARGS:post \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340524,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/class/class_add.pl >
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340525,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:description|!ARGS:/url/|!ARGS:/page/ \
+"^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" "chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,id:340526,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /insert_image>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:DirName "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340527,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/insert_image)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:DirName "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340528,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/insert_uimage)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /administration/news.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340529,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /administration/news.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:body2|!ARGS:/page/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340530,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/administration/news.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/editor.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340531,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/page/|!ARGS:/^Dialog/|!ARGS:/textarea/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340532,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-sys/FormMail.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340533,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340544,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /frame.aspx>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340545,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340546,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /spaw/gethref.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340547,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340548,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/mt/mt.fcgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340549,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/text/|!ARGS:/description/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340550,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/google_cse/google_cse.js>
+ SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /runmodule.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340551,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340552,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/frame.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:pagina "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340553,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^item_number/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340554,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /videos/install>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:sitefolder "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340555,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/videos/install)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:sitefolder "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340556,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/videos/install)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /support/staff/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/contents/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340557,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/contents/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340558,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/procform.pl>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340559,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:banner|!ARGS:backlink|!ARGS:Requests/Comments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340560,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/editcontent.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^content_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340561,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^content_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340562,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /html2rss/rss.aspx>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:U "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340563,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:U "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340564,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /winnder_step2.1.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:rules|!ARGS:terms "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340565,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:rules|!ARGS:terms "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340566,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /contact/website.php >
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:txtComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340567,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:txtComments "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340568,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wbb/acp/template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340569,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340570,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /sregister2-p.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:skills "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:346144,rev:12,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/sregister2-p.php)'"
+</LocationMatch>
+<LocationMatch /Board/posting.php>
+ SecRuleRemoveById 340156
+SecRule ARGS|ARGS_NAMES|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!ARGS:topicseen|!ARGS_NAMES:posted_data[product_substring] "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
+ "id:344156,capture,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/Board/posting.php)',logdata:'%{TX.0}'"
+</LocationMatch>
+<LocationMatch /phpmysupport/trackerimage.php>
+ SecRuleRemoveById 340026
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:base "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340571,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:base "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340572,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /livehelp/chat.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:dep "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340573,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/livehelp/chat.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:dep "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340574,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/livehelp/chat.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/mod_dgm-news_ultra/img/phpThumb.php>
+ SecRuleRemoveById 340006
+SecRule REQUEST_URI|ARGS|!ARGS:src "(?:\.\./\.\./)" \
+ "t:normalisePath,id:346006,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS (/modules/mod_dgm-news_ultra/img/phpThumb.php)'"
+</LocationMatch>
+<LocationMatch /wp-admin/edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340575,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:wpau-ftphost|!ARGS:adsensem-code|!ARGS:addresses|!ARGS:referredby|!ARGS:adrotate_bannercode "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340576,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/wp-admin/edit.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /egroupware/etemplate/process_exec.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340577,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:exec[text]|!ARGS:/link/|!ARGS:/referer/|ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340578,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install.php>
+ SecRuleRemoveById 341057
+ SecRuleRemoveById 340144
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:file|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340712,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'"
+SecRule ARGS|!ARGS:hos|!ARGS:wp_home|!ARGS:domain_in|!ARGS:ftpPath|!ARGS:f_license|!ARGS:f_site|!ARGS:/txt/|!ARGS:/text/|!ARGS:/uri/|!ARGS:/url/|!ARGS:site_addr|!ARGS:uusDatabaseHost|!ARGS:DB_SERVER|!ARGS:BosClassifiedsDatabaseHost|!ARGS:/url/|!ARGS:upload_dir|!ARGS:ftp_server|!ARGS:/WWW/|!ARGS:config|!ARGS:/http/|!ARGS:cptpl_dir|!ARGS:dbhost "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340579,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:hos|!ARGS:wp_home|!ARGS:domain_in|!ARGS:ftpPath|!ARGS:f_license|!ARGS:f_site|!ARGS:/txt/|!ARGS:/text/|!ARGS:/uri/|!ARGS:/url/|!ARGS:site_addr|!ARGS:uusDatabaseHost|!ARGS:DB_SERVER|!ARGS:BosClassifiedsDatabaseHost|!ARGS:/url/|!ARGS:upload_dir|!ARGS:ftp_server|!ARGS:/WWW/|!ARGS:config|!ARGS:/http/|!ARGS:cptpl_dir|!ARGS:dbhost "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340580,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /acollab/install/install.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:upload_dir "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340581,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:upload_dir "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340582,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /includes/popup.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:z "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340583,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:z "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340584,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/cgiemail/testform.txt>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:success "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340585,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:success "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340586,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ubbthreads/admin/doeditboard.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340587,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:headerfile|!ARGS:intro_body "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340588,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /anyinventory/admin/item_processor.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:pictureremote "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340589,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:pictureremote "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340590,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser.html>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340591,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340592,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/mod_shoutbox.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340592,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340593,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/options-general.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/page/|!ARGS:/address/|!ARGS:/url/|!ARGS:/^sm_pages_ur/|!ARGS:/^campaign_feed/|!ARGS:/^IMConfig/|!ARGS:/url/|!ARGS:ddsg_xml_path|!ARGS:sm_b_style|!ARGS:regplus_login_redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,id:340594,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/page/|!ARGS:/address/|!ARGS:/url/|!ARGS:/^sm_pages_ur/|!ARGS:/^campaign_feed/|!ARGS:/^IMConfig/!ARGS:/url/|!ARGS:ddsg_xml_path|!ARGS:sm_b_style|!ARGS:regplus_login_redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340595,rev:7,severity:4,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modernbill/app-modernbill-admin/configs.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340596,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340597,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/formmail.pl>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340598,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Recommendations|!ARGS:Comments|!ARGS:background|!ARGS:redirect|!ARGS:/site/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340599,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /mainsettings.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340600,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340601,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /site.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:dict "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340602,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:dict "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340603,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/ciadmin.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340604,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:securebase1|!ARGS:base1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340605,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /vb/admincp/template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:searchstring|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340605,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:searchstring|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340606,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /category.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:desc|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340607,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/redirect/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/page/|!ARGS:/url/|!ARGS:desc|!ARGS:template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340608,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /modules/newbbex/post.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340609,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:hidden|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340610,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/mb/index2.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340611,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:index|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340612,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cerberus/parser.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340613,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:xml|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340614,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /imp/expand.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340615,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:field_value|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340616,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /livehelp/mastersettings.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340617,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:newwebpath|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340618,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /manager/edit_template.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340619,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:template|!ARGS:message|!ARGS:subject "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340620,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /clip/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:route_to "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340621,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:route_to "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340622,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/moduleinterface.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/template/|!ARGS:m1_subscribe_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340623,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/template/|!ARGS:m1_subscribe_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340624,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cpanel/saveType.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:embed "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340625,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:embed "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340626,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/basic_settings.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:custom_promo_code "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340627,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:custom_promo_code "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340628,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/site_setup.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340629,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340630,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /syssite/shopadmin/core.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340631,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:offer_copyright|!ARGS:offerDomain|!ARGS:con|!ARGS:offer_contactus|!ARGS:content|!ARGS:mail_content|!ARGS:reply "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340632,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /system/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340633,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^template/|!ARGS:/^field_id/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340634,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /Mailer/TrueFM.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340635,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:forward|!ARGS:body_tag|!ARGS:http_referer|!ARGS:Address|!ARGS:Comment "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340636,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ummmanager.cgi>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:login "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340637,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:login "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340638,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/step6.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^site_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340639,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^site_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340640,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /homeCounter.php>
+ SecRuleRemoveById 340024
+ SecRuleRemoveById 340028
+ SecRuleRemoveById 340151
+</LocationMatch>
+<LocationMatch /admincp/options.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340641,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:site_path|!ARGS:/^setting/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340641,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /media/hochron.html>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:MemberSelectList "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340643,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:MemberSelectList "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340644,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/settings/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340645,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^settings/|!ARGS:metaDescription "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340646,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cmspopouts/shortcuts.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:target_title "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340647,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:target_title "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340648,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /manufacturers_edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^edit/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340649,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^edit/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340650,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/contactmanage.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:response "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340651,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:response "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340652,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /giftcert.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:recipient_address "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340653,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:recipient_address "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340654,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /pages/news.htm>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:store "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340655,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:store "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340656,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /bb-login.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:re "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340657,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:re "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340658,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /adview.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:target1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340659,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:target1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340660,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /ajCart/cart.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:CARTDIR "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340661,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:CARTDIR "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /index.php/install/-/configure>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:DIR_REL "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340661,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:DIR_REL "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340662,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /store/zc_install/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /admin_config.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:pagename "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340663,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:pagename "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340664,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cutenews/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340665,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:change_avatar|!ARGS:short_story "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340666,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /data/nanoadmin.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340667,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^areaContent/|!ARGS:content "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340668,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /auctions/rsstml.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:XML "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340669,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:XML "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340670,chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/util.php>
+ SecRuleRemoveById 340157
+</LocationMatch>
+<LocationMatch /wp-admin/theme-editor.php>
+ SecRuleRemoveById 340006
+SecRule REQUEST_URI "!(alt_mod_frameset.php|checkout_shipping.php|^/components/com_zoom/etc/|/admin\.swf\?nick=|/editor/filemanager/browser/default/browser\.html\?(Type=Image&)?Connector=\.\./\.\./connectors)" \
+ "chain,t:normalisePath,id:340671,rev:19,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied in URI/ARGS', chain"
+SecRule REQUEST_URI|ARGS|!ARGS:webpage[content]|!ARGS:article[content]|!ARGS:filecontent|!ARGS:/text/|!ARGS:/message/|!ARGS:/^fck_/|!ARGS:htmlSource|!ARGS:path_to_lzx|!ARGS:content|!ARGS:newcontent "(?:\.\./\.\./|\.\|\./\.\|\./\.\|)"
+</LocationMatch>
+<LocationMatch /egroupware/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340672,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /lclaccounts/setup/config.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340672,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^newssettings/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340673,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/post_property.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:map|!ARGS:photo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340674,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:map|!ARGS:photo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340675,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /filemanager/browser/default/browser.html>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340676,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Connector "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340677,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin.mvc>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340678,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:Store_MvUPS_Server|!ARGS:/^Store_CustomerEmail_/|!ARGS:Store_OUI_GlobalHeader|!ARGS:Store_OUI_GlobalFooter|!ARGS:Store_OUI_InvoiceFooter "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340679,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /delivery/ck.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340680,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:oaparam__bannerid|!ARGS:oaparams "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340681,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /proxy/index.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340682,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340683,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch ^/imp>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:message|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340684,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:message|!ARGS:subject|!ARGS:imapuser|!ARGS:/url/|!ARGS:u|!ARGS:message|!ARGS:/msg/|!ARGS:formData|!ARGS:form_img "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340685,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch modules/mod_wowstatus/wowserverstatus.php>
+ SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /ucp.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340686,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:mode|!ARGS:message|!ARGS:remotelink|!ARGS:website|!ARGS:signature "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340687,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /shopping/search.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340688,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:q "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340689,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /app-modernbill-admin/configs.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340690,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340691,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cidevents/install/index.php>
+ SecRuleRemoveById 340157
+ SecRuleRemoveById 340159
+</LocationMatch>
+<LocationMatch /sysadminarea.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340692,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/^configParams/|!ARGS:/^update/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340693,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /download.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:file|!ARGS:referer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340694,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:file|!ARGS:referer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340695,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /net2ftp_installer.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:package "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340696,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:package "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340697,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /mediaplayer.swf>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340698,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340699,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /adm-misc.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340700,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:3|!ARGS:body|!ARGS:/txt/|!ARGS:/text/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340701,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /piwik/piwik.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340702,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:link|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340703,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/file_edit.php>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340704,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:download|!ARGS:filebody "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340705,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/plugin-editor.php>
+SecRuleRemoveById 380006
+</LocationMatch>
+<LocationMatch /fplayer.swf>
+ SecRuleRemoveById 340162
+ SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340706,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:config "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340707,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+
+<LocationMatch /mailer/images.php>
+SecRuleRemoveById 340084
+</LocationMatch>
+<LocationMatch /mailer/redir.php>
+SecRuleRemoveById 340084
+</LocationMatch>
+<LocationMatch /store/admin/sqlpatch.php>
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /cgi-bin/cart.cgi>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340708,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/image/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340709,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /typo3/tce_file.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340710,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340711,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /writeToSFDC.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340712,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:/write/|!ARGS:/Past/|!ARGS:Reference_1_Contact_Info__c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340713,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/nmanage.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340714,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/file/|!ARGS:redirect|!ARGS:news "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340715,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /login.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340716,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:referrer|!ARGS:/homepage/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340717,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /amember/admin/email.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340718,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:vars "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340719,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /webinstall.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340720,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:mirror|!ARGS:ftp_server "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340721,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /pap.swf>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340722,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:v1 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340723,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fckeditor.html>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340724,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:CustomConfigurationsPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340725,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /editcontent.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /timthumb.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340726,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340727,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /upload.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src|!ARGS:filepath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340728,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:src|!ARGS:filepath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340729,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /idevaffiliate/admin/setup.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340730,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:full_path "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340731,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/index.php>
+SecRuleRemoveById 340159
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /tbl_select.php>
+SecRuleRemoveById 340159
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /movieonline.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340732,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:list "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340733,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /listings/client.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340734,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:line3 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340735,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /test_index.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340736,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:rf "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340737,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /recommend.cgi>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340738,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:name "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340739,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /goodsCounter.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340151
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340740,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:u|!ARGS:cof|!ARGS:ureferrer "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340741,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fla_video.swf>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /admin/admin_board.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340742,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:sql|!ARGS:address_whois "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340743,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /search_results.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340744,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:server_protocol|!ARGS:databasehost|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:act "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340745,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-content/plugins/wordtube/lib/statistic.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340746,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340747,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /paadmin/categories.php>
+SecRuleRemoveById 380011
+</LocationMatch>
+<LocationMatch /typo3/alt_clickmenu.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /get.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /wp-admin/admin-ajax.php>
+SecRuleRemoveById 340007
+SecRule REQUEST_URI|ARGS|!ARGS:content "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \
+ "t:none,t:lowercase,id:340748,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+</LocationMatch>
+<LocationMatch /administrator/index.php>
+SecRuleRemoveById 380011
+SecRuleRemoveById 380012
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+SecRuleRemoveById 380011
+SecRuleRemoveById 380012
+SecRuleRemoveById 340159
+SecRuleRemoveById 340151
+SecRule ARGS|!ARGS:/text/|!ARGS:fck_tw_body|!ARGS:sub|!ARGS:msg_body|!ARGS:/sql_query/|!ARGS:/^sql/|!ARGS:saved_data|!ARGS:fck_body|!ARGS:text|!ARGS:form[pagina_text]|!ARGS:description|!ARGS:message|!ARGS:/^sql_/|!ARGS:content "(?:(\w+)and(\w+)char\([0-9]+\)|(?:execute|convert)\(|(?:\;delete.*;(?:insert|declare|varchar)|(?:and .* \(select |(?:drop|create)(\w+)table|declare .* varchar\())|convert\(varchar|null,(?:null,(?:null|accesslevel|user_name),|concat\()|union select |cast\b\W*?\(|xecresultset|';DECLARE\b\W*?|;set @)" \
+ "multiMatch,id:340808,t:base64Decode,t:hexDecode,t:replaceNulls,t:htmlEntityDecode,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,t:replaceComments,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL inline command protection (MM)'"
+SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \
+ "chain,t:none,t:lowercase,id:340794,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+SecRule REQUEST_URI|ARGS|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"
+
+</LocationMatch>
+<LocationMatch /req.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340026
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407449,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340750,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /cgi-bin/news/news.cgi>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340026
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407451,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:c "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340752,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/themes.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407453,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:flickr|!ARGS:/banner/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/banner/|!ARGS:/image/|!ARGS:revchurch_video|!ARGS:/^YBN_/|!ARGS:bfa_ata_logo "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340754,rev:8,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /edit-item.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /removed.php>
+SecRuleRemoveById 340084
+</LocationMatch>
+<LocationMatch /ezGctrlpanel.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:pthanks "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407455,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:pthanks "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340756,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /magazine/index.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407457,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/path/|!ARGS:/site/|!ARGS:return|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:q|!ARGS:/referer/|!ARGS:/refer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340758,rev:6,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fckeditor/editor/filemanager/browser/default/browser.html>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /track.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:3407459,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:ref|!ARGS:/referer/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340760,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /flashgallery.php>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /phpmyadmin/tbl_change.php>
+SecRuleRemoveById 340157
+</LocationMatch>
+<LocationMatch /req.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340761,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^S/|!ARGS:str2 "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340762,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/patch.php>
+SecRuleRemoveById 340157
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /etc/reality-info.css>
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /typo3/alt_doc.php>
+SecRuleRemoveById 380011
+</LocationMatch>
+<LocationMatch /product_modify.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,id:340763,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+SecRule ARGS|!ARGS:distribution|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^efields/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340764,rev:5,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /fix.swf>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340765,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:x "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340766,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /typo3/alt_mod_frameset.php>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /cnf_config.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340767,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^val_/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340768,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /classes/crop_image.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /members/create_listing.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /livesupport/install/dbperform.php>
+SecRuleRemoveById 340144
+SecRuleRemoveById 340155
+</LocationMatch>
+<LocationMatch /st/out.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340769,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:u "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340770,rev:4,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /db_sql.php>
+SecRuleRemoveById 340144
+SecRuleRemoveById 340155
+</LocationMatch>
+<LocationMatch /catch.php >
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340771,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:ru "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340772,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /install/index.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/web/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:docroot|!ARGS:server_protocol "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340773,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/web/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:docroot|!ARGS:server_protocol "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340774,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /admin/languages.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340775,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^var_value/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340776,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /slideshow/admin/p.php>
+SecRuleRemoveById 340151
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340776,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:a "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340778,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/theme-editor.php>
+SecRuleRemoveById 341045
+SecRule ARGS|!ARGS:newcontent|!ARGS:khxc_incphp--filename|!ARGS:file_contents|!ARGS:filecontent|!ARGS:message|!ARGS:defaultParamList|!ARGS:body|!ARGS:gbu0_proddetdisp--incdisp "(?:or.+1[[:space:]]*=[[:space:]]1|(?:or 1=1|'.+)--')" \
+ "id:340777,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection'"
+</LocationMatch>
+<LocationMatch /components/com_oziogallery/preview.swf>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340779,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:xmlPath "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340780,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /fla_music.swf>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /mickadmincp/user.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340781,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfield/|!ARGS:user[homepage] "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340782,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /wp-admin/tools.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^mban/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340783,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^mban/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340784,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /includes/c0ntaktu3.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340785,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:bad_template "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340786,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /formmail.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340787,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:this_form "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340788,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /free.cgi>
+SecRuleRemoveById 340018
+</LocationMatch>
+<LocationMatch /wp-content/plugins/wp-postratings/postratings-admin-ajax.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+ SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:task|!ARGS:q "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+"id:340544,rev:3,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
+ SecRuleRemoveById 380006
+ SecRuleRemoveById 380011
+SecRule ARGS|!ARGS:task "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+"id:340544,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection (/administrator/index2.php)'"
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:message|!ARGS:text "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" \
+ "id:380006,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: XSS Generic attack'"
+SecRule REQUEST_URI "!(/products/index\.php\?gallery=)" \
+ "chain,t:none,t:lowercase,id:340789,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:videoplayer|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))"
+</LocationMatch>
+<LocationMatch /search.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340026
+SecRule ARGS|!ARGS:search_keywords|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340790,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:search_keywords|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:file "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340791,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /online/index.php >
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340792,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340793,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /contenido/main.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description|!ARGS:output "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340795,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+SecRuleRemoveById 340007
+SecRule REQUEST_URI|ARGS|!ARGS:fcontent|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:message|!ARGS:videoplayer "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \
+ "t:none,t:lowercase,id:340796,rev:14,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+</LocationMatch>
+<LocationMatch /imageresize.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /taguchitest.php>
+SecRuleRemoveById 340022
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340797,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340798,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /forums/modcp/moderate.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:/text/|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340799,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+</LocationMatch>
+<LocationMatch /odp/index.php>
+SecRuleRemoveById 380007
+SecRule REQUEST_URI|ARGS|REQUEST_BODY|!ARGS:c "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52)" \
+ "id:340800,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: SQL Inject Generic signature'"
+</LocationMatch>
+<LocationMatch /Yanner.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /pluskernel/settings.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340801,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:r "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340802,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /sql_error.php>
+SecRuleRemoveById 340145
+</LocationMatch>
+<LocationMatch /login-register.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340803,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340804,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /lecture.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340805,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:lec_rm|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:lec_doc "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340806,rev:2,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /response.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340807,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340808,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /edit_css.ph>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /modules/mod_oneononechat/phpfunctions.php>
+SecRuleRemoveById 340149
+SecRuleRemoveById 340148
+</LocationMatch>
+<LocationMatch /sql/fileman2.php>
+SecRuleRemoveById 340007
+SecRule REQUEST_URI|ARGS|!ARGS:dir|!ARGS:/txt/|!ARGS:css_data|!ARGS:/text/|!ARGS:/message/|!ARGS:body|!ARGS:wysiwyg_input|!ARGS:pagecontent|!ARGS:/html/|!ARGS:filecontent|!ARGS:content|!ARGS:filename|!ARGS:fck_body|!ARGS:text|!ARGS:/content/ "(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))(?:%(?:u2024|2e)|\.){2}(?:\x5c|(?:%(?:c(?:0%(?:9v|af)|1%1c)|2(?:5(?:2f|5c)|f)|u221[56]|1u|5c)|\/))" \
+ "t:none,t:lowercase,id:340810,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic Path Recursion denied'"
+</LocationMatch>
+<LocationMatch /wp-content/plugins/simple-popup-images/popup.php>
+SecRuleRemoveById 340026
+</LocationMatch>
+<LocationMatch /design/swapimages_onmousemove.js>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /edit_image>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340811,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:DirName|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340812,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /server.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340813,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:rf|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:aardvark_page "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340814,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+</LocationMatch>
+<LocationMatch /php/compress.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /tbl_replace.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRuleRemoveById 340157
+</LocationMatch>
+<LocationMatch wp-content/themes/bobv2/dax.swf>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-admin/plugin-install.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340815,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:s|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:/web/ "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340816,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+</LocationMatch>
+<LocationMatch /sitemap/index.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule ARGS|!ARGS:errmsg "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340817,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /administrator/index2.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tbl_row_action.php>
+SecRuleRemoveById 340157
+SecRuleRemoveById 340159
+</LocationMatch>
+<LocationMatch /adserver/www/delivery/lg.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tiny_mce/themes/advanced/source_editor.htm>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /administrator/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /forums/admincp/automediaembed_admin.php>
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /admin.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-comments-post.php>
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /imp/compose.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cgi-bin/database/admin.pl>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340818,rev:11,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340819,rev:20,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+# XSS injection
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340820,rev:17,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+</LocationMatch>
+<LocationMatch /cynghrair/change.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /forums/admincp/user.php>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /src/compose.php>
+SecRuleRemoveById 340147
+</LocationMatch>
+<LocationMatch /adm_noticies.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /plugins/ctrt/index.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340821,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/^descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:comment|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340822,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+# XSS injection
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:log|!ARGS:process_login|!ARGS:message|!ARGS:oldmsg|!ARGS:t_cont|!ARGS:footnote|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/^descr/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:Submit|!ARGS:comment|!ARGS:/message/|!ARGS:formSubmit|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /blog/wp-admin/options-general.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install1.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-admin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /wp-admin/themes.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincp/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincp/css.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /modules/upl/wc/CSXML.php>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /onmouseover.js>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /provider/product_modify.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincp/vbacmps_install.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /manage/bios/edit/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cgi-bin/cp-admin.cgi>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /_admin/>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /siteadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cmsadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /administrator/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /forumadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /management/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /manager/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /edit_product>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /rssadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /order/input.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/page/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:/^B/|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340823,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/^B/|!ARGS:order|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/product_desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:/descr/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340824,rev:33,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /ftp/index.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:state|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340825,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2',chain"
+</LocationMatch>
+<LocationMatch /editField.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin1/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /edit/index.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /ticketreply.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tiny_mce/plugins/advlink/link.htm>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /webadmin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /front_content.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/main/>
+SecRuleRemoveById 340017
+</LocationMatch>
+<LocationMatch /install/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /FormMail.conf>
+SecRuleRemoveById 340017
+SecRule ARGS|!ARGS:CompanyType|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:myTextArea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:article|!ARGS:wpTextbox1 "(?:insert into values|select from [a-z|A-Z|0-9]|bulk insert|union select|convert \(.*from)" \
+ "id:340826,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection in ARGS'"
+</LocationMatch>
+<LocationMatch /Wizard/Pages>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/email.php>
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /dict.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340827,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340828,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+</LocationMatch>
+<LocationMatch /webadmin.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /admin/>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /ntunnel_mysql.ph>
+SecRuleRemoveById 340144
+</LocationMatch>
+<LocationMatch /planner.php>
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340829,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:title|!ARGS:request|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340830,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+</LocationMatch>
+<LocationMatch /phpThumb/phpThumb.php>
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /facebook/>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /install2.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /stream/index.php>
+SecRuleRemoveById 340018
+</LocationMatch>
+<LocationMatch /secure.php>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /uplay/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /mapas_admin_edit.php>
+SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340831,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/titulo/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340832,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /projectpier/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /systemadmin/supportkb.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /manage.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin_panel/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /inc/php/img.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/media/>
+SecRuleRemoveById 340164
+</LocationMatch>
+<LocationMatch /wizard_forms.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/content/types/import>
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /administrator/index.php>
+SecRuleRemoveById 340077
+</LocationMatch>
+<LocationMatch /wp-admin/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /tstemplate/ts/index.php>
+SecRuleRemoveById 340017
+</LocationMatch>
+<LocationMatch /alta.php>
+SecRuleRemoveById 340006
+SecRuleRemoveById 340007
+</LocationMatch>
+<LocationMatch /setup/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /install/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/settings.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /projects/csb/ticket/>
+SecRuleRemoveById 340144
+</LocationMatch>
+<LocationMatch /contenido/main.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /cgi-bin/dada/mail.cgi>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /orderform/processor.php>
+SecRuleRemoveById 340162
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /cgi-bin/soupermail.pl>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /read_dump.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin_center/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admincenter/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /HomeDeveloper.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /bevestiging.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /imagemanager/stream/index.php>
+SecRuleRemoveById 390614
+SecRuleRemoveById 390615
+SecRuleRemoveById 380006
+</LocationMatch>
+<LocationMatch /phpadmin/export.php>
+SecRuleRemoveById 340160
+</LocationMatch>
+<LocationMatch /privado/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /webform/configure>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /portalcp/vbpoptions.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /thubservice.php >
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /user.php>
+SecRule ARGS|!ARGS:/user/|!ARGS:/pass/!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "id:340833,chain,t:normalisePath,t:replaceNulls,t:urlDecodeUni,t:compressWhiteSpace,t:lowercase,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+
+SecRule ARGS|!ARGS:/user/|!ARGS:/pass/|!ARGS:/icon/|!ARGS:/url/|!ARGS:/txt/|!ARGS:/text/|!ARGS:/redir/|!ARGS:/image/|!ARGS:/^userfile/|!ARGS:page|!ARGS:passwordlogin "^(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/" \
+ "chain,t:urlDecodeUni,t:base64Decode,t:hexDecode,t:htmlEntityDecode,multimatch,id:340834,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Remote File Injection attempt in ARGS'"
+SecRule MATCHED_VAR "!@beginsWith http://%{SERVER_NAME}/"
+</LocationMatch>
+<LocationMatch /survey/index.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340835,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+SecRule REQUEST_URI|ARGS|ARGS_NAMES|!ARGS:/move/|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340836,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+SecRule REQUEST_URI|ARGS|!ARGS:/move/|!ARGS:embeddump|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340837,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /forum/post.php>
+SecRuleRemoveById 340009
+</LocationMatch>
+<LocationMatch /crop_auto.php>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340008
+</LocationMatch>
+<LocationMatch /admin/main.php>
+SecRuleRemoveById 340163
+</LocationMatch>
+<LocationMatch /thumb.php>
+SecRuleRemoveById 340161
+</LocationMatch>
+<LocationMatch /com_virtuemart/fetchscript.php>
+SecRuleRemoveById 340007
+SecRuleRemoveById 340026
+</LocationMatch>
+<LocationMatch /uploader.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/productadd.php>
+SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340839,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'"
+</LocationMatch>
+<LocationMatch /survey/preview.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:ticket_response|!ARGS:/element/|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:embeddump|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions|!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^elm/|!ARGS:verbiage|!ARGS:news|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:order|!ARGS:/post/|!ARGS:youtube|!ARGS:reply|!ARGS:business|!ARGS:/homePage/|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:Post|!ARGS:/^field_id/|!ARGS:area|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:script|about|applet|activex|chrome).*(?:script|about|applet|activex|chrome) ?>|> ?< ?(img ?src|a ?href) ?= ?(ht|f)tps?:/|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?(>|<)|< ?/?i?frame|\%env)" \
+ "t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340840,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic XSS filter'"
+
+# Rule 340148: XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|ARGS_NAMES|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:embeddump|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/sql/|!ARGS:c_features|!ARGS:/tekst/|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:verbiage|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:/^product_options/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:/edit/|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:preview__hidden|!ARGS:order|!ARGS:youtube|!ARGS:/post/|!ARGS:reply|!ARGS:business|!ARGS:navig|!ARGS:pagimenu_inhoud|!ARGS:/note/|!ARGS:/page/|!ARGS:/homePage/|!ARGS:Post|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:/desc/|!ARGS:ta|!ARGS:/data/|!ARGS:Returnid|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/submit/|!ARGS:/css/|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/^doc/|!ARGS:/xml/|!ARGS:googlemap|!ARGS:tekst|!ARGS:formsubmit|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:submit|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/footer/|!ARGS:/header/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?((img|i?frame) ?src|a ?href) ?= ?(ogg|gopher|zlib|(ht|f)tps?)\:/|alert ?\(|<? ((java|vb)?script|applet|activex|chrome) ?>|\" ?> ?<|\" ?[a-z]+ ?<.*>|> ?\"? ?>|< ?/?i?frame|\%env)" \
+ "multiMatch,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340841,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+
+# Rule 340149: XSS injection
+SecRule REQUEST_URI|ARGS|!ARGS:/survey/|!ARGS:embeddump|!ARGS:/element/|!ARGS:ticket_response|!ARGS:option[vbpclosedreason]|!ARGS:/introduction/|!ARGS:/contenido/|!ARGS:/tekst/|!ARGS:/sql/|!ARGS:c_features|!ARGS:other_clubs|!ARGS:/^elm/|!ARGS:/^saes/|!ARGS:verbiage|!ARGS:dlv_instructions!ARGS:/^cymr/|!ARGS:_qf_Register_upload|!ARGS:/^wz/|!ARGS:tiny_vals|!ARGS:sSave|!ARGS:/article/|!ARGS:/about/|!ARGS:/^elm/|!ARGS:news|!ARGS:/Summarize/|!ARGS:usr1|!ARGS:resolution|!ARGS:problem|!ARGS:/^product_options/|!ARGS:eintrag|!ARGS:/edit/|!ARGS:/SiteStructure/|!ARGS:/anmerkung/|!ARGS:/summary/|!ARGS:Returnid|!ARGS:reply|!ARGS:/story/|!ARGS:resource_box|!ARGS:order|!ARGS:youtube|!ARGS:business|!ARGS:/homePage/|!ARGS:/post/|!ARGS:navig|!ARGS:preview__hidden|!ARGS:/page/|!ARGS:area|!ARGS:/^field_id/|!ARGS:/detail/|!ARGS:/comment/|!ARGS:LongDesc|!ARGS:meta_info|!ARGS:ta|!ARGS:/data/|!ARGS:search_theme_form_keys|ARGS_NAMES|!ARGS_NAMES:user[click_or_onmouseover]|!ARGS:busymess|!ARGS_NAMES:/^V\*/|!ARGS_NAMES:/^S\*/|!ARGS:/^quickrise_advertise/|!ARGS:rt_xformat|!ARGS:/wysiwyg/|!ARGS:contingut|!ARGS:/^werg/|!ARGS:/body/|!ARGS:/css/|!ARGS:user[usertitle]|!ARGS:/^section/|!ARGS:/msg/|!ARGS:t_cont|!ARGS:/note/|!ARGS:/xml/|!ARGS:/^doc/|!ARGS:/desc/|!ARGS:tekst|!ARGS:invoice_snapshot|!ARGS:/code/|!ARGS:/submit/|!ARGS:/message/|!ARGS:/html/|!ARGS:/content/|!ARGS:/link/|!ARGS:/text/|!ARGS:/txt/|!ARGS:/url/|!ARGS:/refer/|!ARGS:/referrer/|!ARGS:/template/|!ARGS:/ajax/ "(< ?(?:(?:img|i?frame) ?src|a ?href) ?= ?(?:ogg|gopher|zlib|(?:ht|f)tps?)\:/|\" ?> ?<|(?:\.add|\@)import|asfunction\:|background-image\:|e(?:cma|xec)script|\.fromcharcode|get(?:parentfolder|specialfolder)|iframe |\.innerhtml|\< ?input|(?:java|live|j|vb)script!s|lowsrc|mocha\:|!(i|t)on(?:abort|blur|change|click!s|dragdrop|focus|keydown|keypress|keyup)|onmouse(?:down|move|out|over|up)|script |shell\:|window\.location|asfunction:_root\.launch|\%env)" \
+ "t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:compressWhitespace,id:340842,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Cross Site Scripting Attack'"
+</LocationMatch>
+<LocationMatch /linkmachine/linkmachine.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /productadd.php>
+SecRuleRemoveById 340144
+SecRule ARGS|!ARGS:create|!ARGS:postpagetext|!ARGS:display_query|!ARGS:Db_submit|!ARGS:prev_sql_query|!ARGS:sql_query|!ARGS:Post|!ARGS:text|!ARGS:action|!ARGS:op|!ARGS:setup_db|!ARGS:wpTextbox1|!ARGS:message|!ARGS:/^SQL/|!ARGS:query_string|!ARGS:query|!ARGS:description "(?:(?:alter|create|drop)[[:space:]]*(?:column|database|procedure|table)|delete[[:space:]]*update.+set.+=)" \
+ "id:340144,rev:1,severity:2,msg:'Atomicorp.com - FREE/UNSUPPORTED RULES - WAF Rules: Generic SQL injection protection 2'"
+</LocationMatch>
+<LocationMatch /admint/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /setupCTCForm.php>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
+<LocationMatch /admin/db.php>
+SecRuleRemoveById 340144
+</LocationMatch>
+<LocationMatch /admin-translate/>
+SecRuleRemoveById 340147
+SecRuleRemoveById 340148
+SecRuleRemoveById 340149
+</LocationMatch>
diff --git a/config/apache_mod_security/rules/a_exclude.conf b/config/apache_mod_security/rules/a_exclude.conf
new file mode 100644
index 00000000..b8f44cd2
--- /dev/null
+++ b/config/apache_mod_security/rules/a_exclude.conf
@@ -0,0 +1,182 @@
+# http://www.gotroot.com/mod_security+rules
+# Gotroot.com ModSecurity rules
+# Exclusion Rules for modsec 2.x
+# NOTICE: THESE RULES ARE OBSOLETE AND ARE NO LONGER SUPPORTED
+# Visit http://www.gotroot.com to download supported rules
+
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/exclude.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# IMPORTANT NOTE! These rules must be loaded FIRST in your rule orderset to override
+# other rules. If you load them later, they will not work!
+#
+# Version: N-20061022-01
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+
+###########################################
+#Generic SQL injection rule exclusions
+###########################################
+
+#generic PHP forum posting exclusion
+<LocationMatch "/posting.php">
+SecRuleRemoveById 300013
+SecRuleRemoveById 300015
+SecRuleRemoveById 300016
+</LocationMatch>
+
+
+#PhpMyadmin
+<LocationMatch "/tbl_change.php">
+ SecRuleRemoveById 300016
+</LocationMatch>
+
+<LocationMatch "/sql.php">
+ SecRuleRemoveById 300016
+</LocationMatch>
+
+#/xde/managecontent.php
+<LocationMatch "/xde/managecontent.php">
+ SecRuleRemoveById 300016
+</LocationMatch>
+
+
+<LocationMatch "/dbad/import.php">
+ SecRuleRemoveById 300016
+</LocationMatch>
+
+#PhpBB posting
+<LocationMatch "/index.php?name=PNphpBB2&file=posting&mode=reply.*">
+SecRuleRemoveById 300013
+</LocationMatch>
+
+#postnuke admin
+<LocationMatch "/admin.php">
+ SecRuleRemoveById 300016
+</LocationMatch>
+
+#Postnuke uploads
+<LocationMatch "/modules.php?op=modload&name=Downloads.*">
+SecRuleRemoveById 300013
+</LocationMatch>
+
+#Tikiwiki forum
+<LocationMatch "/tiki-view_forum_thread.php">
+SecRuleRemoveById 300013
+</LocationMatch>
+
+#Squirrel mail and Horde postings
+<LocationMatch "/horde/imp/compose.php">
+SecRuleRemoveById 300013
+SecRuleRemoveById 300015
+SecRuleRemoveById 300016
+</LocationMatch>
+
+#Provided by Todd Holforty
+<LocationMatch "/squirrelmail/src/compose.php">
+SecRuleRemoveById 300013
+SecRuleRemoveById 300015
+SecRuleRemoveById 300016
+</LocationMatch>
+
+#Phorum posting
+<LocationMatch "/phorum/post.php">
+SecRuleRemoveById 300013
+</LocationMatch>
+
+#Tikiwiki edit
+<LocationMatch "/tiki-editpage.php">
+SecRuleRemoveById 300013
+</LocationMatch>
+
+<LocationMatch "/misc.php">
+SecRuleRemoveById 300013
+</LocationMatch>
+
+<LocationMatch "/forum/posting.php\?mode=.*">
+SecRuleRemoveById 300016
+</LocationMatch>
+
+###########################################
+#Double pipe exclusion rules
+###########################################
+<LocationMatch "/_vti_bin/fpcount.exe">
+SecRuleRemoveById 300014
+</LocationMatch>
+
+###########################################
+#Front page exclusions
+###########################################
+<LocationMatch "/_vti_bin/_vti_aut/author.exe">
+ SecRuleInheritance Off
+</LocationMatch>
+
+<Location /modules.php?name=Forums&file=posting>
+SecRuleRemoveById 300016
+</Location>
+
+<Location /modules.php?name=Private_Messages&file=index>
+SecRuleRemoveById 300016
+</Location>
+
+###########################################
+#Mambo/Joomla exclusions
+###########################################
+<LocationMatch "/index.php">
+ SecRuleRemoveById 380000
+ SecRuleRemoveById 300013
+</LocationMatch>
+<LocationMatch "/administrator/index2.php">
+ SecRuleRemoveById 300013
+ SecRuleRemoveById 300016
+ SecRuleRemoveById 380000
+ SecRuleRemoveById 360001
+</LocationMatch>
+
+#Added 27AUG2006
+#Courtesy of Tom Donovan
+#ColdFusion RDS
+<LocationMatch "/CFIDE/main/ide.cfm">
+ SecRuleRemoveById 360001
+</LocationMatch>
+
+#servlet/webacc
+<LocationMatch "/servlet/webacc">
+ SecRuleRemoveById 300013
+</LocationMatch>
+
+#WordPRess
+<LocationMatch "/wp-admin/options-reading.php">
+ SecRuleRemoveById 300015
+</LocationMatch>
+
+#/profile.php
+<LocationMatch "/profile.php">
+ SecRuleRemoveById 300015
+</LocationMatch>
+
+#Open-Exchange
+<LocationMatch "/servlet/webdav.calendar/foo.xml">
+ SecRuleRemoveById 300015
+</LocationMatch>
+
+
+#owl intranet
+<LocationMatch "/intranet/setacl.php">
+ SecRuleRemoveById 300015
+</LocationMatch>
diff --git a/config/apache_mod_security/rules/blacklist.conf b/config/apache_mod_security/rules/blacklist.conf
new file mode 100644
index 00000000..5864ab49
--- /dev/null
+++ b/config/apache_mod_security/rules/blacklist.conf
@@ -0,0 +1,97 @@
+# http://www.gotroot.com/mod_security+rules
+# Comment Spam Rules for modsec 2.x
+# NOTICE: THESE RULES ARE OBSOLETE AND ARE NO LONGER SUPPORTED
+# Visit http://www.gotroot.com to download supported rules
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/blacklist.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+#Version: N-20061022-01
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+
+#http://www.gotroot.com
+#see website for more information
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "Subject\:" chain
+SecRule ARGS:Bcc ".*\@"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "Subject\:" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "\s*bcc\:"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS|REQUEST_BODY|REQUEST_URI "\s*bcc\:\s*[a-z0-9._%-]+@[A-Z0-9.-]+\.[a-z]{2,}"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS "\n[[:space:]]*(to|b?cc)[[:space:]]*:.*@"
+SecRule REQUEST_URI "!(/compose\.php\?)" chain
+SecRule ARGS "\s*bcc\:\s*[a-z0-9._%-]+\@.*\.[a-z]{2,}"
+SecRule HTTP_x-aaaaaaaaa|HTTP_XAAAAAAAAA ".+$"
+SecRule HTTP_x-aaaaaaaaaaa|HTTP_XAAAAAAAAAAA ".+$"
+SecRule HTTP_x-aaaaaaaaaaaa|HTTP_X_AAAAAAAAAAAA ".+$"
+#SecRule HTTP_XXXXXXXXXXXXXXX ".+$"
+
+#unknown pattern in testing, logging only, please send
+#any patterns RELATED TO SPAM OR ATTACKS you log with with these rules
+#please do not send false positives for this rule set, just turn it off
+#SecRule HTTP_aaaaaaaaa|HTTP_AAAAAAAAA ".+$" "log,pass"
+#SecRule HTTP_aaaaaaaaaaa|HTTP_AAAAAAAAAAA ".+$" "log,pass"
+#SecRule HTTP_aaaaaaaaaaaa|HTTP_AAAAAAAAAAAA ".+$" "log,pass"
+#SecRule HTTP_aaaaaaaaaaaaaaa|HTTP_AAAAAAAAAAAAAAA ".+$" "log,pass"
+
+SecRule HTTP_Referer|ARGS "(blow)+[\w\-_.]*(jobs?)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(gay)+[\w\-_.]*(beastiality)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(beastilality)+[\w\-_.]*(stories)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(free)+[\w\-_.]*(beastiality)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(horse|animal|dog)+[\w\-_.]*(porn|cocks|dick|sex|penis|blowj.*)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(buy)+[\w\-_.]*online[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(diet|penis)+[\w\-_.]*(pills|enlargement)[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(enlarg|enhanc).*(male|penis|natural).*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(enlarg|enhanc).*(male|penis|natural)\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(online)+[\w\-_.]*pharmacy"
+SecRule HTTP_Referer|ARGS "(i|la)-sonneries?[\w\-_.]*\.[a-z]{2,}"
+SecRule REQUEST_URI "!(/sugarcrm/index\.php)" chain
+SecRule HTTP_Referer|ARGS "(silagra|morphine|ritalin|levitra|lolita|carisoprodol|phentermine|amitriptyline|diethylpropion|viagra|lisinopril|vig-?rx|zyban|valtex|xenical|adipex|meridia)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(ephedrine|neurontin|glucosamine|testosterone|cialis|lipitor|effexor|propecia|celebrex|gluclosamine|lexapro|ephedra|levitra)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(magazine)+[\w\-_.]*(finder|netfirms)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(male|penis)enlarg*\.(biz|com|net|org|us|info)"
+SecRule HTTP_Referer|ARGS "(male|penis).*(enlarg|enhanc|natural|pill|surgery|traction)"
+SecRule HTTP_Referer|ARGS "(mike)+[\w\-_.]*apartment[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(milf)+[\w\-_.]*(hunter|moms|fucking|lessons)[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(natural|penis|male).*(enlarg.*|enhanc.*)"
+SecRule HTTP_Referer|ARGS "(natural|penis|male)+[\w\-_.]*(enlarg.*|enhanc.*)"
+SecRule HTTP_Referer|ARGS "(online)+[\w\-_.]*(prescription|casino|roulette|slot)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*(casino|roulette)\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*(casino|roulette).*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(slot)+[\w\-_.]*machines\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(prozac|zoloft|xanax|valium|hydrocodone|vicodin|paxil|vioxx)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(ragazze)-?\w+\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(texas)+[\w\-_.]*holdem"
+SecRule HTTP_Referer|ARGS "(phentermine)+[\w\-_.]*online"
+SecRule HTTP_Referer|ARGS "(texas)+[\w\-_.]*hold[\w\-_.].*em"
+SecRule HTTP_Referer|ARGS "texas[\w\-_.]hold[\w\-_.]em"
+SecRule HTTP_Referer|ARGS "pacific+[\w\-_.]*poke.*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "poker+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*poker\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "[\w\-_.]*poker.*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "poker.*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(random|free|internet)+[\w\-_.]*slots\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(wellbutrin|tenuate|tramadol|pheromones|phendimetrazine|ionamin|ortho.?tricyclen|retin.?a\b)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "ultram\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(celexa|valtrex|zyrtec|\bhgh\b|ambien\b|flonase|allegra|didrex|renova|bontril|nexium)+[\w\-_.]*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "([\w\-_.]+\.)?(l(so|os)tr)\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(lose[\w\-_.]*weight|weight[\w\-_.]*loss).*\.[a-z]{2,}"
+SecRule HTTP_Referer|ARGS "(prices|pills|buy|diet*|medic(ine|ation|al)|dru.*)\.pharma.*\.[a-z]{2,}"
diff --git a/config/apache_mod_security/rules/default.conf b/config/apache_mod_security/rules/default.conf
new file mode 100644
index 00000000..e01fc370
--- /dev/null
+++ b/config/apache_mod_security/rules/default.conf
@@ -0,0 +1,73 @@
+ # Default action set
+ SecFilterDefaultAction "deny,log,status:406"
+
+ # Simple example filter
+ SecFilter 111
+
+ # Prevent path traversal (..) attacks
+ SecFilter "\.\./"
+
+ # Weaker XSS protection but allows common HTML tags
+ SecFilter "<( |\n)*script"
+
+ # Prevent XSS atacks (HTML/Javascript injection)
+ SecFilter "<(.|\n)+>"
+
+ # Very crude filters to prevent SQL injection attacks
+ SecFilter "delete[[:space:]]+from"
+ SecFilter "insert[[:space:]]+into"
+ SecFilter "select.+from"
+
+ # Require HTTP_USER_AGENT and HTTP_HOST headers
+ SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
+
+ # Only accept request encodings we know how to handle
+ # we exclude GET requests from this because some (automated)
+ # clients supply "text/html" as Content-Type
+ SecFilterSelective REQUEST_METHOD "!^GET$" chain
+ SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
+
+ # Require Content-Length to be provided with
+ # every POST request
+ SecFilterSelective REQUEST_METHOD "^POST$" chain
+ SecFilterSelective HTTP_Content-Length "^$"
+
+ # Don't accept transfer encodings we know we don't handle
+ # (and you don't need it anyway)
+ SecFilterSelective HTTP_Transfer-Encoding "!^$"
+
+ # Some common application-related rules from
+ # http://modsecrules.monkeydev.org/rules.php?safety=safe
+
+ #Nuke Bookmarks XSS
+ SecFilterSelective THE_REQUEST "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=(<[[:space:]]*script|(http|https|ftp)\:/)"
+
+ #Nuke Bookmarks Marks.php SQL Injection Vulnerability
+ SecFilterSelective THE_REQUEST "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(union|select|delete|insert)"
+
+ #PHPNuke general XSS attempt
+ #/modules.php?name=News&file=article&sid=1&optionbox=
+ SecFilterSelective THE_REQUEST "/modules\.php\?*name=<[[:space:]]*script"
+
+ # PHPNuke SQL injection attempt
+ SecFilterSelective THE_REQUEST "/modules\.php\?*name=Search*instory="
+
+ #phpnuke sql insertion
+ SecFilterSelective THE_REQUEST "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
+
+ # WEB-PHP phpbb quick-reply.php arbitrary command attempt
+
+ SecFilterSelective THE_REQUEST "/quick-reply\.php" chain
+ SecFilter "phpbb_root_path="
+
+ #Topic Calendar Mod for phpBB Cross-Site Scripting Attack
+ SecFilterSelective THE_REQUEST "/calendar_scheduler\.php\?start=(<[[:space:]]*script|(http|https|ftp)\:/)"
+
+ # phpMyAdmin: Safe
+
+ #phpMyAdmin Export.PHP File Disclosure Vulnerability
+ SecFilterSelective SCRIPT_FILENAME "export\.php$" chain
+ SecFilterSelective ARG_what "\.\."
+
+ #phpMyAdmin path vln
+ SecFilterSelective REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc" \ No newline at end of file
diff --git a/config/apache_mod_security/rules/jitp.conf b/config/apache_mod_security/rules/jitp.conf
new file mode 100644
index 00000000..97d8bd30
--- /dev/null
+++ b/config/apache_mod_security/rules/jitp.conf
@@ -0,0 +1,4445 @@
+# http://www.gotroot.com/mod_security+rules
+# Gotroot.com ModSecurity rules
+# Just In Time Patches for Vulnerable Applications Rules for modsec 2.x
+# NOTICE: THESE RULES ARE OBSOLETE AND ARE NO LONGER SUPPORTED
+# Visit http://www.gotroot.com to download supported rules
+
+#
+# Version: N-20061022-01
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/jitp.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+#--------------------------------
+# notes
+#--------------------------------
+# Rules work with modsecurity 2.x and above only
+
+#--------------------------------
+#start rules
+#--------------------------------
+
+# WEB-CGI formmail
+SecRule REQUEST_URI "/(formmail|mailform)(\x0a|\.pl\x0a)"
+
+#pals-cgi arbitrary file access attempt
+SecRule REQUEST_URI "/pals-cgi.*documentName="
+
+# WEB-CGI phf arbitrary command execution attempt
+SecRule REQUEST_URI "/phf" chain
+SecRule REQUEST_URI "\x0a/"
+# WEB-CGI phf access
+SecRule REQUEST_URI "/phf\?"
+
+# WEB-CGI htsearch arbitrary file read attempt
+SecRule REQUEST_URI "/htsearch\?exclude=\`"
+
+# WEB-CGI csSearch.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/csSearch\.cgi\?" chain
+SecRule REQUEST_URI "\`"
+
+## WEB-CGI FormHandler.cgi directory traversal attempt attempt
+SecRule REQUEST_URI "/FormHandler\.cgi" chain
+SecRule REQUEST_URI "/\.\./"
+
+# WEB-CGI FormHandler.cgi external site redirection attempt
+SecRule REQUEST_URI "/FormHandler\.cgi" chain
+SecRule REQUEST_URI "redirect=http"
+
+# WEB-PHP squirrel mail spell-check arbitrary command attempt
+SecRule REQUEST_URI "/squirrelspell/modules/check_me\.mod\.php" chain
+SecRule REQUEST_URI "SQSPELL_APP\["
+
+# WEB-PHP squirrel mail theme arbitrary command attempt
+SecRule REQUEST_URI "/left_main\.php" chain
+SecRule REQUEST_URI "cmdd="
+
+# WEB-PHP directory.php arbitrary command attempt
+SecRule REQUEST_URI "/directory\.php\?" chain
+SecRule REQUEST_URI "\;"
+
+# WEB-PHP PHPLIB remote commanSelective REQUEST_URI|REQUEST_BODYd attempt
+SecRule REQUEST_URI|REQUEST_BODY "_PHPLIB\[libdir\]"
+
+# WEB-PHP PHPLIB remote command attempt
+SecRule REQUEST_URI "/db_mysql\.inc"
+
+# Exploit phpBB Highlighting Code Execution Attempt
+SecRule REQUEST_URI|REQUEST_BODY "(\;|\&)highlight=\'\.system\("
+
+# Exploit phpBB Highlighting SQL Injection
+SecRule REQUEST_URI|REQUEST_BODY "&highlight=\'\.mysql_query\("
+
+# Exploit phpBB Highlighting Code Execution - Santy.A Worm
+SecRule REQUEST_URI|REQUEST_BODY "&highlight=\'\.fwrite\(fopen\("
+
+# Exploit phpBB Highlight Exploit Attempt
+SecRule REQUEST_URI|REQUEST_BODY "&highlight=\x2527\x252Esystem\("
+
+# WEB-CGI dcforum.cgi directory traversal attempt
+SecRule REQUEST_URI "/dcforum\.cgi" chain
+SecRule REQUEST_URI "forum=\.\./\.\."
+
+# WEB-CGI dcboard.cgi invalid user addition attempt
+SecRule REQUEST_URI "/dcboard\.cgi.*\|admin"
+
+# WEB-CGI alchemy http server PRN arbitrary command execution attempt
+SecRule REQUEST_URI|REQUEST_BODY "/PRN/\.\./\.\./"
+
+# WEB-CGI alchemy http server NUL arbitrary command execution attempt
+SecRule REQUEST_URI|REQUEST_BODY "/NUL/\.\./\.\./"
+
+# WEB-CGI AltaVista Intranet Search directory traversal attempt
+SecRule REQUEST_URI "/query\?mss=\.\."
+
+# WEB-CGI hello.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/hello\.bat" chain
+SecRule REQUEST_URI "\&"
+
+# WEB-CGI Home Free search.cgi directory traversal attempt
+SecRule REQUEST_URI "/search\.cgi" chain
+SecRule REQUEST_URI "letter=\.\./\.\."
+
+#campus attempt
+SecRule REQUEST_URI "/campus\?\|0A\|"
+
+# WEB-CGI pfdispaly.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/pfdispaly\.cgi\?\'"
+
+# WEB-CGI talkback.cgi directory traversal attempt
+SecRule REQUEST_URI "/talkbalk\.cgi" chain
+SecRule REQUEST_URI "article=\.\./\.\./"
+
+# WEB-CGI technote main.cgi file directory traversal attempt
+SecRule REQUEST_URI "/technote/main\.cgi" chain
+SecRule REQUEST_URI "\.\./\.\./"
+
+# WEB-CGI technote print.cgi directory traversal attempt
+SecRule REQUEST_URI "/technote/print\.cgi.*\x00"
+
+# WEB-CGI eXtropia webstore directory traversal
+SecRule REQUEST_URI "/web_store\.cgi" chain
+SecRule REQUEST_URI "page=\.\./"
+
+# WEB-CGI shopping cart directory traversal
+SecRule REQUEST_URI "/shop\.cgi" chain
+SecRule REQUEST_URI "page=\.\./"
+
+# WEB-CGI Allaire Pro Web Shell attempt
+SecRule REQUEST_URI "/authenticate\.cgi\?PASSWORD" chain
+SecRule REQUEST_URI "config\.ini"
+
+# WEB-CGI Armada Style Master Index directory traversal
+SecRule REQUEST_URI "/search\.cgi\?keys" chain
+SecRule REQUEST_URI "catigory=\.\./"
+
+# WEB-CGI cached_feed.cgi moreover shopping cart directory traversal
+SecRule REQUEST_URI "/cached_feed\.cgi" chain
+SecRule REQUEST_URI "\.\./"
+
+# WEB-CGI Talentsoft Web+ exploit attempt
+SecRule REQUEST_URI "/webplus\.cgi\?Script=/webplus/webping/webping\.wml"
+
+# WEB-CGI txt2html.cgi directory traversal attempt
+SecRule REQUEST_URI "/txt2html\.cgi" chain
+SecRule REQUEST_URI "/\.\./\.\./\.\./\.\./"
+
+# WEB-CGI store.cgi directory traversal attempt
+SecRule REQUEST_URI "/store\.cgi" chain
+SecRule REQUEST_URI "\.\./"
+
+# WEB-CGI mrtg.cgi directory traversal attempt
+SecRule REQUEST_URI "/mrtg\.cgi" chain
+SecRule REQUEST_URI "cfg=/\.\./"
+
+# WEB-CGI CCBill whereami.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/whereami\.cgi\?g="
+
+# WEB-CGI WhatsUpGold instancename overflow attempt
+SecRule REQUEST_URI "/_maincfgret\.cgi"
+
+#Demarc SQL injection attempt
+SecRule REQUEST_URI "/dm/demarc.*s_key=.*\'"
+
+# WEB-MISC apache directory disclosure attempt
+SecRule REQUEST_URI|REQUEST_BODY "////////"
+
+# WEB-MISC htgrep attempt
+SecRule REQUEST_URI "/htgrep" chain
+SecRule REQUEST_URI "hdr=/"
+
+#musicat empower attempt
+SecRule REQUEST_URI "/empower\?DB="
+
+# WEB-PHP DNSTools administrator authentication bypass attempt
+SecRule REQUEST_URI "/dnstools\.php" chain
+SecRule REQUEST_URI "user_dnstools_administrator=true"
+
+# WEB-PHP DNSTools authentication bypass attempt
+SecRule REQUEST_URI "/dnstools\.php" chain
+SecRule REQUEST_URI "user_logged_in=true"
+
+#General phpbb_root_path vulnerabilities
+SecRule ARGS:phpbb_root_path "((ht|f)tps?\:/|\.\./)" "id:390070,rev:1,severity:2,msg:'JITP: Generic phpbb_root_path exploit'"
+
+# WEB-PHP phpbb quick-reply.php arbitrary command attempt
+SecRule REQUEST_URI "/quick-reply\.php" chain
+SecRule REQUEST_URI "phpbb_root_path="
+
+# WEB-PHP Blahz-DNS dostuff.php modify user attempt
+SecRule REQUEST_URI "/dostuff\.php\?action=modify_user"
+
+# WEB-PHP PHP-Wiki cross site scripting attempt
+SecRule REQUEST_URI "/modules\.php\?*name=Wiki*\<*(script|about|applet|activex|chrome)*\>"
+
+# WEB-MISC *%0a.pl access
+SecRule REQUEST_URI "/*\x0a\.pl"
+
+# WEB-PHP strings overflow
+SecRule REQUEST_URI|REQUEST_BODY "\?STRENGUR"
+
+# WEB-PHP shoutbox.php directory traversal attempt
+SecRule REQUEST_URI "/shoutbox\.php" chain
+SecRule REQUEST_URI "\.\./"
+
+# WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt
+SecRule REQUEST_URI "/gm-2-b2\.php" chain
+SecRule REQUEST_URI "b2inc=(http|https|ftp)\:/"
+
+# WEB-PHP BLNews objects.inc.php4 remote file include attempt
+SecRule REQUEST_URI "/objects\.inc\.php*" chain
+SecRule REQUEST_URI "Server\[path\]=(http|https|ftp)\:/"
+
+# WEB-PHP ttCMS header.php remote file include attempt
+SecRule REQUEST_URI "/admin/templates/header\.php" chain
+SecRule REQUEST_URI "admin_root=(http|https|ftp)\:/"
+
+# WEB-PHP autohtml.php directory traversal attempt
+SecRule REQUEST_URI "/autohtml\.php" chain
+SecRule REQUEST_URI "\.\./\.\./"
+
+# WEB-PHP ttforum remote file include attempt
+SecRule REQUEST_URI "forum/index\.php" chain
+SecRule REQUEST_URI "template="
+
+# WEB-PHP pmachine remote file include attempt
+SecRule REQUEST_URI "lib\.inc\.php" chain
+SecRule REQUEST_URI "pm_path=(http|https|ftp)\:/"
+SecRule REQUEST_URI "lib\.inc\.php.*pm_path.*(http|https|ftp)\:/"
+
+#rolis guestbook remote file include attempt
+SecRule REQUEST_URI "/insert\.inc\.php*path="
+
+# IdeaBox cord.php file include
+SecRule REQUEST_URI "/index\.php*ideaDir*cord\.php"
+
+#IdeaBox notification.php file include
+SecRule REQUEST_URI "/index\.php*gorumDir*notification\.php"
+
+# WEB-PHP DCP-Portal remote file include attempt
+SecRule REQUEST_URI "/library/lib\.php" chain
+SecRule REQUEST_URI "root="
+
+# WEB-PHP IdeaBox cord.php file include
+SecRule REQUEST_URI "/index\.php" chain
+SecRule REQUEST_URI "cord\.php"
+
+# WEB-PHP IdeaBox notification.php file include
+SecRule REQUEST_URI "/index\.php" chain
+SecRule REQUEST_URI "notification\.php"
+
+# WEB-PHP Invision Board emailer.php file include
+SecRule REQUEST_URI "/ad_member\.php" chain
+SecRule REQUEST_URI "emailer\.php"
+
+# WEB-PHP WebChat db_mysql.php file include
+SecRule REQUEST_URI "/defines\.php" chain
+SecRule REQUEST_URI "db_mysql\.php"
+
+# WEB-PHP WebChat english.php file include
+SecRule REQUEST_URI "/defines\.php" chain
+SecRule REQUEST_URI "english\.php"
+
+# WEB-PHP Typo3 translations.php file include
+SecRule REQUEST_URI "/translations\.php" chain
+SecRule REQUEST_URI "ONLY=\x2e"
+
+# WEB-PHP news.php file include
+SecRule REQUEST_URI "/news\.php" chain
+SecRule REQUEST_URI "template"
+
+# WEB-PHP YaBB SE packages.php file include
+SecRule REQUEST_URI "/packages\.php" chain
+SecRule REQUEST_URI "packer\.php"
+
+# WEB-PHP newsPHP Language file include attempt
+SecRule REQUEST_URI "/nphpd\.php" chain
+SecRule REQUEST_URI "LangFile"
+
+#myphpPagetool pt_config.inc file include
+SecRule REQUEST_URI "/doc/admin*ptinclude*pt_config\.inc"
+
+#Invision Board ipchat.php file include
+SecRule REQUEST_URI "/ipchat\.php*root_path*conf_global\.php"
+
+# WEB-PHP PhpGedView PGV authentication_index.php base directory manipulation attempt
+SecRule REQUEST_URI "/authentication_index\.php" chain
+SecRule REQUEST_URI "PGV_BASE_DIRECTORY=(http|https|ftp)\:/"
+
+# WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt
+SecRule REQUEST_URI "/functions\.php" chain
+SecRule REQUEST_URI "PGV_BASE_DIRECTORY"
+
+# WEB-PHP TUTOS path disclosure attempt
+SecRule REQUEST_URI "/note_overview\.php" chain
+SecRule REQUEST_URI "id="
+
+# WEB-PHP PhpGedView PGV base directory manipulation
+SecRule REQUEST_URI "_conf\.php" chain
+SecRule REQUEST_URI "PGV_BASE_DIRECTORY"
+
+#PHPBB worm sigs
+SecRule ARGS:highlight "(\x27|%27|\x2527|%2527)"
+
+#Mailto domain search possible MyDoom.M,O
+SecRule REQUEST_URI "/search\?hl=en&ie=UTF-8&oe=UTF-8&q=mailto\+" chain
+SecRule REQUEST_URI "Host\: www\.google\.com"
+
+#WEB-PHP EasyDynamicPages exploit
+SecRule REQUEST_URI "edp_relative_path="
+
+#Calendar XSS
+SecRule REQUEST_URI "/(calendar|setup).php\?phpc_root_path=((http|https|ftp)\:/|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>)"
+
+#phpMyAdmin Export.PHP File Disclosure Vulnerability
+SecRule SCRIPT_FILENAME "export\.php$" chain
+SecRule ARGS:what "\.\."
+
+#nmap version request
+SecRule REQUEST_URI|REQUEST_BODY "^(HELP|default|\||TNMP|DmdT|\:)$"
+
+#More PHPBB worms
+SecRule REQUEST_URI "/viewtopic\.php\?" chain
+SecRule ARGS "(chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(([0-9a-fA-Fx]{1,3})\)"
+
+# TIKIWIKI
+SecRule REQUEST_URI "/tiki-map.phtml\?mapfile=\.\./\.\./"
+
+# WEB-MISC BitKeeper arbitrary command attempt
+SecRule REQUEST_URI "/diffs/" chain
+SecRule REQUEST_URI "\'"
+
+#awstats probe
+SecRule REQUEST_URI|REQUEST_BODY "/awstats\.pl HTTP\/(0\.9|1\.0|1\.1)$" "id:390000,rev:1,severity:2,msg:'JITP: Awstats.pl probe'"
+
+#/forum/viewtopic.php?x=http://
+SecRule REQUEST_URI "/forum/viewtopic\.php\?x=(http|https|ftp)\:/"
+
+# WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt
+SecRule REQUEST_URI "/crystalimagehandler\.aspx" chain
+SecRule REQUEST_URI "dynamicimage=\.\./"
+
+#mailman 2.x path recursion attack
+SecRule REQUEST_URI|REQUEST_BODY "mailman/private/.*\.\.\./\.\.\.\.///"
+SecRule REQUEST_URI|REQUEST_BODY "/mailman/.*\.\.\./"
+
+#ftp.pl attempt
+SecRule REQUEST_URI "/ftp\.pl\?dir=\.\./\.\."
+
+#Tomcat server snoop access
+SecRule REQUEST_URI "/jsp/snp/.*\.snp"
+
+# WEB-CGI HyperSeek hsx.cgi directory traversal attempt
+SecRule REQUEST_URI "/hsx\.cgi.*\x00"
+
+# WEB-CGI SWSoft ASPSeek Overflow attempt
+SecRule REQUEST_URI "/s\.cgi" chain
+SecRule REQUEST_URI "tmpl="
+
+# WEB-CGI /wwwboard/passwd.txt access
+SecRule REQUEST_URI "/wwwboard/passwd\.txt"
+
+# WEB-CGI webplus directory traversal
+SecRule REQUEST_URI "/webplus\?script" chain
+SecRule REQUEST_URI "\.\./"
+
+# WEB-CGI websendmail access
+SecRule REQUEST_URI "/websendmail"
+
+# WEB-CGI anaconda directory transversal attempt
+SecRule REQUEST_URI "/(apexec|anacondaclip)\.pl" chain
+SecRule REQUEST_URI "template=\.\./"
+
+# WEB-CGI imagemap.exe overflow attempt
+SecRule REQUEST_URI "/imagemap\.exe\?"
+
+# WEB-CGI htmlscript attempt
+SecRule REQUEST_URI "/htmlscript\?\.\./\.\."
+
+# WEB-CGI nph-test-cgi access
+SecRule REQUEST_URI "/nph-test-cgi"
+
+
+# WEB-CGI rwwwshell.pl access
+SecRule REQUEST_URI "/rwwwshell\.pl"
+
+# WEB-CGI view-source directory traversal
+SecRule REQUEST_URI "/view-source" chain
+SecRule REQUEST_URI "\.\./"
+
+# WEB-CGI calendar_admin.pl arbitrary command execution attempt
+SecRule REQUEST_URI "/calendar_admin.pl\?config=\|7C\|"
+
+# WEB-CGI bb-hist.sh attempt
+SecRule REQUEST_URI "/bb-hist\.sh\?HISTFILE=\.\./\.\."
+
+# WEB-CGI bb-hostscv.sh attempt
+SecRule REQUEST_URI "/bb-hostsvc\.sh\?HOSTSVC\?\.\./\.\."
+
+# WEB-CGI wayboard attempt
+SecRule REQUEST_URI "/way-board/way-board\.cgi" chain
+SecRule REQUEST_URI "\.\./\.\."
+
+# WEB-CGI commerce.cgi arbitrary file access attempt
+SecRule REQUEST_URI "/commerce\.cgi" chain
+SecRule REQUEST_URI "/\.\./"
+
+# WEB-CGI Amaya templates sendtemp.pl directory traversal attempt
+SecRule REQUEST_URI "/sendtemp\.pl" chain
+SecRule REQUEST_URI "templ="
+
+# WEB-CGI webspirs.cgi directory traversal attempt
+SecRule REQUEST_URI "/webspirs\.cgi" chain
+SecRule REQUEST_URI "\.\./\.\./"
+
+# WEB-CGI auktion.cgi directory traversal attempt
+SecRule REQUEST_URI "/auktion\.cgi" chain
+SecRule REQUEST_URI "menue=\.\./\.\./"
+
+# WEB-CGI cgiforum.pl attempt
+SecRule REQUEST_URI "/cgiforum\.pl\?thesection=\.\./\.\."
+
+# WEB-CGI directorypro.cgi attempt
+SecRule REQUEST_URI "/directorypro\.cgi" chain
+SecRule REQUEST_URI "\.\./\.\."
+
+# WEB-CGI Web Shopper shopper.cgi attempt
+SecRule REQUEST_URI "/shopper\.cgi" chain
+SecRule REQUEST_URI "newpage=\.\./"
+
+# WEB-CGI cal_make.pl directory traversal attempt
+SecRule REQUEST_URI "/cal_make\.pl" chain
+SecRule REQUEST_URI "p0=\.\./\.\./"
+
+# WEB-CGI ttawebtop.cgi arbitrary file attempt
+SecRule REQUEST_URI "/ttawebtop\.cgi" chain
+SecRule REQUEST_URI "pg=\.\./"
+
+# WEB-CGI ustorekeeper.pl directory traversal attempt
+SecRule REQUEST_URI "/ustorekeeper\.pl" chain
+SecRule REQUEST_URI "file=\.\./\.\./"
+
+# WEB-CGI htsearch arbitrary configuration file attempt
+SecRule REQUEST_URI "/htsearch\?\-c"
+
+
+# WEB-CGI alibaba.pl arbitrary command execution attempt
+SecRule REQUEST_URI "/alibaba\.pl(\|7C\||\x7C)"
+
+# WEB-CGI AltaVista Intranet Search directory traversal attempt
+SecRule REQUEST_URI "/query\?mss=\.\."
+
+# WEB-CGI test.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/test.bat(\|7C\||\x7C)"
+
+# WEB-CGI input.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/input.bat(\|7C\||\x7C)"
+
+# WEB-CGI envout.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/envout.bat(\|7C\||\x7C)"
+
+# WEB-CGI hello.bat arbitrary command execution attempt
+SecRule REQUEST_URI "/hello\.bat" chain
+SecRule REQUEST_URI "\&"
+
+# WEB-CGI csSearch.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/csSearch\.cgi" chain
+SecRule REQUEST_URI "\`"
+
+# WEB-CGI eshop.pl arbitrary commane execution attempt
+SecRule REQUEST_URI "/eshop\.pl\?seite=(\|3B\|\x3B)"
+
+# WEB-CGI loadpage.cgi directory traversal attempt
+SecRule REQUEST_URI "/loadpage\.cgi" chain
+SecRule REQUEST_URI "file=\.\./"
+
+#faqmanager.cgi arbitrary file access attempt
+SecRule REQUEST_URI "/faqmanager\.cgi\?toc=*/"
+SecRule REQUEST_URI "/faqmanager\.cgi\?(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(s|r)(cp|sh)|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
+
+# WEB-CGI Home Free search.cgi directory traversal attempt
+SecRule REQUEST_URI "/search\.cgi" chain
+SecRule REQUEST_URI "letter=\.\./\.\."
+
+# WEB-CGI pfdispaly.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/pfdispaly\.cgi\?'"
+
+# WEB-CGI pagelog.cgi directory traversal attempt
+SecRule REQUEST_URI "/pagelog\.cgi" chain
+SecRule REQUEST_URI "name=\.\./"
+
+# WEB-CGI talkback.cgi directory traversal attempt
+SecRule REQUEST_URI "/talkbalk\.cgi" chain
+SecRule REQUEST_URI "article=\.\./\.\./"
+
+# WEB-CGI emumail.cgi NULL attempt
+SecRule REQUEST_URI "/emumail\.cgi.*\x00"
+
+# WEB-CGI technote main.cgi file directory traversal attempt
+SecRule REQUEST_URI "/technote/main\.cgi" chain
+SecRule REQUEST_URI "\.\./\.\./"
+
+# WEB-CGI technote print.cgi directory traversal attempt
+SecRule REQUEST_URI "/technote/print\.cgi.*\x00"
+
+# WEB-CGI Allaire Pro Web Shell attempt
+SecRule REQUEST_URI "/authenticate.cgi\?PASSWORD" chain
+SecRule REQUEST_URI "config\.ini"
+
+# WEB-CGI Armada Style Master Index directory traversal
+SecRule REQUEST_URI "/search\.cgi\?keys" chain
+SecRule REQUEST_URI "catigory=\.\./"
+
+# WEB-CGI cached_feed.cgi moreover shopping cart directory traversal
+SecRule REQUEST_URI "/cached_feed\.cgi" chain
+SecRule REQUEST_URI "\.\./"
+
+# WEB-CGI Talentsoft Web+ exploit attempt
+SecRule REQUEST_URI "/webplus.cgi\?Script=/webplus/webping/webping\.wml"
+
+# WEB-CGI bizdbsearch attempt
+SecRule REQUEST_URI "/bizdb1-search\.cgi" chain
+SecRule REQUEST_URI "mail"
+
+# WEB-CGI sojourn.cgi File attempt
+SecRule REQUEST_URI "/sojourn\.cgi\?cat=.*\x00"
+
+# WEB-CGI SGI InfoSearch fname attempt
+SecRule REQUEST_URI "/infosrch\.cgi\?" chain
+SecRule REQUEST_URI "fname="
+
+
+# WEB-CGI store.cgi directory traversal attempt
+SecRule REQUEST_URI "/store\.cgi" chain
+SecRule REQUEST_URI "\.\./"
+
+# WEB-CGI SIX webboard generate.cgi attempt
+SecRule REQUEST_URI "/generate\.cgi" chain
+SecRule REQUEST_URI "content=\.\./"
+
+# WEB-CGI story.pl arbitrary file read attempt
+SecRule REQUEST_URI "/story\.pl" chain
+SecRule REQUEST_URI "next=\.\./"
+
+# WEB-CGI mrtg.cgi directory traversal attempt
+SecRule REQUEST_URI "/mrtg\.cgi" chain
+SecRule REQUEST_URI "cfg=/\.\./"
+
+#alienform.cgi directory traversal attempt
+SecRule REQUEST_URI "/alienform\.cgi.*\.\|7C\|\./\.\|7C\|\."
+SecRule REQUEST_URI "/af\.cgi.*\.\|7C\|\./\.\|7C\|\."
+
+# WEB-CGI CCBill whereami.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/whereami\.cgi\?g="
+
+# WEB-CGI MDaemon form2raw.cgi overflow attempt
+SecRule REQUEST_URI "/form2raw\.cgi"
+
+# WEB-CGI WhatsUpGold instancename overflow attempt
+SecRule REQUEST_URI "/_maincfgret\.cgi"
+
+#honeypot
+SecRule REQUEST_URI|REQUEST_BODY "clamav-partial "
+SecRule REQUEST_URI|REQUEST_BODY "vi\.recover "
+
+# WEB-COLDFUSION cfcache.map access
+SecRule REQUEST_URI "/cfcache\.map"
+
+# WEB-COLDFUSION exampleapp application.cfm
+SecRule REQUEST_URI "/cfdocs/exampleapp/email/application\.cfm"
+
+# WEB-COLDFUSION application.cfm access
+SecRule REQUEST_URI "/cfdocs/exampleapp/publish/admin/application\.cfm"
+
+# WEB-COLDFUSION getfile.cfm access
+SecRule REQUEST_URI "/cfdocs/exampleapp/email/getfile\.cfm"
+
+# WEB-COLDFUSION addcontent.cfm access
+SecRule REQUEST_URI "/cfdocs/exampleapp/publish/admin/addcontent\.cfm"
+
+# WEB-COLDFUSION administrator access
+SecRule REQUEST_URI "/cfide/administrator/index\.cfm"
+
+# WEB-COLDFUSION fileexists.cfm access
+SecRule REQUEST_URI "/cfdocs/snippets/fileexists\.cfm"
+
+# WEB-COLDFUSION exprcalc access
+SecRule REQUEST_URI "/cfdocs/expeval/exprcalc\.cfm"
+
+# WEB-COLDFUSION parks access
+SecRule REQUEST_URI "/cfdocs/examples/parks/detail\.cfm"
+
+# WEB-COLDFUSION cfappman access
+SecRule REQUEST_URI "/cfappman/index\.cfm"
+
+# WEB-COLDFUSION beaninfo access
+SecRule REQUEST_URI "/cfdocs/examples/cvbeans/beaninfo\.cfm"
+
+# WEB-COLDFUSION evaluate.cfm access
+SecRule REQUEST_URI "/cfdocs/snippets/evaluate\.cfm"
+
+# WEB-COLDFUSION expeval access
+SecRule REQUEST_URI "/cfdocs/expeval/"
+
+# WEB-COLDFUSION displayfile access
+SecRule REQUEST_URI "/cfdocs/expeval/displayopenedfile\.cfm"
+
+# WEB-COLDFUSION mainframeset access
+SecRule REQUEST_URI "/cfdocs/examples/mainframeset\.cfm"
+
+# WEB-COLDFUSION exampleapp access
+SecRule REQUEST_URI "/cfdocs/exampleapp/"
+
+# WEB-COLDFUSION snippets attempt
+SecRule REQUEST_URI "/cfdocs/snippets/"
+
+# WEB-COLDFUSION cfmlsyntaxcheck.cfm access
+SecRule REQUEST_URI "/cfdocs/cfmlsyntaxcheck\.cfm"
+
+# WEB-COLDFUSION application.cfm access
+SecRule REQUEST_URI "/application\.cfm"
+
+# WEB-COLDFUSION onrequestend.cfm access
+SecRule REQUEST_URI "/onrequestend\.cfm"
+
+# WEB-COLDFUSION startstop DOS access
+SecRule REQUEST_URI "/cfide/administrator/startstop\.html"
+
+# WEB-COLDFUSION gettempdirectory.cfm access
+SecRule REQUEST_URI "/cfdocs/snippets/gettempdirectory\.cfm"
+
+# WEB-COLDFUSION sendmail.cfm access
+SecRule REQUEST_URI "/sendmail\.cfm"
+
+# WEB-COLDFUSION ?Mode=debug attempt
+#SecRule REQUEST_URI "Mode=debug"
+
+# WEB-MISC Tomcat view source attempt
+SecRule REQUEST_URI|REQUEST_BODY "\x252ejsp"
+
+# WEB-MISC unify eWave ServletExec upload
+SecRule REQUEST_URI|REQUEST_BODY "/servlet/com\.unify\.servletexec\.UploadServlet"
+
+# WEB-MISC Talentsoft Web+ Source Code view access
+SecRule REQUEST_URI "/webplus\.exe\?script=test\.wml"
+
+# WEB-MISC ftp.pl attempt
+SecRule REQUEST_URI "/ftp\.pl\?dir=\.\./\.\."
+
+# WEB-MISC apache source.asp file access
+SecRule REQUEST_URI "/site/eg/source\.asp"
+
+# WEB-MISC Tomcat server exploit access
+SecRule REQUEST_URI "/contextAdmin/contextAdmin\.html"
+
+# WEB-MISC Ecommerce import.txt access
+SecRule REQUEST_URI "/orders/import\.txt"
+
+# WEB-MISC Domino catalog.nsf access
+SecRule REQUEST_URI "/catalog\.nsf"
+
+# WEB-MISC Domino domcfg.nsf access
+SecRule REQUEST_URI "/domcfg\.nsf"
+
+# WEB-MISC Domino domlog.nsf access
+SecRule REQUEST_URI "/domlog\.nsf"
+
+# WEB-MISC Domino log.nsf access
+SecRule REQUEST_URI "/log\.nsf"
+
+# WEB-MISC Domino names.nsf access
+SecRule REQUEST_URI "/names\.nsf"
+
+# WEB-MISC Domino mab.nsf access
+SecRule REQUEST_URI "/mab\.nsf"
+
+# WEB-MISC Domino cersvr.nsf access
+SecRule REQUEST_URI "/cersvr\.nsf"
+
+# WEB-MISC Domino setup.nsf access
+SecRule REQUEST_URI "/setup\.nsf"
+
+# WEB-MISC Domino statrep.nsf access
+SecRule REQUEST_URI "/statrep\.nsf"
+
+# WEB-MISC Domino webadmin.nsf access
+SecRule REQUEST_URI "/webadmin\.nsf"
+
+# WEB-MISC Domino events4.nsf access
+SecRule REQUEST_URI "/events4\.nsf"
+
+# WEB-MISC Domino ntsync4.nsf access
+SecRule REQUEST_URI "/ntsync4\.nsf"
+
+# WEB-MISC Domino collect4.nsf access
+SecRule REQUEST_URI "/collect4\.nsf"
+
+# WEB-MISC Domino mailw46.nsf access
+SecRule REQUEST_URI "/mailw46\.nsf"
+
+# WEB-MISC Domino bookmark.nsf access
+SecRule REQUEST_URI "/bookmark\.nsf"
+
+# WEB-MISC Domino agentrunner.nsf access
+SecRule REQUEST_URI "/agentrunner\.nsf"
+
+# WEB-MISC Domino mail.box access
+#SecRule REQUEST_URI "/mail.box"
+
+# WEB-MISC Ecommerce checks.txt access
+SecRule REQUEST_URI "/orders/checks\.txt"
+
+# WEB-MISC mall log order access
+SecRule REQUEST_URI "/mall_log_files/order\.log"
+
+# WEB-MISC ROADS search.pl attempt
+SecRule REQUEST_URI "/ROADS/cgi-bin/search\.pl" chain
+SecRule REQUEST_URI "form="
+
+# WEB-MISC SWEditServlet directory traversal attempt
+SecRule REQUEST_URI "/SWEditServlet" chain
+SecRule REQUEST_URI "template=\.\./\.\./\.\./"
+
+# WEB-MISC RBS ISP /newuser directory traversal attempt
+SecRule REQUEST_URI "/newuser\?Image=\.\./\.\."
+
+# WEB-MISC PCCS mysql database admin tool access
+SecRule REQUEST_URI "pccsmysqladm/incs/dbconnect\.inc"
+
+# WEB-MISC ans.pl attempt
+SecRule REQUEST_URI "/ans.pl\?p=\.\./\.\./"
+
+# WEB-MISC Demarc SQL injection attempt
+SecRule REQUEST_URI "/dm/demarc" chain
+SecRule REQUEST_URI "\'"
+
+# WEB-MISC philboard_admin.asp authentication bypass attempt
+SecRule REQUEST_URI "/philboard_admin\.asp" chain
+SecRule REQUEST_URI "philboard_admin=True"
+
+# WEB-PHP Phorum /support/common.php access
+SecRule REQUEST_URI "/support/common\.php"
+
+# WEB-PHP rolis guestbook remote file include attempt
+SecRule REQUEST_URI "/insert\.inc\.php" chain
+SecRule REQUEST_URI "path="
+
+# book.cgi arbitrary command execution attempt
+SecRule REQUEST_URI "/book\.cgi.*current=\|7C\|"
+
+# WEB-PHP gallery remote file include attempt
+SecRule REQUEST_URI "/setup/" chain
+SecRule REQUEST_URI "GALLERY_BASEDIR=(http|https|ftp)\:/"
+
+#Needinit remote file include attempt
+SecRule REQUEST_URI "/needinit\.php\?" chain
+SecRule REQUEST_URI "GALLERY_BASEDIR=(http|https|ftp)\:/"
+
+# WEB-PHP IdeaBox cord.php file include
+SecRule REQUEST_URI "/index\.php" chain
+SecRule REQUEST_URI "cord\.php"
+
+# WEB-PHP Invision Board ipchat.php file include
+SecRule REQUEST_URI "/ipchat\.php" chain
+SecRule REQUEST_URI "conf_global\.php"
+
+# WEB-PHP myphpPagetool pt_config.inc file include
+SecRule REQUEST_URI "/doc/admin" chain
+SecRule REQUEST_URI "pt_config\.inc"
+
+# WEB-PHP YaBB SE packages.php file include
+SecRule REQUEST_URI "/packages\.php" chain
+SecRule REQUEST_URI "packer\.php"
+
+# WEB-PHP PhpGedView PGV authentication_index.php base directory manipulation attempt
+SecRule REQUEST_URI "/authentication_index\.php" chain
+SecRule REQUEST_URI "PGV_BASE_DIRECTORY"
+
+# WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt
+SecRule REQUEST_URI "/functions\.php" chain
+SecRule REQUEST_URI "PGV_BASE_DIRECTORY"
+
+# WEB-PHP PhpGedView PGV config_gedcom.php base directory manipulation attempt
+SecRule REQUEST_URI "/config_gedcom\.php" chain
+SecRule REQUEST_URI "PGV_BASE_DIRECTORY"
+
+# WEB-PHP PhpGedView PGV base directory manipulation
+SecRule REQUEST_URI "_conf\.php" chain
+SecRule REQUEST_URI "PGV_BASE_DIRECTORY"
+
+# WEB-PHP WAnewsletter newsletter.php file include attempt
+SecRule REQUEST_URI "newsletter\.php" chain
+SecRule REQUEST_URI "start\.php"
+
+# WEB-PHP Opt-X header.php remote file include attempt
+SecRule REQUEST_URI "/header\.php" chain
+SecRule REQUEST_URI "systempath="
+
+#webdav searcg attack
+SecRule REQUEST_URI "/_vti_bin/_vti_aut/fp30reg\.dll"
+
+#/auth.php?path=http://[attacker]/
+SecRule REQUEST_URI "/auth.php\?path=(http|https|ftp)\:/"
+
+SecRule REQUEST_URI "/dforum/nav\.php3\?page=<[[:space:]]*(script|about|applet|activex|chrome)+.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#phpMyAdmin path vln
+SecRule REQUEST_URI "/phpMyAdmin/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=(/|.*\.\./)"
+
+#PHPBB full path disclosure
+SecRule REQUEST_URI "phpBB/db/oracle\.php"
+SecRule REQUEST_URI "forum/db/oracle\.php"
+SecRule REQUEST_URI "forums/db/oracle\.php"
+
+
+#PHP Form Mail Script File Incusion vuln
+SecRule REQUEST_URI "/inc/formmail\.inc\.php\?script_root=(http|https|ftp)\:/"
+
+#Download Center Lite File Incusion vuln
+SecRule REQUEST_URI "/inc/download_center_lite\.inc\.php\?script_root=(http|https|ftp)\:/"
+
+#/modules/mod_mainmenu.php?mosConfig_absolute_path=http://
+SecRule REQUEST_URI "/modules/mod_mainmenu\.php\?mosConfig_absolute_path=(http|https|ftp)\:/"
+
+#phpWebLog command execution
+SecRule REQUEST_URI "/init\.inc\.php\?G_PATH=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/backend/addons/links/index\.php\?PATH=(http|https|ftp)\:/"
+
+#mcNews command execution
+SecRule REQUEST_URI "/mcNews/admin/header\.php\?skinfile=(http|https|ftp)\:/"
+
+#phpbb
+SecRule REQUEST_URI "admin/admin_styles\.php\?mode=addnew\&install_to=\.\./\.\./"
+#votebox
+SecRule REQUEST_URI "/votebox\.php\?VoteBoxPath=(http|https|ftp)\:/"
+
+#phpAdsNew path disclosure
+SecRule REQUEST_URI "/libraries/lib-xmlrpcs.inc\.php"
+SecRule REQUEST_URI "/maintenance/maintenance-activation\.php"
+SecRule REQUEST_URI "/maintenance/maintenance-cleantables\.php"
+SecRule REQUEST_URI "/maintenance/maintenance-autotargeting\.php"
+SecRule REQUEST_URI "/maintenance/maintenance-reports\.php"
+SecRule REQUEST_URI "/misc/backwards\x20compatibility/phpads\.php"
+SecRule REQUEST_URI "/misc/backwards\x20compatibility/remotehtmlview\.php"
+SecRule REQUEST_URI "/misc/backwards\x20compatibility/click\.php"
+SecRule REQUEST_URI "/adframe\.php\?refresh=securityreason\.com\'\>"
+
+#include cgi command exec
+SecRule REQUEST_URI "/includer\.cgi\?=\|"
+
+#citrusDB
+#adjust these to your system, you might need to upload
+SecRule REQUEST_URI "tools/index\.php\?load=\.\./\.\./"
+SecRule REQUEST_URI "citrusdb/tools/index\.php\?load=importcc\&submit=on"
+SecRule REQUEST_URI "/citrusdb/tools/uploadcc\.php"
+
+#awstats vulns
+SecRule REQUEST_URI "/awstats\.pl\?(configdir|update|pluginmode|cgi)=(\||echo|\:system\()"
+SecRule REQUEST_URI "/awstats\.pl\?(debug=1|pluginmode=rawlog\&loadplugin=rawlog|update=1\&logfile=\|)"
+SecRule REQUEST_URI "/awstats\.pl\?[^\r\n]*logfile=\|"
+SecRule REQUEST_URI "/awstats\.pl\?configdir="
+SecRule REQUEST_URI "awstats\.pl\?" chain
+SecRule ARGS "(debug|configdir|perl|chmod|exec|print|cgi)"
+
+#yabb
+SecRule REQUEST_URI "/YaBB\.pl\?action=usersrecentposts\;username=\<IFRAME.*javascript\:alert\(\'"
+
+# WEB-FRONTPAGE .... request
+SecRule REQUEST_URI|REQUEST_BODY "\.\.\.\./"
+
+#phpbb XSS
+SecRule REQUEST_URI "/posting\.php\?mode=reply&t=.*userid.*phpbb2mysql_t=(\<(script|javascript|about|applet|activex|chrome)|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/posting\.php\\?.*(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI|REQUEST_BODY "/privmsg\.php" chain
+SecRule REQUEST_URI|REQUEST_BODY "\<a href=*(script|about|applet|activex|chrome)"
+
+#proxy grabber
+SecRule REQUEST_URI "/proxy-grabber\.com/cgi-bin/v2/nph-env\.cgi\?"
+
+#Unique stuff caught in our traps
+SecRule REQUEST_URI "/mail_autocheck\.php\?pm_path=(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+# Remote File Inclusion Vulnerability in phpWebLog
+SecRule REQUEST_URI "/include/init\.inc\.php\?G_PATH=(http|https|ftp)\:/"
+SecRule REQUEST_URI "addons/links/index\.php\?PATH=(http|https|ftp)\:/"
+
+#Multiple Vulnerabilities in ProjectBB
+SecRule REQUEST_URI "/divers\.php\?action=liste\&liste=\&desc=\&pages=(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/divers\.php\?action=liste\&liste=(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/Zip/divers\.php\?action =liste&liste=email&desc=.*\'"
+
+#WebChat english.php or db_mysql.php file include
+SecRule REQUEST_URI "/defines\.php*WEBCHATPATH*(db_mysql\.php|english\.php)"
+
+#Cross-Site Scripting Vulnerability in D-Forum
+SecRule REQUEST_URI "/nav\.php3\?page=(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#Multiple Vulnerabilities in auraCMS
+SecRule REQUEST_URI "/index\.php\?query=(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/).*\&pilih=search"
+SecRule REQUEST_URI "/hits\.php\?hits=(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/counter\.php\?theCount=(\<(javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#vBulletin Remote Command Execution Attempt
+SecRule REQUEST_URI "/forumdisplay\.php?[^\r\n]*comma=[^\r\n\x26]*system\x28.*\x29/Ui"
+SecRule REQUEST_URI "/forumdisplay\.php\?" chain
+SecRule REQUEST_URI|REQUEST_BODY "\.system\(.+\)\."
+SecRule REQUEST_URI "/forumdisplay\.php\?*comma="
+
+#PHPNuke general XSS attempt
+#/modules.php?name=News&file=article&sid=1&optionbox=
+SecRule REQUEST_URI "/modules\.php\?*name=*\<*(script|about|applet|activex|chrome)*\>"
+SecRule REQUEST_URI "/modules\.php\?op=modload&name=News&file=article&sid=*\<*(script|about|applet|activex|chrome)*\>"
+
+# PHPNuke SQL injection attempt
+SecRule REQUEST_URI "/modules\.php\?*name=Search*instory="
+SecRule REQUEST_URI "/modules\.php\?*name=(Search|Web_Links).*\'"
+
+#EasyDynamicPages exploit
+SecRule REQUEST_URI|REQUEST_BODY "edp_relative_path="
+
+#Readfile.tcl Access
+SecRule REQUEST_URI "/readfile\.tcl\?file="
+
+#phpnuke sql insertion
+SecRule REQUEST_URI "/modules\.php*name=Forums.*file=viewtopic*/forum=.*\'/"
+
+#WAnewsletter newsletter.php file include attempt
+SecRule REQUEST_URI "newsletter\.php*waroot*start\.php"
+
+# Typo3 translations.php file include
+SecRule REQUEST_URI "/translations\.php*ONLY"
+
+#PHP-Nuke remote file include attempt
+SecRule REQUEST_URI "/index\.php*file=*(http|https|ftp)\:/"
+
+#PayPal Storefront remote file include attempt
+SecRule REQUEST_URI "do=ext*/page=(http|https|ftp)\:/"
+
+#PHPOpenChat
+SecRule REQUEST_URI "/poc_loginform\.php\?phpbb_root_path=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/poc\.php\?phpbb_root_path=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/poc\.php\?poc_root_path=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/ENGLISH_poc\.php\?poc_root_path=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/poc\.php\?sourcedir=(http|https|ftp)\:/"
+
+#ACS Blog Search.ASP Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/search\.asp\?search=.*iframe\+src.*((javascript|script|about|applet|activex|chrome)*\>|http|https|ftp)\:/"
+
+#mcNews Remote command execution
+SecRule REQUEST_URI "/admin/install\.php\?l=(http|https|ftp)\:/"
+
+#mailman XSS
+SecRule REQUEST_URI|REQUEST_BODY "/mailman/.*\?.*info=*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Macromedia SiteSpring XSS
+SecRule REQUEST_URI|REQUEST_BODY "/error/500error\.jsp.*et=*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#OWA phishing redirect
+SecRule REQUEST_URI "/exchweb/bin/auth/owalogon\.asp\?url=(http|https)\:/"
+
+#ads.cgi command execution attempt
+SecRule REQUEST_URI "/ads\.cgi.*file=.*\.\./\.\./"
+
+#webdist.cgi arbitrary command attemp
+SecRule REQUEST_URI "/webdist\.cgi.*distloc=(\|3B\||\x3B)"
+
+#enter_bug.cgi arbitrary command attempt
+SecRule REQUEST_URI "/enter_bug\.cgi.*who.*(\|3B\||\x3B)"
+
+#cross site scripting HTML Image tag set to javascript attempt
+SecRule REQUEST_URI|REQUEST_BODY "img src=javascript"
+
+#b2 arbitrary command execution attempt
+SecRule REQUEST_URI "/b2-include/.*b2inc.*http(\|3A\|//|\x3A)"
+
+#tomcat servlet mapping XSS
+SecRule REQUEST_URI|REQUEST_BODY "/servlet/.*/org\.apache\."
+
+#RUNCMS,Exoops,CIAMOS highlight file access hole
+SecRule REQUEST_URI "/class/debug/highlight\.php\?file=(/|\.\./)"
+
+#TRG/CzarNews News Script Include File Hole Lets Remote Users Execute Arbitrary Commands
+SecRule REQUEST_URI "/install/(article|authorall|comment|display|displayall.)\.php\?dir=(http|https|ftp):/"
+
+#zpanel XSS
+SecRule REQUEST_URI "/zpanel\.php\?page=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#zpanel SQL injection
+SecRule REQUEST_URI "/zpanel\.php\?page=.*\'"
+
+#Phorum HTTP Response Splitting Vulnerability
+SecRule REQUEST_URI "/search\.php\?forum_id=.*\&search=.*\&body=.*Content-Length\:.*HTTP/1\.0.*Content-Type\:.*Content-Length\:"
+
+#Subdreamer Light Global Variables SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php\?categoryid=.*\&.*_sectionid=.*\&.*_imageid=.*\'"
+
+#PhotoPost Pro
+SecRule REQUEST_URI "/showgallery\.php\?cat=[0-9].*\&page=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/showgallery\.php\?si=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/showgallery\.php\?ppuser=[0-9].*\&cat=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/showgallery\.php\?cat=[0-9].*\'"
+SecRule REQUEST_URI "/showgallery\.php\?ppuser=[0-9].*\'.*\&cat="
+
+#betaparticle blog Discloses Database to Remote Users
+#and Lets Remote Users Upload/Delete Arbitrary Files
+SecRule REQUEST_URI "/bp/database/dbBlogMX\.mdb"
+SecRule REQUEST_URI "/Blog\.mdb"
+
+#Kayako eSupport Remote Cross Site Scripting Vulnerability
+SecRule REQUEST_URI "/eSupport/index.php\?_a=knowledgebase\&_j=questiondetails\&_i=[0-9].*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/eSupport/index.php\?_a=knowledgebase\&_j=questionprint\&_i=[0-9].*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/eSupport/index.php\?_a=troubleshooter\&_c=[0-9].*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/eSupport/index.php\?_a=knowledgebase\&_j=subcat\&_i=[0-9].*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#phpSysInfo XSS vulns
+SecRule REQUEST_URI "/index\.php\?sensor_program=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/includes/system_footer\.php\?text[template]=\"\>.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/includes/system_footer\.php\?hide_picklist=.*\&VERSION=\<iframesrc=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#DigitalHive Remote Unathenticated Software Re-install and Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/base\.php\?page=forum/msg\.php-afs-1-\"/\>\<script\>"
+SecRule REQUEST_URI "/hive/base\.php\?page=membres\.php\&mt=\"/\>\<script\>"
+
+#Topic Calendar Mod for phpBB Cross-Site Scripting Attack
+SecRule REQUEST_URI "/calendar_scheduler\.php\?start=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#phpSysInfo Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/index\.php\?sensor_program=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/includes/system_footer\.php\?text.*=\"\>.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/includes/system_footer\.php\?text[template]=\"\>.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/includes/system_footer\.php\?hide_picklist=.*=\<iframe src.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#Interspire ArticleLive 2005 "ArticleId" Remote Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/articles/newcomment\?ArticleId=\"\>"
+
+#Dream4 Koobi CMS Index.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php\?p=articles&area=.*\'"
+SecRule REQUEST_URI "/index\.php\?area.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#Vortex Portal Remote File Inclusion and Path Disclosure Vulnerabilities
+SecRule REQUEST_URI "/index\.php\?act=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/content\.php\?act=(http|https|ftp)\:/"
+
+#Topic Calendar Cross Site Scripting
+SecRule REQUEST_URI "/calendar_scheduler\.php\?start.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#ESMI PayPal Storefront SQL inject and XSS
+SecRule REQUEST_URI "/ecdis/pages.php?idpages=\'"
+SecRule REQUEST_URI "/ecdis/products.*.php?id=.*&id.*=\'"
+SecRule REQUEST_URI "/ecdis/products.*\.php\?id=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#Nuke Bookmarks Marks.php SQL Injection Vulnerability
+SecRule REQUEST_URI "modules\.php\?name=Bookmarks\&file=marks\&catname=.*\&category=.*/\*\*/(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9| ]+[[:space:]](from|into|table|database|index|view)"
+
+#Nuke Bookmarks XSS
+SecRule REQUEST_URI "/modules\.php\?name=Bookmarks\&file=(del_cat\&catname|del_mark\&markname|edit_cat\&catname|edit_cat\&catcomment|marks\&catname|uploadbookmarks\&category)=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#possible new vuln in tikiwiki
+SecRule REQUEST_URI "/tiki-list_faqs\.php\?offset=(http|https|ftp)\:/"
+
+#exoops Input Validation Flaws SQL injection and XSS
+SecRule REQUEST_URI "/newbb/index\.php\?viewcat=\'"
+SecRule REQUEST_URI "/modules/sections/index\.php\?op=viewarticle&artid=9\x2c+9\x2c+9"
+SecRule REQUEST_URI "/newbb/viewforum\.php\?sortname=p\.post_time\&sortorder=.*\&sortdays=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/newbb/index\.php\?viewcat=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#Valdersoft Shopping Cart SQL injection and XSS
+SecRule REQUEST_URI "/(item|category).php?sid=.*\&id=\'"
+SecRule REQUEST_URI "/index\.php\?sid=.*\&lang=\'"
+SecRule REQUEST_URI "/search_result\.php\?sid=.*\&search.*\'"
+
+#OSCommerce XSS
+SecRule REQUEST_URI "/default\.php\?(error_message|info_message)=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#Typo3 remote file retrieval
+SecRule REQUEST_URI "/dev/translations\.php\?ONLY=\x2e\x2e/\x2e\x2e/\x2e\x2e/\x2e\x2e/\x2e\x2e/.*\x00"
+
+#Mambo XSS
+SecRule REQUEST_URI "/emailfriend/(emailarticle|emailfaq|emailnews)\.php\?id=\"(\<script|(http|https|ftp)\:/)"
+
+#Photopost XSS and sql injection
+SecRule REQUEST_URI "photos/(showgallery|showmembers|slideshow)\.php\?.*(\'|\<script|(http|https|ftp)\:/)"
+
+#TKai's Shoutbox XSS
+SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&query=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&name=default&query=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&email=default\&query=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/shoutact\.php\?yousay=default\&email=default\&name=default\&query=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/shoutact\.php\?yousay=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#EncapsBB Remote File Inclusion Vulnerability
+SecRule REQUEST_URI "/index_header.php?root=(http|https|ftp)\:/"
+
+#CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/index\.php\?name=.*\&profile=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/coppermine/displayimage/meta=lastcom/cat=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/).*/pos=.*\.html"
+
+#PHPCoin
+SecRule REQUEST_URI "phpcoin/auxpage\.php\?page=\.\./\.\."
+
+#PortalApp SQL injection and XSS
+SecRule REQUEST_URI "/ad_click\.asp\?banner _id=\'"
+SecRule REQUEST_URI "/content\.asp\?CatId=\'"
+SecRule REQUEST_URI "/content\.asp\?ContentId=\'"
+SecRule REQUEST_URI "/content\.asp\?contenttype=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/content\.asp\?do_search=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#Lighthouse Development Squirrelcart SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php\?crn=\'"
+
+#PunBB version <= 1.2.2 auth bypass exploit
+SecRule REQUEST_URI "profile\.php\?section=admin\&id=.*\&action=foo"
+SecRule REQUEST_COOKIES:punbb_cookie "a\:2\:\{i\:0\;s\:.*\;i\:1\;b\:1\;\}"
+
+#Multiple sql injection, and xss vulnerabilities in AspApp
+SecRule REQUEST_URI "/content\.asp\?CatId=.*\&ContentType=(.*script|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/content\.asp\?CatId=\'"
+SecRule REQUEST_URI "/content\.asp\?contenttype=(.*script|(http|https|ftp)\:/)"
+
+#PaFileDB Version 3.1 and below SQL injection and XSS
+SecRule REQUEST_URI "/pafiledb\.php\?action=viewall&id=&start=\'"
+SecRule REQUEST_URI "/pafiledb\.php\?action=file&id=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#E-Data 2.0 XSS
+SecRule REQUEST_URI "cgi-bin/dir\.pl.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#PHPNuke general SQL injection
+SecRule REQUEST_URI "/modules\.php\?.*name=.*UNION.*SELECT"
+
+#InterAKT Online MX Kart Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php\?mod=pages&idp=\'"
+SecRule REQUEST_URI "/MXShop/\?mod=category&id_ctg=\'"
+SecRule REQUEST_URI "/index\.php\?mod=category&id_ctg=\'"
+SecRule REQUEST_URI "/index\.php\?PHPSESSID=.*&id_man=\'"
+
+#CPG Dragonfly XSS
+SecRule REQUEST_URI "/index\.php\?name=.*\&file=.*\&meta=.*\">.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/index\.php\?name=.*\&mode=.*&id=.*\">.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/coppermine/displayimage/meta=.*/cat=.*\">.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/index\.php\?name=.*&profile=.*\">.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#AlstraSoft EPay Pro Multiple Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/epal/\?order_num=crap&payment=\">.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/epal/\?order_num=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#AlstraSoft EPay Pro Remote File Include Vulnerability
+SecRule REQUEST_URI "/epal/index\.php\?view=(http|https|ftp)\:/"
+
+#SiteEnable SQL injection and XSS
+SecRule REQUEST_URI "content\.asp\?contenttype=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#phpbb 2.0.13 download vuln
+SecRule REQUEST_URI "/downloads\.php\?cat=.*(UNION|SELECT|delete|insert)*user_password.*phpbb_users"
+
+#Turnkey Websites Shopping Cart SQL injection
+SecRule REQUEST_URI "/SearchResults\.php\?SearchTerm=\'"
+SecRule REQUEST_URI "/SearchResults\.php\?SearchTerm=.*\'"
+
+#Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0
+SecRule REQUEST_URI "/usrdetails\.php\?sgnuptype=.*((javsscript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "adminshop/index\.php\?proMod=index\&amp.*toedit=\.\..*shopincs.*maintopENG"
+
+#PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12
+SecRule REQUEST_URI "/banners\.php\?op=EmailStats&name=.*&bid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/modules\.php\?name=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#PHP-Nuke Input Validation Flaws in Search, FAQ, and Banners Modules Permit Cross-Site Scripting Attacks
+SecRule REQUEST_URI "/modules\.php\?name=Search&author=.*&topic=.*&min.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/modules\.php\?name=FAQ&.*=.*&id_cat=.*&categories=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/modules\.php\?op=EmailStats&login=.*&cid=.*&bid=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/modules\.php\?name=Encyclopedia&file=.*&op=.*&eid.*1&ltr=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#phpMyAdmin convcharset Parameter Cross Site Scripting
+SecRule REQUEST_URI "/phpmyadmin/index\.php\?pma_username=*&pma_password=*&server=.*&lang=.*&convcharset=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+##phpBB Calendar Pro catergory Parameter SQL Injection
+SecRule REQUEST_URI "/cal_view_month\.php\?month=.*&year=.*&category=.*(UNION|SELECT|DELETE|INSERT)"
+
+#cubecart SQL injection
+SecRule REQUEST_URI "/index\.php\?&PHPSESSID=\'"
+SecRule REQUEST_URI "/tellafriend\.php\?&product=\'"
+SecRule REQUEST_URI "/view_cart\.php\?add=\'"
+SecRule REQUEST_URI "/view_product\.php\?product=\'"
+
+#PHPBB LinksLinks Pro Module SQL Injection Vulnerability
+SecRule REQUEST_URI "/links\.php\?func=show&id=\'"
+
+#LiteCommerce Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/cart\.php\?target=\'"
+SecRule REQUEST_URI "/cart\.php\?target=category&category_id=\'"
+SecRule REQUEST_URI "/cart\.php\?target=product&product_id=\'"
+
+#PHP-Nuke "querylang" SQL Injection Vulnerability
+SecRule REQUEST_URI "/modules\.php\?name=Top&querylang=.*(UNION|SELECT|DELETE|INSERT).*\,"
+
+#PHPBB DLMan Pro Module SQL Injection Vulnerability
+SecRule REQUEST_URI "/dlman\.php\?func=file_info&file_id=\'"
+
+#ModernBill XSS and file include
+SecRule REQUEST_URI "/samples/news\.php\?DIR=(http|https|ftp)\:/"
+SecRule REQUEST_URI|REQUEST_BODY "/order/orderwiz\.php\?v=.*&aid=.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|(http|https|ftp)\:/)"
+
+#TowerBlog! Discloses Hashed Administrative Password to Remote Users
+SecRule REQUEST_URI|REQUEST_BODY "/_dat/login"
+
+#Invision Power Board SQL injection
+SecRule REQUEST_URI "/forums/index\.php\?act=.*&max_results=.*&filter=.*&sort_order=.*&sort_key=.*&st=*(UNION|SELECT|DELETE|INSERT)"
+#SQL injection in jPortal version 2.3.1
+SecRule REQUEST_URI "/jportal/banner\.php*(UNION|SELECT|DELETE|INSERT)"
+
+
+#PinnacleCart XSS Attack
+SecRule REQUEST_URI "/index\.php\?p=catalog&parent=.*&pg=\">"
+
+#Serendipity exip.php SQL injection
+SecRule REQUEST_URI "exit\.php\?entry_id=.*&url_id=.*\x20UNION\x20SELECT\x20(password|username)\x20FROM"
+
+#phpbb p[lus
+SecRule REQUEST_URI "/groupcp\.php\?g=.*sid=\'"
+SecRule REQUEST_URI "/index\.php\?(c|mark)=*\'"
+SecRule REQUEST_URI "/portal\.php\?article=*\'"
+SecRule REQUEST_URI "/viewforum.php?f=.*sid=\'"
+SecRule REQUEST_URI "/viewtopic.php?p=.*sid=\'"
+SecRule REQUEST_URI "/album_search\.php\?mode=\'"
+SecRule REQUEST_URI "/album_cat\.php\?cat_id=.*sid=\'"
+SecRule REQUEST_URI "/album_comment\.php\?pic_id=.*sid=\'"
+SecRule REQUEST_URI "calendar_scheduler\.php\?d=.*&mode=&start=\'\">"
+
+#EasyPHPCalendar XSS
+SecRule REQUEST_URI "/index\.php\?mo=.*&yr=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#CalendarScript path discolsure and XSS
+SecRule REQUEST_URI "/calendar\.pl\?calendar=.*&template=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/calendar\.pl\?calendar=.*&command=login&username=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+#SPHPBlog Search.PHP Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/search\.php\?q=.*((javascript|script|about|applet|activex|chrome)*\>|(http|https|ftp)\:/)"
+
+
+#All4WWW-Homepagecreator
+SecRule REQUEST_URI "/index.php?site=(http|https|ftp)\:/"
+
+#zOOM Media Gallery SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php\?option=com_zoom&Itemid=.*&catid=*(AND|OR|INSERT|UNION|DELETE)"
+
+#caught in honeypot
+SecRule REQUEST_URI ".*\.php\?(do=.*&template=\{\$\{|inc=(http|https|ftp)\:/)"
+
+#phpMyAdmin path vln
+SecRule REQUEST_URI "/css/phpmyadmin\.css\.php\?GLOBALS\[cfg\]\[ThemePath\]=/etc"
+
+#PHP-Nuke Web_Links Multiple Variable SQL Injection
+SecRule SCRIPT_FILENAME "modules\.php" chain
+SecRule ARGS:email|ARGS:ratenum|ARGS:min|ARGS:show|ARGS:orderby|ARGS:url "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#phpCOIN SQL injection
+SecRule SCRIPT_FILENAME "mod\.php" chain
+SecRule ARGS:faq_id|ARGS:id|ARGS:topic_id|ARGS:ord_id|ARGS:dom_id|ARGS:invd_id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#NukeBookmarks SQL injection
+SecRule SCRIPT_FILENAME "modules\.php" chain
+SecRule ARGS:category "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#e107 SQL injection
+SecRule SCRIPT_FILENAME "news\.php" chain
+SecRule ARGS:list "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#squirrelcart SQL injection
+SecRule SCRIPT_FILENAME "index\.php" chain
+SecRule ARGS:crn "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+(from|into|table|database|index|view)"
+
+#PHP-Nuke HTTP Response Splitting vuln
+SecRule REQUEST_URI "modules\.php\?name=Surveys&pollID=.*&forwarder=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#AzDGDatingPlatinum view.php id Variable XSS
+SecRule REQUEST_URI "/view\.php\?l=.*&id=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+# AzDGDatingPlatinum index.php from Variable SQL Injection
+SecRule REQUEST_URI "/members/index\.php\?l=.*&a=.*&from=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+# AzDGDatingPlatinum view.php id Variable SQL Injection
+SecRule REQUEST_URI "/view.php\?l=.*&id=.*\'"
+
+#PHPBB Remote Mod.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/moddb/mod\.php\?id=\'"
+
+#CityPost PHP LNKX Input Validation Hole Permits Cross-Site Scripting Attacks
+SecRule REQUEST_URI "/lnkx/message\.php\?msg=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#Coppermine Photo Gallery Multiple XSS
+SecRule REQUEST_URI "/index\.php\?lang=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#PHP-Nuke Blind SQL Injection
+SecRule REQUEST_URI "/modules\.php\?name=Downloads&d_op=.*&title=.*&url=.*&description=.*&email=\'\,*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/modules\.php\?name=Downloads&d_op=.*&url=\'\,*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/modules\.php\?name=Downloads&d_op=viewsdownload&min=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[A-Z|a-z|0-9|\*]+(from|into|table|database|index|view)"
+SecRule REQUEST_URI "/modules\.php\?name=Downloads&d_op=search&min=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#UBB Thread /ubbthreads/printthread.php SQL Injection Yes\No vulnerability
+SecRule REQUEST_URI "/printthread\.php*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#coppermine remote file inclusion
+SecRule REQUEST_URI "/theme\.php\?THEME_DIR=(http|https|ftp)/:/"
+
+#E-Cart Mod remote command execution
+SecRule REQUEST_URI "/index\.cgi\?action=.*&cat=.*&art=.*\|"
+
+#phpBB Auction Mod SQL injection
+SecRule REQUEST_URI "/auction_rating\.php\?mode=.*&u=.*\'"
+SecRule REQUEST_URI "/auction_offer\.php\?mode=.*&ar=.*\'"
+
+#kali's tagboard remote command execution
+SecRule REQUEST_URI "/admin/banned\.php\?&cmd="
+
+#PHPBB Profile.PHP Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/profile\.php\?mode=viewprofile&u=.*((script|script|about|applet|activex|chrome)\>|html|(http|https|ftp)\:/)"
+
+#PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/viewtopic\.php\?p=.*&highlight=.*((script|script|about|applet|activex|chrome)\>|html|(http|https|ftp)\:/)"
+
+#Netref Remote Arbitrary File Creation Vulnerability
+SecRule REQUEST_URI "script/cat_for_gen\.php"
+
+# eGroupWare index.php cats_app Variable SQL Injection
+SecRule REQUEST_URI "/index\.php\?menuaction=preferences\.uicategories\.index\&cats_app=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+# eGroupWare tts/index.php filter Variable SQL Injection
+SecRule REQUEST_URI "/tts/index\.php\?filter=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+# eGroupWare sitemgr-site/index.php category_id Variable XSS
+SecRule REQUEST_URI "/sitemgr/sitemgr-site/\?category_id=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+# eGroupWare wiki/index.php Multiple Variable XSS
+SecRule REQUEST_URI "/index\.php\?page=RecentChanges.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/index\.php\?action=history&page=.*&lang=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+# eGroupWare index.php Multiple Variable XSS
+SecRule REQUEST_URI "/index\.php\?menuaction=addressbook\.uiaddressbook\.edit\&ab_id=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/index\.php\?menuaction=manual\.uimanual\.view\&page=ManualAddressbook.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/index\.php\?menuaction=forum\.uiforum\.post\&type=new.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/index\.php\?menuaction=wiki\.uiwiki\.edit\&page=setup.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#SQL Injections in MetaBid Auctions
+SecRule REQUEST_URI "/item\.asp\?intAuctionID=\'"
+
+#honeypot catch
+SecRule REQUEST_URI "tiki-print\.php\?page=(http|https|ftp)\:/"
+
+# phpBB Notes Mod SQL Injection Vulnerability
+SecRule REQUEST_URI "/posting_notes\.php\?mode=editpost\&*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#phpCOIN SQL injection attacks
+SecRule REQUEST_URI "/index\.php\?title=.*&search=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/login\.php\?w=.*&o=.*&phpcoinsessid=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)*\'"
+SecRule REQUEST_URI "/mod\.php\?mod=siteinfo&id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)*\'&phpcoinsessid="
+SecRule REQUEST_URI "/mod\.php\?mod=pages&mode=list&(dcat_id|topic_id)=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)*\'\&phpcoinsessid="
+
+#honeypot catch
+SecRule REQUEST_URI "/index\.php\?page=(http|https|ftp)\:/"
+
+#honeypot catch
+#ideabox code injection
+SecRule REQUEST_URI "/ideabox/include\.php" chain
+SecRule REQUEST_URI "(Dir=(http|https|ftp)\:/|\?\&(cmd|id|inc|name)=)"
+
+#12Planet Chat Server Path Disclosure
+# CVE: "CVE-MAP-NOMATCH"
+SecRule REQUEST_URI "/qwe/qwe/index\.html"
+
+#Agora CGI Cross Site Scripting
+# CVE: "CVE-2001-1199"
+SecRule REQUEST_URI "/store/agora\.cgi\?cart_id=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#Apache Remote Command Execution via .bat files
+# CVE: "CVE-2002-0061"
+SecRule REQUEST_URI "/test-cgi\.bat\?\|"
+
+#cpanel remote command execution
+SecRule REQUEST_URI "/cgi-sys/guestbook\.cgi\?user=cpanel&template=\|"
+
+#Oracle 9iAS mod_plsql directory traversal
+# CVE: "CAN-2001-1217"
+SecRule REQUEST_URI "/pls/sample/admin_/help/\.\."
+
+#Zeus Admin Interface XSS
+SecRule REQUEST_URI "/apps/web/vs_diag\.cgi\?server=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#Oracle 9iAS iSQLplus XSS
+SecRule REQUEST_URI|REQUEST_BODY "/isqlplus\?action=logon&username=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+# main.cgi directory traversal and file access
+SecRule REQUEST_URI "/main\.cgi\?next_file=*/"
+
+#TorrentTrader SQL Injection
+SecRule REQUEST_URI "/download\.php\?id=\'"
+
+#OpenCA HTML Injection
+# CVE: "CAN-2004-0787"
+SecRule REQUEST_URI "/cgi-bin/pub/pki\?cmd=serverInfo"
+
+#pdesk directory traversal and file theft
+SecRule REQUEST_URI "/cgi-bin/pdesk\.cgi\?lang=\.\./\.\./"
+
+#ShowCenter XSS
+SecRule REQUEST_URI "/ShowCenter/SettingsBase\.php\?Skin=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#honeypot XSS attack
+SecRule REQUEST_URI "/page\.php\?action=view&id=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#i-mall remote command execution attack
+SecRule REQUEST_URI "/i-mall/i-mall\.cgi\?p=\|"
+
+#PArser XSS
+SecRule REQUEST_URI "/parser/parser\.php\?file=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#caught in honeypot
+SecRule REQUEST_URI "/check_user_id\.php\?user_id=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#formmail probe
+#SecRule REQUEST_URI|REQUEST_BODY "/formmail\.pl HTTP\/(0\.9|1\.0|1\.1)$"
+SecRule REQUEST_URI|REQUEST_BODY "GET .*/formmail\.pl HTTP\/(0\.9|1\.0|1\.1)$"
+SecRule REQUEST_URI|REQUEST_BODY "HEAD .*/formmail\.pl HTTP\/(0\.9|1\.0|1\.1)$"
+SecRule REQUEST_URI|REQUEST_BODY "POST .*/formmail\.pl HTTP\/(0\.9|1\.0|1\.1)$"
+
+#JGS-Portal ID Variable SQL Injection Vulnerability
+SecRule REQUEST_URI "/jgs_portal\.php\?id=\'"
+
+#SitePanel 2 command exec, file access
+SecRule REQUEST_URI "/users/index\.php\?lang=en\.inc/\.\./\.\./"
+SecRule REQUEST_URI "/users/main.php?p=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/admin/5\.php\?do=rmattach&rm=yes&id=\.\./"
+
+#osTicket directory traversal
+SecRule REQUEST_URI "/attachments\.php\?file=\.\./\.\."
+
+#osticket remote file inclusion
+SecRule REQUEST_URI "/include/main\.php\?config.*=.*&include_dir=(http|https|ftp)\:/"
+
+#osticket SQL injection
+SecRule REQUEST_URI "/admin\.php\?a=view&id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]]+(from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/view\.php\?s=.*&query=*&cat=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#Woltlab Burning Board JGS-Portal "id" SQL Injection
+SecRule REQUEST_URI "/jgs_portal\.php" chain
+SecRule REQUEST_URI "id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#eSKUeL "ConfLangCookie" and "lang_config" Local File Inclusion
+SecRule REQUEST_URI "include/functions\.inc\.php" chain
+SecRule REQUEST_URI "(ConfLangCookie|lang_config)=*\.\./"
+
+#FishCart Cross-Site Scripting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "display\.php" chain
+SecRule REQUEST_URI "nlst=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+SecRule REQUEST_URI "upstracking\.php" chain
+SecRule REQUEST_URI "(eqagree|m|trackingnum)=.*((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+SecRule REQUEST_URI "display\.php" chain
+SecRule REQUEST_URI "psku=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+SecRule REQUEST_URI "upstnt\.php" chain
+SecRule REQUEST_URI "cartid=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+# vBulletin calendar.php comma Parameter Arbitrary Command Execution
+SecRule REQUEST_URI "calendar\.php\?calbirthdays=.*&action=.*&day=.*&comma=*(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(r|s)sh|(s|r)cp|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
+SecRule REQUEST_URI "/calendar\.php\?calbirthdays=.*&action=getday&day=.*&comma=\x22;"
+
+#FishCart SQL injection
+SecRule REQUEST_URI "/display\.php\?cartid=.*&zid=*&lid=*&nlst=*&olimit=*&cat=*&key*=&psku=\'"
+SecRule REQUEST_URI "/upstnt\.php\?zid=.*&lid=.*&cartid=\'"
+
+#PHP-Nuke "phpbb_root_path" Arbitrary File Inclusion
+SecRule REQUEST_URI "/admin_styles\.php\?phpbb_root_path=(http|https|ftp)\:/"
+
+# Apache Jakarta-Tomcat? /admin Context Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/admin/\?op=\xc0"
+
+#generic Common HTTP vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/\?cwd=/"
+
+#XSS in phpBB
+SecRule REQUEST_URI|REQUEST_BODY "/(viewtopic|privmsg|bbcode)\.php\?" chain
+SecRule REQUEST_URI "\[url=(script|javascript|about|applet|activex|chrome)\:/"
+
+#phbb admin forums XSS
+SecRule REQUEST_URI "/admin_forums\.php\?" chain
+SecRule REQUEST_URI|REQUEST_BODY "\<[[:space:]]*(script|about|applet|activex|chrome)"
+
+#HTMLJunction EZGuestbook Remote Database Disclosure Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/datastores/guestbook\.mdb"
+
+#phpbb XSS
+SecRule REQUEST_URI "/admin/admin_forums\.php\?sid=.*" chain
+SecRule REQUEST_URI|REQUEST_BODY "(forumname|forumdesc)=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+
+#DirectTopics Topic.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/topic\.php\?topic=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#honeypot
+SecRule REQUEST_URI "tiki-index\.php\?page=(http|https|ftp)\:/"
+
+#Help Center Live Multiple Input Validation Vulnerabilities
+SecRule REQUEST_URI "/faq/index\.php\?x=.*&id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/tt/view\.php\?tid=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/tt/download\.php\?fid=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/lh/icon\.php\?status=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/lh/chat_download\.php\?fid=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities
+SecRule REQUEST_URI "/jgs_portal\.php\?anzahl_beitraege=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_statistik\.php\?meinaction=mitglieder&month=.*&year=.*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_statistik\.php\?meinaction=themen&month=.*&year=.*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_statistik\.php\?meinaction=beitrag&month=.*&year=.*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_beitraggraf\.php\?month=.*&year=.*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_viewsgraf\.php\?jahr=.*&monat=.*&tag=.*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+(from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_themengraf\.php\?month=.*&year=.*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_mitgraf\.php\?month=.*&year=.*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_sponsor\.php\?id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/jgs_portal_box\.php\?id=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#NPDS "comments.php" and "pollcomments.php" Remote SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/npds/comments\.php\?thold=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/npds/pollcomments\.php\?thold=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/npds/pollcomments\.php\?op=results&pollID=2&mode=&order=&thold=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#Gurgens Guest Book Remote Database Disclosure Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/db/Genit\.dat"
+
+#PhotoPost Arbitrary Data vuln
+SecRule REQUEST_URI "/member\.php\?ppaction=.*&verifykey=.*&uid=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#OpenBB SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/read\.php" chain
+SecRule ARGS:TID "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#PostNuke "func" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php.*func=*(\.\./|(http|https|ftp)\:/)"
+
+#Bug Report Script Insertion Vulnerability
+SecRule SCRIPT_FILENAME "bug_report\.php" chain
+SecRule ARGS:name|ARGS:sujet|ARGS:commentaries|ARGS:os|ARGS:navig|ARGS:url "<[[:space:]]*(script|about|applet|activex|chrome)"
+
+#NPDS SQL Injection and XSS Vulnerabilities
+SecRule REQUEST_URI "/(pollcomments|comments)\.php" chain
+SecRule ARGS:thold "(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+SecRule REQUEST_URI "/faq\.php" chain
+SecRule ARGS:categories "<[[:space:]]*(script|about|applet|activex|chrome)"
+
+#Post tiki Wiki install rules
+SecRule REQUEST_URI "/tiki-install\.php"
+SecRule REQUEST_URI "/tiki-edit_templates\.php"
+
+#phpATM Arbitrary Remote File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php\?include_location=(http|https|ftp)\:/"
+
+#TOPo XSS vuln
+SecRule REQUEST_URI "/index\.php\?m=(top|members)*<[[:space:]]*(script|about|applet|activex|chrome)"
+
+#honeypot
+SecRule REQUEST_URI "/news\.php\?tpath=(http|https|ftp)\:/"
+
+#honeypot
+SecRule REQUEST_URI "tiki-(index|print)\.php\?page=.*\?include_location=(http|https|ftp)\:/"
+SecRule REQUEST_URI "tiki-.*\?include_location=(http|https|ftp)\:/"
+SecRule REQUEST_URI "tiki-editpage\.php\?page=(http|https|ftp)\:/"
+SecRule REQUEST_URI "tiki-export_wiki_pages\.php\?page=(http|https|ftp)\:/"
+
+#sawmill remote file access
+SecRule REQUEST_URI|REQUEST_BODY "/cgi-bin/sawmill5\?.*\x22"
+
+#mailview CGI remote file access`
+SecRule REQUEST_URI "mailview\.cgi\?cmd=view&fldrname=.*&select=.*&html=\.\./\.\."
+
+#Javamail info disclosure
+SecRule REQUEST_URI "/Download\?/.*/web/WEB-INF/web\.xml"
+
+#javamail file access
+SecRule REQUEST_URI|REQUEST_BODY "/Download\?(\.\./|/\.\./|/etc/|/home/|/tmp/|/usr/|/backup/|/dev/|/proc/|/var/(cache|spool|mail|adm|log|tmp)/)"
+
+#Gforge "viewFile.php" Remote Arbitrary Command Execution Vulnerability
+SecRule REQUEST_URI "/viewFile\.php\?group_id=.*&file_name=\x0A"
+
+#WebAPP v0.9.9.2.1 Remote Command Execution vuln
+SecRule REQUEST_URI "/apage\.cgi?f=.*\|"
+
+#honeypot
+SecRule REQUEST_URI "/displayCategory\.php\?basepath=(http|https|ftp)\:/"
+
+#PHP Poll Creator Include File Error Lets Remote Users Execute Arbitrary Commands
+SecRule REQUEST_URI "/poll_vote\.php\?relativer_pfad=(http|https|ftp)\:/"
+
+#PostNuke version : x=> 0.750 SQL injection
+SecRule REQUEST_URI "/modules\.php\?op=modload&name=Messages&file=readpmsg&start=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#SQL Injection Vuln for myBloggie 2.1.1 - 2.1.2
+SecRule REQUEST_URI "index\.php\?month_no=.*&year=.*&mode=viewdate&date_no=*(delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe|select|union)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view|select)"
+
+#powerdownload remote file include
+SecRule REQUEST_URI "/downloads\.php\?release_id=.*&incdir=(http|https|ftp)\:/"
+
+#X-Cart SQL inject vulns
+SecRule REQUEST_URI "/home\.php\?(cat|printable)=\'"
+SecRule REQUEST_URI "/product\.php\?(product|mode)=\'"
+SecRule REQUEST_URI "/error_message\.php\?access_denied&id=\'"
+SecRule REQUEST_URI "/help\.php\?section=\'"
+SecRule REQUEST_URI "/(orders|register|search)\.php\?mode=\'"
+SecRule REQUEST_URI "/giftcert\.php\?(gcid|gcindex)=\'"
+
+#Calendarix Advanced
+SecRule REQUEST_URI "/cal_week\.php\?op=week&catview=.*\'"
+SecRule REQUEST_URI "/cal_cat\.php\?op=cats&catview=.*\'"
+SecRule REQUEST_URI "/cal_day\.php\?op=.*&date=.*&catview=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/cal_pophols\.php\?id=.*\'"
+
+
+#MyBulletinBoard SQL injection
+SecRule REQUEST_URI "/online\.php\?pidsql=\)(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/memberlist\.php\?usersearch=\%\'"
+SecRule REQUEST_URI "/editpost\.php\?pid=\'"
+SecRule REQUEST_URI "/forumdisplay\.php\?fid=\'"
+SecRule REQUEST_URI "/newreply\.php\?tid=\'"
+SecRule REQUEST_URI "/search\.php\?action=.*&(sid|uid)=*\'"
+SecRule REQUEST_URI "/showthread\.php\?(tp)id=\'"
+SecRule REQUEST_URI "/usercp2\.php\?tid=\'"
+SecRule REQUEST_URI "/printthread\.php\?tid=\'"
+SecRule REQUEST_URI "/reputation\.php\?pid=\'"
+SecRule REQUEST_URI "/portal\.php\?action=do_login&username=\'"
+SecRule REQUEST_URI "/polls\.php\?action=newpoll&tid=\'"
+SecRule REQUEST_URI "/ratethread\.php\?tid=\'"
+
+#MyBulletinBoard XSS
+SecRule REQUEST_URI "/misc\.php\?action=syndication&forums.*=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/misc\.php\?action=syndication&forums.*=.*&version*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/misc\.php\?action=syndication&limit=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/forumdisplay\.php\?fid=.*&datecut=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/forumdisplay\.php\?fid=.*&page=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/member\.php\?agree=.*&username=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/member\.php\?agree=.*&(email|email2)=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/memberlist\.php\?(page|usersearch)=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/showthread\.php\?mode=linear&tid=.*&pid=*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/showthread\.php\?mode=linear&tid=.*\<[[:space:]]*(script|about|applet|activex|chrome)"
+SecRule REQUEST_URI "/printthread\.php?tid=.*\<[[:space:]]*(script|about|applet|activex|chrome)"
+
+#Wordpress SQL injection
+SecRule REQUEST_URI "/wp-trackback\.php\?tb_id=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/wp-trackback\.php" chain
+SecRule ARGS:tb_id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/index\.php\?cat=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#MWChat remote file inclusion vuln
+SecRule REQUEST_URI "/libs/start_lobby\.php\?CONFIG.*=(http|https|ftp)\:/"
+
+#phpCMS "class.layout_phpcms.php" Remote Arbitrary File Inclusion Vulnerability
+SecRule REQUEST_URI "/parser\.php\?&phpcmsaction=FILEMANAGER&language=.*(/\.\./|(http|https|ftp)\:/)"
+
+#Exhibit Engine Remote SQL Injection Vulnerabilities
+SecRule REQUEST_URI|REQUEST_BODY "/search_row=ee_photo\.ee_photo_exif_iso.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/list\.php" chain
+SecRule ARGS:search_row|ARGS:sort_row|ARGS:order|ARGS:perpage "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#phpCMS "language" Local File Inclusion Vulnerability
+SecRule SCRIPT_FILENAME "/parser\.php" chain
+SecRule ARGS:laguage "/\.\./"
+
+#Popper "form" File Inclusion Vulnerability
+SecRule REQUEST_URI "/childwindow\.inc\.php" chain
+SecRule ARGS:form "(/\.\./|(http|https|ftp)\:/)"
+
+#phpThumb() "src" Exposure of Sensitive Information
+SecRule SCRIPT_FILENAME "/phpThumb\.php" chain
+SecRule ARGS:src "/\.\./"
+
+#General [url] php forum protections (phpbb and others, to protect against script injection attacks in url links)
+SecRule REQUEST_URI "\.php\?" chain
+SecRule REQUEST_URI|REQUEST_BODY "\[url=(script|javascript|applet|about|chrome|activex)\:/.*\].*\[/url\]"
+
+#e107 eTrace Plugin Shell Command Injection Vulnerability
+SecRule SCRIPT_FILENAME "/dotrace\.php" chain
+SecRule ARGS:etrace_cmd|ARGS:etrace_host "(cd|\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(r|s)(cp|sh)|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
+
+#WebHints Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/hints\.pl.*\|"
+
+#Invision Gallery SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:comment "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#Ovidentia FX "babInstallPath" File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:babInstallPath "(/\.\./|(http|https|ftp)\:/)"
+
+#Siteframe "LOCAL_PATH" File Inclusion Vulnerability
+SecRule SCRIPT_FILENAME "/siteframe\.php" chain
+SecRule ARGS:LOCAL_PATH "(/\.\./|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/siteframe\.php\?LOCAL_PATH=(http|https|ftp)\:/"
+
+#e107 ePing Plugin Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/doping\.php" chain
+SecRule ARGS:eping_cmd|ARGS:eping_host|ARGS:eping_count "(cd|\;|(ba|tc|c|z)sh|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(s|r)(cp|sh)|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
+
+#Invision Community Blog Module SQL injection
+SecRule REQUEST_URI "/index.php" chain
+SecRule ARGS:mid ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| ]+[[:space:]](from|into|table|database|index|view)"
+
+#MWChat "CONFIG[MWCHAT_Libs]" File Inclusion Vulnerability
+SecRule REQUEST_URI "CONFIG\[MWCHAT_Libs\]" chain
+SecRule REQUEST_URI "(/\.\./|(http|https|ftp)\:/)"
+
+#YaPiG Multiple Vulnerabilities
+SecRule REQUEST_URI "last_gallery\.php" chain
+SecRule ARGS:YAPIG_PATH "(/\.\./|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "BASE_DIR.*(/\.\./|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/upload\.php" chain
+SecRule ARGS:dir "(/\.\./|.*\.\./)"
+
+#honeypot catch
+SecRule REQUEST_URI "/write\.php\?dir=(http|https|ftp)\:/"
+
+#socialMPN Remote SQL Injection and Path Disclosure Vulnerabilities
+SecRule REQUEST_URI "/article\.php\?sid=\x27"
+SecRule REQUEST_URI "/user\.php\?uname=\'"
+SecRule REQUEST_URI "/viewforum\.php\?forum=.*&siteid=\x2527"
+SecRule REQUEST_URI "/newtopic\.php\?username=\'&password="
+SecRule REQUEST_URI "/sections.php\?op=listarticles&secid=(\x27|\x2527)"
+SecRule REQUEST_URI "/index\.php\?siteid=\'&op=show&aftersid="
+SecRule REQUEST_URI "/friend\.php\?sid=\x2527&yname=.*&ymail=.*&fname=.*&fmail=.*&op=SendStory"
+
+#JBOSS Installation Path and Configuration File disclosure
+SecRule REQUEST_URI|REQUEST_BODY "^\%\."
+SecRule REQUEST_URI|REQUEST_BODY "^\%server\.policy"
+
+#Mambo 'com_contents' Input Validation Hole in 'user_rating' SQL Injection
+SecRule REQUEST_URI "/index\.php\?option=com_content&task=vote&id=.*&Itemid=.*&cid=.*&user_rating=.*\((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+(from|into|table|database|index|view)"
+
+
+#Web Store remote command execution
+SecRule REQUEST_URI "web_store\.cgi\?page=.*\|"
+
+#Mambo "user_rating" SQL Injection Vulnerability
+SecRule REQUEST_URI "/content\.php" chain
+SecRule ARGS:user_rating ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Cacti remote file inclusion vuln
+SecRule REQUEST_URI "/(top_graph_header|config_settings)\.php\?.*=(http|https|ftp)\:/"
+
+#Claroline E-Learning SQL injection
+SecRule REQUEST_URI "/(userInfo|exercises_details)\.php\?(uInfo|exo_id)=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "\?uInfo=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+(from|into|table|database|index|view)"
+
+#Forum Russian Board 4.2 Full command execution vuln
+SecRule REQUEST_URI|REQUEST_BODY "message=.*&form_h=.*&style_edit_ok=\xC8x\E7x\ECx\E5x\EDx\E8x\F2x\FC"
+
+#SMF Modify SQL Injection vuln
+SecRule REQUEST_URI "/index\.php\?action=(login|profile).*msg=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#cpanel XSS vuln
+SecRule REQUEST_URI|REQUEST_BODY "/login\?user=.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Cacti command execution vuln
+SecRule REQUEST_URI "\.php\?rrdtool=*(cd |\;|perl|python|rpm|yum|apt-get|emerge|lynx|links|mkdir|elinks|cmd|pwd|wget|lwp-(download|request|mirror|rget)|id|uname|cvs|svn|(s|r)(cp|sh)|rexec|smbclient|t?ftp|ncftp|curl|telnet|gcc|cc|g\+\+|\./)"
+SecRule REQUEST_URI "/graph_image\.php\?local_graph_id=.*\x0a"
+
+#honeypot
+SecRule REQUEST_URI "/index\.php\?pagina=(http|https|ftp)\:/"
+
+#PHPNuke spam hole
+SecRule REQUEST_URI "/modules\.php\?name=WebMail\&file=nlmail"
+
+#Community Link Pro "file" Shell Command Injection Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/login\.cgi\?username=.*command=.*do=.*password=.*file=\|"
+
+#Pavsta Auto Site "sitepath" File Inclusion Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "user_check\.php" chain
+SecRule ARGS:sitepath "((http|https|ftp)\:/|(/\.\./|.*\.\./))"
+
+#Comdevn eCommerce Form Handler Vulnerabilities
+SecRule REQUEST_URI "/index\.php\?homeinclude=catalog&category_id=&parent_id=.*" chain
+SecRule REQUEST_URI "<[[:space:]]*(href|script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome|a)[[:space:]]*>"
+
+#Plans "evt_id" SQL Injection Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "plans\.cgi" chain
+SecRule ARGS:evt_id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Sukru Alatas Guestbook Exposure of User Credentials
+SecRule REQUEST_URI|REQUEST_BODY "db/gbdb\.mdb"
+
+#CSV_DB / i_DB Arbitrary Command Execution Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "csv_db\.cgi" chain
+SecRule ARGS:file "\|"
+
+#PHP-Fusion database backup file retrieval vuln
+SecRule REQUEST_URI|REQUEST_BODY "/(fusion_admin|administration)/db_backups/"
+
+#PHP-Fusion XSS vuln
+SecRule REQUEST_URI|REQUEST_BODY "/submit\.php?.*(news_body|article_description|article_body).*<[[:space:]]*(href|script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome|a)[[:space:]]*>"
+
+#UBB.threads SQL Injection
+SecRule REQUEST_URI|REQUEST_BODY "/download\.php\?Number=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/calendar\.php\?Cat=.*&month=.*&year=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/calendar\.php\?Cat=&month=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view).*year=.*"
+SecRule REQUEST_URI|REQUEST_BODY "/modifypost\.phpCat=.*&Username=.*&Number=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view).*&Board=UBB8"
+SecRule REQUEST_URI|REQUEST_BODY "/mailthread\.php\?Cat=.*&Board=.*&Number=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/viewmessage\.php\?Cat=&message=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/(addfav\|notifymod|grabnext).php\?Cat=.*&Board=.*&main=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Xoops XML sql injection
+SecRule REQUEST_URI "(xmlrpc|xmlrpc_.*)\.php" chain
+SecRule REQUEST_BODY "<methodName>blogger\.getUsersBlogs</methodName>" chain
+SecRule REQUEST_BODY ".*\' AND ascii\(substring\(pass"
+
+#Wordpress cat vuln
+SecRule REQUEST_URI "/wordpress/" chain
+SecRule ARGS:cat "!^[0-9]*$"
+
+#Atomicboard path recursion
+SecRule REQUEST_URI|REQUEST_BODY "/atomicboard/index\.php\?location=\.\./\."
+
+#basilix path recursion
+SecRule REQUEST_URI|REQUEST_BODY "/basilix\.php3\?request_id\[.*\]=\.\./\."
+
+#bigconf path recursion vuln
+SecRule REQUEST_URI|REQUEST_BODY "/bigconf\.cgi\?command=view_textfile&file=/"
+
+#a1disp3 path recursion vuln
+SecRule REQUEST_URI "/a1disp3\.cgi\?/\.\./"
+
+#contacts remote file inclusion
+SecRule REQUEST_URI "/contacts\.php\?cal_dir=(http|https|ftp)\:/"
+
+#CuteNews Search remote file inclusion
+SecRule REQUEST_URI "/cutenews/search\.php\?cutepath=(http|https|ftp)\:/"
+
+#Dynamic Pages config remote file inclusion
+SecRule REQUEST_URI "/config_page\.php\?do=.*&du=site&edp_relative_path=(http|https|ftp)\:/"
+
+#Edit_image file recursion vuln
+SecRule REQUEST_URI "/edit_image\.php\?dn=.*&userfile=/"
+
+#export.php directory recursion vuln
+SecRule REQUEST_URI "/export\.php\?\?what=\.\./\."
+
+#awol-condensed remote file inclusion
+SecRule REQUEST_URI "/awol-condensed\.inc\.php\?path=(http|https|ftp)\:/"
+
+#config.php remote file inclusion
+SecRule REQUEST_URI "/config\.php\?relative_script_path=(http|https|ftp)\:/"
+
+#hnmain remote file inclusion
+SecRule REQUEST_URI "/hnmain\.inc\.php3\?config\[incdir\]=(http|https|ftp)\:/"
+
+#template remote file inclusion
+SecRule REQUEST_URI "/index\.php\?board=.*;action=.*;ext=.*;template=(http|https|ftp)\:/"
+
+#generic remote file inclusion vulns
+SecRule REQUEST_URI "/index\.php\?do=.*&page=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/index\.php\?kietu\[.*\]=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/index\.php\?libDir=http://xxxxxxxx"
+SecRule REQUEST_URI "/init\.php\?HTTP_POST_VARS\[GALLERY_BASEDIR\]=(http|https|ftp)\:/"
+
+#Cacti no_http_headers security vuln
+SecRule REQUEST_URI "/config\.php\?" chain
+SecRule ARGS:no_http_headers ".*"
+
+#Quick & Dirty PHPSource Printer Directory Traversal Vulnerability
+SecRule REQUEST_URI "/source\.php\?" chain
+SecRule ARGS:file "\.\."
+
+#nabopoll "path" File Inclusion Vulnerability
+SecRule REQUEST_URI "/survey\.inc\.php\?" chain
+SecRule ARGS:path "((\.\.|(http|https|ftp)\:/)|.*(\.\.|(http|https|ftp)\:/))"
+SecRule REQUEST_URI "/survey\.inc\.php\?path=(http|https|ftp)\:/"
+
+#DCP-Portal remote file include
+SecRule REQUEST_URI "/editor/editor\.php\?root=(http|https|ftp)\:/"
+
+#phpBB remote code execution vuln
+SecRule REQUEST_URI "/viewtopic\.php\?.*(highlight.*(\'\.|\x2527|\x27)|include\(.*GET\[.*\]\)|=(http|https|ftp)\:/|(printf|system)\()"
+
+#Unknown Malware
+SecRule REQUEST_URI "/mcp/mcp\.cgi"
+
+# osTicket "t" SQL Injection Vulnerability
+SecRule REQUEST_URI "/view\.php" chain
+SecRule ARGS:t ".*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Mark Kronsbein MyGuestbook "lang" File Inclusion Vulnerability
+SecRule REQUEST_URI "/form\.inc\.php3" chain
+SecRule ARGS:lang "((\.\.|(http|https|ftp)\:/)|.*(\.\.|(http|https|ftp)\:/))"
+
+#phpPgAdmin "formLanguage" Local File Inclusion Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/index\.php" chain
+SecRule ARGS:formLanguage "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#PPA Include File Bug remote file inclusion
+SecRule REQUEST_URI|REQUEST_BODY "/functions\.inc\.php\?config\[ppa_root_path\]=(http|https|ftp)\:/"
+
+#SPiD Include File Bug remote file inclusion
+SecRule REQUEST_URI|REQUEST_BODY "/lang/lang\.php\?lang_path=(http|https|ftp)\:/"
+
+#Id Board 'tbl_suff' Input Validation Hole SQL injection
+SecRule REQUEST_URI|REQUEST_BODY "/index\.php\?site=.*&f=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#DownloadProtect "file" Disclosure of Sensitive Information
+SecRule REQUEST_URI|REQUEST_BODY "/download\.php\?" chain
+SecRule ARGS:file "\.\./"
+
+#phpSecurePages "cfgProgDir" File Inclusion Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "phpSecurePages/secure\.php" chain
+SecRule ARGS:cfgProgDir "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#PunBB SQL Injection and PHP Code Execution Vulnerabilities
+SecRule REQUEST_URI|REQUEST_BODY "/profile\.php" chain
+SecRule ARGS:temp "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "redirect_url.*(http|https|ftp)\:/.*cmd="
+
+#pngcntrp "kaiseki.cgi" Shell Command Injection Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "/kaiseki\.cgi.*\|"
+
+#phpWebSite SQL Injection and Disclosure of Sensitive Information
+SecRule REQUEST_URI|REQUEST_BODY "index\.php" chain
+SecRule ARGS:mod|ARGS:module "(\.\./|(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view))"
+
+#Simple PHP Blog Exposure of User Credentials
+SecRule REQUEST_URI|REQUEST_BODY "config/password\.txt"
+
+#Squito Gallery "photoroot" File Inclusion Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "photolist\.inc\.php" chain
+SecRule ARGS:photoroot "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#iPhotoAlbum File Inclusion Vulnerabilities
+SecRule REQUEST_URI|REQUEST_BODY "/getpage\.php" chain
+SecRule ARGS:docpath|ARGS:path "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+SecRule REQUEST_URI|REQUEST_BODY "header\.php" chain
+SecRule ARGS:set_menu "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#Yawp "_Yawp[conf_path]" File Inclusion Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "_Yawp\[conf_path\]=((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#Phpauction GPL Multiple Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:lan "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+SecRule REQUEST_URI "/adsearch\.php" chain
+SecRule ARGS:category "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#USANet Creations Products Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/dispallclosed\.pl.*\|"
+
+#Web-Portal-System 'wps_shop.cgi' Remote Command Execution
+SecRule REQUEST_URI "/wps_shop\.cgi" chain
+SecRule ARGS:art "(\[|\;|\<|\>|\*|\||\'|\&|\$|\!|\?|\#|\(|\)|\[|\]|\{|\}|\:|\'|\"|\])"
+SecRule REQUEST_URI "/wps_shop\.cgi" chain
+SecRule ARGS:cat "(\[|\;|\<|\>|\*|\||\'|\&|\$|\!|\?|\#|\(|\)|\[|\]|\{|\}|\:|\'|\"|\])"
+SecRule REQUEST_URI "/wps_shop\.cgi" chain
+SecRule ARGS:art "\|.+\|"
+
+#class-1 Forum Software SQL Injection
+SecRule REQUEST_URI "/viewattach\.php" chain
+SecRule ARGS:id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/users\.php" chain
+SecRule ARGS:viewuser_id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/viewforum\.php" chain
+SecRule ARGS:forum "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#MooseGallery "type" File Inclusion Vulnerability
+SecRule REQUEST_URI "/display\.php" chain
+SecRule ARGS:type "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#honetpot catch
+SecRule REQUEST_URI "\x03\x03\x03\x03\x18\x18\x18\x18\x1a\x1c\x1a\x1c\x1c4r43tr"
+
+#CaLogic "CLPATH" Arbitrary File Inclusion Vulnerability
+SecRule REQUEST_URI "(clmcpreload|mcconfig)\.php" chain
+SecRule ARGS:CLPATH "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#OpenBB sql injection
+SecRule REQUEST_URI "/index\.php\?CID=.*\+union\+select\+.*\,.*\,password.*from\+profiles\+where"
+
+#ReviewPost PHP Pro "sort" SQL Injection Vulnerability
+SecRule REQUEST_URI "/showproduct\.php" chain
+SecRule ARGS:sort "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#PHPNews "user" and "password" SQL Injection Vulnerability
+SecRule REQUEST_URI "/auth\.php" chain
+SecRule ARGS:user|ARGS:password "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#PHP Surveyor Remote SQL Injection
+SecRule REQUEST_URI "/admin/" chain
+SecRule ARGS:sid|ARGS:start|ARGS:id|ARGS:lid "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Invision PowerBoard 1.3.x - 2.0 SQL injection
+SecRule REQUEST_URI "/index\.php\?act=Login&CODE=autologin.*((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|user\+AND\+MID\(password)"
+
+#sendcard "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/sendcard\.php" chain
+SecRule ARGS:id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Report from user
+SecRule REQUEST_URI "/functions_admin\.php\?phpbb_root_path=(http|https|ftp)\:/"
+
+#SQL injection vuln in Contrexx
+SecRule REQUEST_URI "/index\.php\?section=gallery&cmd=.*&cid*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#PHP FirstPost remote file include
+SecRule REQUEST_URI "/block\.php\?Include=(http|https|ftp)\:/"
+
+#DCForum remote file viewing
+SecRule REQUEST_URI "/dcforum\.cgi\?az=.*&forum=*\.\./\.\."
+
+#Atomic Photo Album "apa_module_basedir" File Inclusion
+SecRule REQUEST_URI "/apa_phpinclude\.inc\.php" chain
+SecRule ARGS:apa_module_basedir "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#VBZooM "SubjectID" SQL Injection Vulnerability
+SecRule REQUEST_URI "/show\.php" chain
+SecRule ARGS:SubjectID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Phorm remote file inclusion protections
+SecRule REQUEST_URI "/phorm\.php" chain
+SecRule ARGS:PHORM_* "(http|https|ftp)\:/"
+
+#Athena Web Registration Remote Command Execution Vuln
+SecRule REQUEST_URI "/athenareg\.php\?pass=\x20\;"
+
+#wowBB view_user.php SQL Injection
+SecRule REQUEST_URI "/wowbb/view_user\.php\?" chain
+SecRule REQUEST_URI|REQUEST_BODY "sort_by=\'" chain
+SecRule REQUEST_URI|REQUEST_BODY "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Simplicity oF Upload remote command exec and remote file inclusion
+SecRule REQUEST_URI "/download\.php\?language=(upload\.php|(http|https|ftp)\:/)"
+
+#uguestbook exploit
+SecRule REQUEST_URI "/mdb-database/guestbook\.mdb"
+
+#FtpLocate remote command execution
+SecRule REQUEST_URI "/flsearch\.pl" chain
+SecRule ARGs:query "\|"
+
+#PHPmyGallery "confdir" File Inclusion Vulnerability
+SecRule REQUEST_URI "/common-tpl-vars\.php" chain
+SecRule ARGS:confdir "((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#Netquery 3.1 Remote Command Execution vuln
+SecRule REQUEST_BODY "op=modload*&name=Net.*&file=*&query=ping&host=*\|"
+
+#MySQL Eventum SQL Injection Vulnerabilities
+SecRule REQUEST_URI|REQUEST_BODY "/includes/class\.auth\.php" chain
+SecRule ARGS:email "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Kayako LiveResponse SQL injection
+SecRule REQUEST_URI|REQUEST_BODY "/index\.php\?date=.*\x20.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#PHPlist SQL injection
+SecRule REQUEST_URI|REQUEST_BODY "lists/admin/\?page=admin&id=*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#ChurchInfo SQL injection vulns
+SecRule REQUEST_URI|REQUEST_BODY "/(PersonView|MemberRoleChange|PropertyAssign|WhyCameEditor|GroupPropsEditor|Reports/PDFLabel|UserDelete)\.php" chain
+SecRule ARGS:PersonID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/DepositSlipEditor\.php" chain
+SecRule ARGS:DepositSlipID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/QueryView\.php" chain
+SecRule ARGS:QueryID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/(GroupView|GroupMemberList|MemberRoleChange|GroupDelete|/Reports/ClassAttendance|/Reports/GroupReport)\.php" chain
+SecRule ARGS:GroupID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/PropertyEditor\.php" chain
+SecRule ARGS:PropertyID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/PledgeDetails\.php" chain
+SecRule ARGS:PledgeID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI|REQUEST_BODY "/(AutoPaymentEditor|Canvas05Editor|CanvassEditor)\.php" chain
+SecRule ARGS:FamilyID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#denial of service attack on Flex PHPNews 0.0.4
+SecRule REQUEST_URI "/news\.php?(prenumber|nextnumber)=[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]+"
+
+#SQL admin bypass for Flex PHPNews 0.0.4
+SecRule REQUEST_URI "/admin/" chain
+SecRule REQUEST_URI "\' OR \'a\'='a*\' OR \'a\'=\'a"
+
+#Naxtor Shopping Cart SQL Injection
+SecRule REQUEST_URI "/(lost_passowrd|lost_password)\.php" chain
+SecRule ARGS:email "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/shop_display_products\.php\?cat_id=\'"
+
+#OpenBook "admin.php" Remote SQL Injection Vulnerability
+SecRule REQUEST_URI "/admin\.php" chain
+SecRule ARGS:userid "((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|no\'\) or [0-9]/\*)"
+SecRule REQUEST_URI "/admin\.php" chain
+SecRule ARGS:password "((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|no\'\) or [0-9]/\*)"
+
+#'web content management'Add admin user bypass vuln
+SecRule REQUEST_URI "/Admin/Users/AddModifyInput\.php"
+
+#Silvernews 2.0.3 command injection backdoor
+SecRule REQUEST_URI "/templates/tpl_global\.php\?command="
+SecRule REQUEST_URI "/templates/tpl_global\.php\?"
+
+#PortailPHP Index.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php\?affiche=Forum-read_mess&id=\'"
+
+#python namespace exposure with karrigell services
+SecRule REQUEST_URI|REQUEST_BODY ".*\.ks/.*\?\x22"
+SecRule REQUEST_URI|REQUEST_BODY ".*\.ks/(file|input|open|raw_input|reload|((s|g)et|del|has)attr|import|callable|compile|execfile|exec|globals)"
+
+#Flatnuke remote command vuln
+SecRule REQUEST_URI "/forum/users/.*\.php\?command="
+
+#Forum Russian Board (FRB) SQL injection vulns
+SecRule REQUEST_URI "/reply_in.php?subject_reply=.*&name_reply=.*\'"
+SecRule REQUEST_URI "(search_msg_us|view_profile.php)\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|\')"
+SecRule REQUEST_URI "/send_mail_user\.php" chain
+SecRule ARGS:id_mail "((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|\')"
+SecRule REQUEST_URI "/(set|new|reply)\.php" chain
+SecRule ARGS:name_ig_array "((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|\')"
+SecRule REQUEST_URI "/menu_header\.php" chain
+SecRule ARGS:table_sql "((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|\')"
+SecRule REQUEST_URI "/registr_1\.php" chain
+SecRule ARGS:telephone "((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)|\')"
+
+#Owl Intranet Engine SQL injection
+SecRule REQUEST_URI "/browse\.php\?sess=.*parent=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#PHP-Fusion Messages.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/messages\.php\?msg_view=\'"
+
+#MySQL Eventum SQL injection
+SecRule REQUEST_URI "/login\.php" chain
+SecRule REQUEST_URI "cat=login&url=&email=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#phpIncludes News System SQL Injection Vulnerability
+SecRule REQUEST_URI "/news_change_category\.php" chain
+SecRule ARGS:category "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Comdev eCommerce File Inclusion Vulnerability
+SecRule REQUEST_URI "/config\.php\?path\[docroot\]=((\.\./|(http|https|ftp)\:/)|.*(\.\./|(http|https|ftp)\:/))"
+
+#honeypot
+SecRule REQUEST_URI "/write.php" chain
+SecRule ARGS:dir "(http|https|ftp)\:/"
+
+#Gravity Board X SQL injection vuln
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:email "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+#Gravity Board X command injection vulnerability
+SecRule REQUEST_URI "/editcss\.php\?" chain
+SecRule ARGS:csscontent "\</style\>\<\?php"
+
+#Open Bulletin Board SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(board|read|member)\.php" chain
+SecRule ARGS:FID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/(board|read|member)\.php" chain
+SecRule ARGS:TID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "/(board|read|member)\.php" chain
+SecRule ARGS:UID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#XMB Forum 1.9.1 sql injection
+SecRule REQUEST_URI "/xmb\.php" chain
+SecRule ARGS:in "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Funkboard command injection vuln
+SecRule REQUEST_URI "/info\.php\?command="
+
+#honeypot catch
+SecRule REQUEST_URI "/forum/users/jimyhendrix\.php\?command="
+
+#XMB Forum sql injection
+SecRule REQUEST_URI "include/u2u\.inc\.php" chain
+SecRule ARGS:u2u_select "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#WordPress "cache_lastpostdate" PHP Code Insertion
+SecRule ARGS:cache_lastpostdate "<\?php"
+
+#honeypot
+SecRule REQUEST_URI "/lib\.php\?root=(http|https|ftp)\:/"
+
+#honeypot
+SecRule REQUEST_URI "/index\.php\?(content|menu)=(http|https|ftp)\:/"
+
+#PHPTB Topic Boards 2.0 sql injection vulnerability
+SecRule REQUEST_URI "/index\.php\?act=emailvalidate&mid=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#FreznoShop product_details.php id Variable SQL Injection
+SecRule REQUEST_URI "/product_details\.php" chain
+SecRule ARGS:id "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#ECW Shop SQL injection
+SecRule REQUEST_URI "/index\.php\?c=.*&ctg=.*&id=.*&key=.*&comp=.*&min.*\'"
+
+#Mig Remote Cross-Site Scripting vuln
+SecRule REQUEST_URI "/index\.php\?currDir=.*[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#ezupload remote file inclusion vuln
+SecRule REQUEST_URI "(customize|initialize|form|index)\.php\?path=(http|https|ftp)\:/"
+
+#Dokeos Multiple Directory Traversal Vulnerabilities
+SecRule REQUEST_URI "/scorm/scormdocument\.php" chain
+SecRule REQUEST_URI "\.\."
+SecRule REQUEST_URI "/claroline/document/document\.php" chain
+SecRule ARGS:move_file "\.\."
+SecRule REQUEST_URI "/claroline/document/document\.php" chain
+SecRule ARGS:move_to "\.\."
+
+#PHPOpenChat Script Insertion Vulnerabilities
+SecRule REQUEST_URI "/(profile|profile_misc|mail)\.php" chain
+SecRule ARGS:title|ARGS:content|ARGS:motto|ARGS:subject "[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+# FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
+SecRule REQUEST_URI "/mysql_install\.php" chain
+SecRule ARGS:Email "\<.*php"
+
+#phpPgAds SQL injection
+SecRule REQUEST_URI "/lib-view-direct\.inc\.php" chain
+SecRule ARGS:clientid "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Honeypot catch
+SecRule REQUEST_URI "/guest\.php\?page=(http|https|ftp)\:/"
+
+#PHPTB "absolutepath" Arbitrary File Inclusion Vulnerability
+SecRule REQUEST_URI ".*\.php\?absolutepath=(http|https|ftp)\:/"
+
+#PHPFreeNews SQL Injection and Cross-Site Scripting
+SecRule REQUEST_URI "/SearchResults\.php" chain
+SecRule ARGS:Match|ARGS:CatID "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#w-Agora "site" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php\?site=.*\x00"
+
+#Zorum prod.php Arbitrary Command Execution Vulnerability
+SecRule REQUEST_URI "/prod\.php\?argv\[.*\]=\|"
+
+#Zorum path disclosure
+SecRule REQUEST_URI "/gorum/(notification|trace|badwords|flood)\.php"
+SecRule REQUEST_URI "/zorum/(user|attach|blacklist|forum|globalstat)\.php"
+
+#Land Down Under SQL injection vulns
+SecRule REQUEST_URI "/forums\.php\?m=topics&s=\'"
+SecRule REQUEST_URI "/list\.php\?c=.*&s=.*&.*\'"
+SecRule REQUEST_URI "/list\.php\?c=.*&s=\'"
+SecRule REQUEST_URI "/links\.php\?c=.*&s=.*&w=\'"
+SecRule REQUEST_URI "/journal\.php?m=.*\'"
+SecRule REQUEST_URI "/forums\.php?filter=forums.*x='"
+SecRule REQUEST_URI "/forums\.php?m=.*\'"
+SecRule REQUEST_URI "/forums\.php?m=\'"
+
+#Woltlab Burning Board ModCP.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/modcp\.php\?action=post_del&x=\'"
+SecRule REQUEST_URI "/modcp\.php\?action=post_del&x.*\'"
+
+#Cacti graph_image.php Remote Command Execution
+SecRule REQUEST_URI "/graph_image\.php" chain
+SecRule ARGS:graph_start "x0a.+x0a"
+
+#AreaEdit SpellChecker Plugin Code Execution Vulnerability
+SecRule REQUEST_URI "/aspell_setup\.php" chain
+SecRule ARGS:dictionary "(\;|\|)"
+
+#WebCalendar "includedir" Arbitrary File Inclusion Vulnerability
+SecRule REQUEST_URI "/send_reminders\.php" chain
+SecRule ARGS:includedir "(\.\./|(http|https|ftp)\:/)"
+
+#PHPKit SQL Injection Vulnerabilities
+SecRule REQUEST_URI "login/imcenter\.php" chain
+SecRule ARGS:im_receiver "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "login/member\.php" chain
+SecRule ARGS:letter "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+#Netquery "host" Parameter Arbitrary Command Execution
+SecRule REQUEST_URI "/nquser\.php" chain
+SecRule ARGS:host "\|"
+
+#SaveWebPortal include PHP scripts vuln
+SecRule REQUEST_URI "admin/PhpMyExplorer/editerfichier\.php\?chemin=\.&fichier=header\.php&type=Source"
+
+#SaveWebPortal remote/local file inclusion vuln
+SecRule REQUEST_URI "menu_dx\.php" chain
+SecRule ARGS:SITE_Path "(\.\./|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "menu_sx\.php" chain
+SecRule ARGS:CONTENTS_Dir "(\.\./|(http|https|ftp)\:/)"
+
+#RunCMS SQL Injection Vulnerabilities
+SecRule REQUEST_URI "newbb_plus/newtopic\.php\?forum=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+SecRule REQUEST_URI "newbb_plus/print\.php\?msgid=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view).*&op="
+SecRule REQUEST_URI "newbb_plus/(edit|reply)\.php\?forum=.*(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view).*post_id=.*&topic_id=.*&viewmode=.*&order=.*"
+
+#honeypot catch
+SecRule REQUEST_URI "/index\.php\?page=(http|https|ftp)\:/"
+
+#PostNuke "show" Parameter SQL Injection Vulnerability
+SecRule REQUEST_URI "modules/Downloads/dl-viewdownload\.php" chain
+SecRule ARGS:show "(select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |,]+[[:space:]](from|into|table|database|index|view)"
+
+# PaFileDB cookie SQL injection
+SecRule REQUEST_URI "/pafiledb\.php\?action=admin" chain
+SecRule REQUEST_COOKIES:pafiledbcookie ".*((select|grant|delete|insert|drop|do|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)|union.*select.*[0-9]+\,[0-9]+\,\'.*pass)"
+
+#Looking Glass v20040427 arbitrary commands execution
+SecRule REQUEST_URI "/lg\.php" chain
+SecRule REQUEST_URI "func=.*&ipv=.*&target.*\|"
+SecRule REQUEST_URI "/lg\.php" chain
+SecRule ARGS:target "\|"
+
+#probe.cgi remote file inclusion and command execution
+SecRule REQUEST_URI "/probe\.cgi\?olddat=(\||(http|https|ftp)\:/)"
+
+# phpMyAdmin XSS vulns
+SecRule REQUEST_URI "libraries/auth/cookie\.auth\.lib\.php" chain
+SecRule REQUEST_URI "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/error\.php" chain
+SecRule ARGS:error "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Looking Glass v20040427 XSS vulns
+SecRule REQUEST_URI "/(footer|header)\.php\?version\[.*\]=" chain
+SecRule REQUEST_URI "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#phpLDAPadmin welcome.php Arbitrary File Inclusion
+SecRule REQUEST_URI "/welcome\.php\?custom_welcome_page=(http|https|ftp)\:/"
+
+#Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion
+SecRule REQUEST_URI "/comment_delete_cgi\.php" chain
+SecRule ARGS:comment "(/|\.\.|config/password\.txt)"
+
+#nested URL tags exploit for some BBcode implementations
+SecRule REQUEST_URI ".*\.php" chain
+SecRule REQUEST_BODY|ARGS "\[url=\[url="
+
+#AutoLinks Pro "alpath" File Inclusion Vulnerability
+SecRule REQUEST_URI "/al_initialize\.php" chain
+SecRule ARGS:alpath "(ftp|http|https)\:/"
+
+#Simple PHP Blog Image File Upload Vulnerability
+SecRule REQUEST_URI "/upload_img_cgi\.php" chain
+SecRule REQUEST_BODY|ARGS "\.php"
+
+#phpWebNotes Include File Error in 'php_api.php'
+SecRule REQUEST_URI "/api\.php\?t_path_core=(http|https|ftp)\:/"
+
+#FlatNuke "id" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:id "(http|https|.ftp)\:/"
+
+#CMS Made Simple File Inclusion
+SecRule REQUEST_URI "admin/lang\.php.*nls\[file\]\[vx\]\[vxsfx\].*(http|https|.ftp)\:/"
+
+#Phorum "Username" Script Insertion Vulnerability
+SecRule REQUEST_URI "register\.php" chain
+SecRule ARGS:Username "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Test CGI probe
+SecRule REQUEST_URI|REQUEST_BODY "/test-cgi HTTP\/(0\.9|1\.0|1\.1)$"
+
+#Annoying Cisco IOS HTTP configuration probe attempts
+SecRule REQUEST_URI "/level/[0-9]+/exec/-/+pwd"
+
+#myBloggie "username" SQL Injection Vulnerability
+SecRule REQUEST_URI "/login\.php" chain
+SecRule ARGS:username "[[:space:]]+(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#PBLang <= 4.65 remote commands exec exploit sig
+SecRule REQUEST_URI|REQUEST_BODY "Content-Length:.*user=.*pass=.*pass2=.*oldpass=.*loc.*(\x22|system)"
+
+#man2web cgi-scripts remote command spawn
+SecRule REQUEST_URI "/(man-cgi|man2web|man2html)" chain
+SecRule REQUEST_URI "\x20"
+SecRule REQUEST_URI "/(man-cgi|man2web|man2html)" chain
+SecRule REQUEST_URI "\|"
+
+#SimplePHPBplog vulns
+SecRule REQUEST_URI "/comment_delete_cgi\.php\?y=.*&m=.*&comment.*(/|\.\.)"
+SecRule REQUEST_URI "/comment_delete_cgi\.php\?.*/config/password\.txt"
+SecRule REQUEST_URI "/images/reset\.php"
+SecRule REQUEST_URI "/images/cmd\.php\?cmd="
+SecRule REQUEST_URI "/upload_img_cgi.php" chain
+SecRule REQUEST_BODY "(Content.*\.php|cmd\.php|reset\.php)"
+SecRule REQUEST_URI "/install03_cgi\.php\?blog_language=english.*[A-Z|a-z|0-9]"
+SecRule REQUEST_URI|REQUEST_BODY "<hr+><pre>.*Command\: [A-Z|a-z|0-9|\w].*pre><hr"
+
+#aMember Pro "config['root_dir']" Remote File Inclusion Vulnerabilities
+SecRule REQUEST_URI "(/db/mysql/mysql|payment|/efsnet/efsnet|theinternetcommerce/theinternetcommerce|/cdg/cdg|compuworld/compuworld|directone/directone|authorize_aim/authorize_aim|beanstream/beanstream|echo/config|/eprocessingnetwork/eprocessingnetwork|eway/eway|linkpoint/linkpoint|logiccommerce/logiccommerce|netbilling/netbilling|payflow_pro/payflow_pro|paymentsgateway/paymentsgateway|payos/payos|payready/payready|plugnplay/plugnplay)\.inc\.php\?config\[root_dir\]=(http|https|ftp):/"
+SecRule REQUEST_URI "(/db/mysql/mysql|payment|/efsnet/efsnet|theinternetcommerce/theinternetcommerce|/cdg/cdg|compuworld/compuworld|directone/directone|authorize_aim/authorize_aim|beanstream/beanstream|echo/config|/eprocessingnetwork/eprocessingnetwork|eway/eway|linkpoint/linkpoint|logiccommerce/logiccommerce|netbilling/netbilling|payflow_pro/payflow_pro|paymentsgateway/paymentsgateway|payos/payos|payready/payready|plugnplay/plugnplay)\.inc\.php" chain
+SecRule REQUEST_URI "(http|https|ftp):/"
+SecRule REQUEST_URI "\.inc\.php\?config\[root_dir\]=(http|https|ftp):/"
+
+#CuteNews Input Validation Hole
+SecRule REQUEST_URI "/cute/data/flood\.db\.php"
+
+#DeluxeBB SQL injection
+SecRule REQUEST_URI "community/index\.php\?limit=\'"
+
+
+#honeypoit
+SecRule REQUEST_URI "/admin_module_deldir\.php\?config\[.*\]=(http|https|ftp)\:/"
+
+#honeypot catch
+SecRule REQUEST_URI "/view\.php\?inc=(http|https|ftp)\:/"
+
+#Alkalay contribute "template" Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/contribute\.pl" chain
+SecRule ARGS:template "\|"
+SecRule REQUEST_URI "/contribute\.pl.*\|"
+
+#Alkalay man-cgi "topic" Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/man-cgi\.cgi"
+SecRule ARGS:topic "\|"
+SecRule REQUEST_URI "/man-cgi\.cgi.*\|"
+
+#Alkalay notify "from" Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/notify\.cgi" chain
+SecRule ARGS:from "\|"
+SecRule REQUEST_URI "/notify\.cgi.*\|"
+
+#Alkalay nslookup Shell Command Injection Vulnerabilities
+SecRule REQUEST_URI "/nslookup\.cgi" chain
+SecRule ARGS:type|ARGS:queryARGS:ns "\|"
+SecRule REQUEST_URI "/nslookup\.cgi.*\|"
+
+#Simplog SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/archive\.php" chain
+SecRule ARGS:pid|ARGS:blogid|ARGS:cid|ARGS:m "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/blogadmin\.php" chain
+SecRule ARGS:blogid "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#vbulletin vulnerabilities, SQL injection
+SecRule REQUEST_URI "/joinrequests\.php" chain
+SecRule REQUEST_URI "do=processjoinrequests&usergroupid=.*&request.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/admincp/user\.php" chain
+SecRule REQUEST_URI "do=find&orderby=username&limit.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/admincp/(usertitle|usertools)\.php" chain
+SecRule REQUEST_URI "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/modcp/announcement\.php" chain
+SecRule REQUEST_URI "do=update&announcementid=.*&start=.*&end=.*&announcement.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/admincp/admincalendar\.php" chain
+SecRule REQUEST_URI "do=update&calendarid=.*&calendar\[.*\]=.*&calendar.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/admincp/email\.php" chain
+SecRule REQUEST_URI "do=makelist&user\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/admincp/help\.php" chain
+SecRule REQUEST_URI "do=doedit&help\[.*\]=.*&help\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "admincp/language\.php" chain
+SecRule REQUEST_URI "do=update&rvt\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/admincp/phrase\.php" chain
+SecRule REQUEST_URI "do=completeorphans&keep\[.*\].*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#PHP Advanced Transfer Manager Multiple Vulnerabilities
+SecRule REQUEST_URI "/(txt|htm|html|zip)\.php" chain
+SecRule ARGS:current_dir|ARGS:filename "\.\."
+SecRule REQUEST_URI "/txt\.php" chain
+SecRule ARGS:font|ARGS:normalfontcolor|ARGS:mess\[31\] "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#phpCommunityCalendar SQJ injection Vulnerabilities
+SecRule REQUEST_URI "/webadmin/login\.php" chain
+SecRule ARGS:Username "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/week\.php" chain
+SecRule ARGS:LocationID "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#MyBulletinBoard SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/misc\.php" chain
+SecRule ARGS:fid "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/newreply\.php" chain
+SecRule ARGS:icon "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#WEB//NEWS SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/modules/startup\.php" chain
+SecRule ARGS:wn_userpw "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "include_this/news\.php" chain
+SecRule ARGS:cat|ARGS:id|ARGS:stof "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/print\.php" chain
+SecRule ARGS:id "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#PBLang Local File Inclusion and PHP Code Injection
+SecRule REQUEST_URI "/setcookie.php" chain
+SecRule ARGS:u "\.\."
+SecRule REQUEST_URI "/ucp\.php" chain
+SecRule REQUEST_URI "\""
+
+#mimicboard2 Exposure of User Credentials
+SecRule REQUEST_URI "/mimic2\.dat"
+
+#Mall23 eCommerce "idPage" SQL Injection Vulnerability
+SecRule ARGS:idPage "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#PHP-Nuke SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/modules\.php" chain
+SecRule ARGS:name|ARGS:sid|ARGS:pid "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#Subscribe Me Pro "l" Parameter Directory Traversal Vulnerability
+SecRule REQUEST_URI "/s\.pl" chain
+SecRule ARGS:l "\.\."
+
+#TWiki "rev" Shell Command Injection Vulnerability
+SecRule REQUEST_URI "/TWikiUsers" chain
+SecRule ARGS:rev "![0-9]+"
+SecRule REQUEST_URI "/TWikiUsers\?rev=.*(\'|\|)"
+
+#DeluxeBB SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/topic\.php\?tid.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/misc\.php\?sub=profile&uid.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/forums\.php\?fid=.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/pm\.php\?sub=newpm&uid=.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/newpost\.php\]?sub=newthread&fid=.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#Noah's Classified SQL Injection and Cross-Site Scripting
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:rollid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>)"
+
+#AzDGDatingLite "l" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/include/security\.inc\.php" chain
+SecRule ARGS:l "(\.\.|/)"
+
+#ATutor Password Reminder SQL Injection Vulnerability
+SecRule REQUEST_URI "/password_reminder\.php" chain
+SecRule REQUEST_URI "email.*(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/password_reminder\.php.*form_email=.+UNION\s+SELECT"
+
+#Digital Scribe "username" SQL Injection
+SecRule REQUEST_URI "/login\.php" chain
+SecRule ARGS:username "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#aeDating "Country[]" SQL Injection Vulnerability
+SecRule REQUEST_URI "/search_result.php" chain
+SecRule ARGS:Country\[\] "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#NooToplist "o" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:o "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#HTTP header PHP code injection attacks
+SecRule HTTP_CLIENT_IP|HTTP_USER_AGENT|HTTP_Referer "(<\?php|<[[:space:]]?\?[[:space:]]?php|<\? php)"
+
+#phpWebSite SQL-injection
+SecRule REQUEST_URI "/index\.php\?module=\x27\+union\+select\+username\,password\+from\+mod_users\+where\+username="
+
+#HP-Nuke <=7.8 SQL injection exploit
+SecRule REQUEST_URI "/modules\.php" chain
+SecRule ARGS:name= "\'.*UNION.*SELECT.*FROM.*users.*WHERE.*user_id=.*AND"
+
+#My Little Forum 1. SQL injection
+SecRule REQUEST_URI "/search\.php\?search.*((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\' UNION SELECT user_pw, user_pw, user_pw, user_pw, user_pw).*&ao=phrase"
+
+#Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities
+SecRule REQUEST_URI "pages/forum/submit.html" chain
+SecRule REQUEST_URI "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\[include\])"
+
+#Ikonboard "st" and "keywords" SQL Injection Vulnerability
+SecRule REQUEST_URI "/ikonboard\.cgi" chain
+SecRule ARGS:st|ARGS:keywords "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#ikonboard arbitary file access
+SecRule REQUEST_URI "/help\.cgi\?helpon=\.\./"
+
+#Ikonboard remote file includion
+SecRule REQUEST_URI "/register\.cgi" chain
+SecRule REQUEST_URI|ARGS "(http|https|ftp)\:/"
+
+#IkonBoard 3.1.1/3.1.2a arbitrary command execution
+SecRule REQUEST_URI "/ikonboard\.cgi" chain
+SecRule REQUEST_COOKIES:lang "\|"
+
+#phpMyFAQ vulns
+SecRule REQUEST_URI "/index\.php\?LANGCODE=/\.\."
+SecRule REQUEST_URI "/admin/password\.php" chain
+SecRule REQUEST_URI|ARGS "(user\: \' or isnull\(1/0\)|mail\:)"
+SecRule REQUEST_URI "/footer\.php\?PMF_CONF\[version\].*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/admin/header\.php\?PMF_LANG\[metaLanguage\].*(\"|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>)"
+
+#Riverdark RSS Syndicator XSS attack
+SecRule REQUEST_URI "/rss\.php\?(forum|topic).*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#ContentServ "ctsWebsite" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/admin/about\.php" chain
+SecRule ARGS:ctsWebsite "\.\."
+
+#AlstraSoft E-Friends "mode" File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:mode "(\.\.|/|(http|https|ftp)\:/)"
+
+#SEO-Board SQL Injection Vulnerability
+SecRule REQUEST_URI "/(admin|index)\.php" chain
+SecRule ARGS:user_pass_sha1 "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#CJ LinkOut "123" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/top\.php" chain
+SecRule ARGS:123 "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#jPortal Download Search SQL Injection Vulnerability
+SecRule REQUEST_URI "/download\.php" chain
+SecRule ARGS:word "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#CJ Tag Board Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/details\.php" chain
+SecRule ARGS:date|ARGS:time|ARGS:name|ARGS:ip|ARGS:agent "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/display\.php" chain
+SecRule ARGS:msg "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#CJ Web2Mail Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/thankyou\.php" chain
+SecRule ARGS:message|ARGS:ip|ARGS:name "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/web2mail\.php" chain
+SecRule ARGS:emsg "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#postnuke Local file inclusion via GeSHi library
+SecRule REQUEST_URI "/modules/pn_bbcode/pnincludes/contrib/example\.php"
+
+#TWiki "%INCLUDE" Shell Command Injection Vulnerability
+SecRule REQUEST_URI|REQUEST_BODY "INCLUDE.*rev=.*\|.*\}"
+
+#Barracuda Anti-spam firewall IMG.PL Remote Command Execution
+SecRule REQUEST_URI "/img\.pl\?f=(\x2e\x2e|\;|\.\.|qq\#|\|)"
+
+#PHP-Fusion "msg_send" SQL Injection Vulnerability
+SecRule REQUEST_URI "/messages\.php" chain
+SecRule ARGS:msg_send "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT user_password FROM fusion_users WHERE user_name|\')"
+
+#SquirrelMail Address Add Plugin "first" Cross-Site Scripting
+SecRule REQUEST_URI "/add\.php" chain
+SecRule ARGS:first "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#honeypot
+SecRule REQUEST_URI "/tiki-view_forum_thread\.php\?forumid.*=(http|https|ftp)\:/"
+
+#honeypot
+SecRule REQUEST_URI "/upgrade_album\.php\?GALLERY_BASEDIR=(http|https|ftp)\:/"
+
+#honeypot
+SecRule REQUEST_URI "/index\.php\?page=\|"
+
+#MediaWiki Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI|REQUEST_BODY "\<(math|nowiki)\.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#honeypot
+SecRule REQUEST_URI "/modules\.php\?op=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/modules\.php\?op=.*&name=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/modules\.php\?op=.*&name=.*file=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/modules\.php\?op=.*&name=.*file=.*sid=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/view\.php\?cat=.*(http|https|ftp)\:/"
+
+#PHP-Fusion "album" and "photo" SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/photogallery\.php" chain
+SecRule ARGS:album|ARGS:photo "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#honeypot
+SecRule REQUEST_URI "/forumpollrenderer\.php\?bbPath\[.*\]=(http|https|ftp)\:/"
+
+#phorum spam rules
+SecRule ARGS:PHORUM_CONFIG "(@|(http|https|ftp)\:/)"
+
+#osCommerce "products_id" Additional Images Module SQL Injection
+SecRule REQUEST_URI "/product_info\.php" chain
+SecRule ARGS:products_id "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#PHP-Fusion SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/register\.php" chain
+SecRule ARGS:activate "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/faq\.php" chain
+SecRule ARGS:cat_id "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#Utopia News Pro 1.1.3 SQL injection
+SecRule REQUEST_URI "/news\.php\?action=.*&newsid=" chain
+SecRule REQUEST_URI|ARGS "(UNION.*SELECT.*username,password,null,email,null|(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,])"
+SecRule REQUEST_URI "/news\.php" chain
+SecRule ARGS:newsid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION.*SELECT.*username,password,null,email,null)"
+
+#wormsign
+SecRule REQUEST_URI|REQUEST_BODY "THMC\.\$dbhost\.THMC\.\$dbname\.THMC\.\$dbuser\.THMC\.\$dbpasswd\.THMC"
+
+#Utopia News Pro Cross-Site Scripting
+SecRule REQUEST_URI "/header\.php" chain
+SecRule ARGS:sitetitle "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/footer\.php" chain
+SecRule ARGS:query_count|ARGS:version "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#phpMyAdmin "subform" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/libraries/grab_globals\.lib\.php" chain
+SecRule ARGS:subform "(/|\.\.|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/libraries/grab_globals\.lib\.php" chain
+SecRule ARGS "(?:/|\.\.|(http|https|ftp)\:/)"
+
+
+#Cyphor Cross-Site Scripting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/newmsg\.php" chain
+SecRule ARGS:fid "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/lostpwd\.php" chain
+SecRule ARGS:email|ARGS:nick "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+SecRule REQUEST_URI "/include/footer\.php" chain
+SecRule ARGS:t_login "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#phpbb wormsign
+SecRule REQUEST_URI|REQUEST_BODY "echo _GHC/RST_"
+
+#versatileBulletinBoard 1.00 RC2 sql injection
+SecRule REQUEST_URI "/userlistpre\.php\?list=\'"
+
+#honeypot
+SecRule REQUEST_URI "/BlogModel\.php\?path=(http|https|ftp)\:/"
+
+#YaPiG Multiple Vulnerabilities
+SecRule ARGS:Website "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/view\.php" chain
+SecRule ARGS:img_size "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule ARGS:title "<.*php .*php*\>"
+
+#honeypot
+SecRule REQUEST_URI "/guest\.php\?name=.*web=.*homepage=.*home=&phone="
+
+#W-Agora Remote commands execution
+SecRule REQUEST_URI "extras/quicklist\.php\?fake.*(<\?|\;system)"
+SecRule REQUEST_URI "avatars/suntzu\.php\?suntzu="
+SecRule REQUEST_URI "extras/quicklist\.php\?suntzu="
+SecRule REQUEST_URI "/browse_avatar\.php" chain
+SecRule REQUEST_BODY "Content-Disposition\: form-data\; name=\"avatar\"\;" chain
+SecRule REQUEST_BODY "\<\?php" chain
+SecRule REQUEST_BODY "\?>"
+
+#PHPBB remote command execution SQL injection step
+SecRule REQUEST_URI "/admin_db_utilities\.php\?sid=.*(ALTER TABLE.*VARCHAR.*NOT NULL|DELETE FROM.*WHERE style_name=|SELECT .*passthru.*FROM.*users LIMIT 1 INTO OUTFILE)"
+SecRule REQUEST_URI "/theme_info\.cfg"
+
+#honeypot
+SecRule REQUEST_URI "/item\.php\?pathtoroot=(http|https|ftp)\:/"
+
+#PunBB "old_searches" SQL Injection Vulnerability
+SecRule REQUEST_URI "/search\.php" chain
+SecRule ARGS:old_searches "(select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]"
+
+#W-Agora Local File Inclusion
+SecRule REQUEST_URI "/extras/quicklist\.php" chain
+SecRule ARGS:site "(/|\.\./\.\.)"
+
+#Gallery "g2_itemId" Disclosure of Sensitive Information
+SecRule REQUEST_URI "/main\.php" chain
+SecRule ARGS:g2_itemId "(/|\.\./\.\.)"
+
+#e107 0.617 resetcore.php SQL Injection
+SecRule REQUEST_URI "/resetcore\.php" chain
+SecRule REQUEST_BODY|ARGS|REQUEST_URI "(\'or isnull|siteadmin=suntzu&siteadminemail=fakefakefake@suntzu\.com|a_password=d41d8cd98f00b204e9800998ecf8427e)"
+
+#e107 "a_name" SQL Injection Vulnerability
+SecRule REQUEST_URI "/resetcore\.php" chain
+SecRule ARGS:a_name "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\')"
+
+#honeypot
+SecRule REQUEST_URI "/main\.php\?x=(http|https|ftp)\:/"
+
+# MySource PEAR_PATH Remote File Inclusion
+SecRule REQUEST_URI "/(socket|span|request|mimeDecode|mime|mail|date)\.php" chain
+SecRule ARGS:PEAR_PATH "(http|https|ftp)\:/"
+SecRule REQUEST_URI "/new_upgrade_functions\.php" chain
+SecRule ARGS:INCLUDE_PATH|ARGS:SQUIZLIB_PATH "(http|https|ftp)\:/"
+SecRule REQUEST_URI "/init_mysource\.php" chain
+SecRule ARGS:INCLUDE_PATH "(http|https|ftp)\:/"
+
+#MySource XSS
+SecRule REQUEST_URI "/upgrade_in_progress_backend.php?target_url=\">"
+SecRule REQUEST_URI "/insert_table\.php\?bgcolor=.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/edit_table_cell_props\.php\?bgcolor=.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/header\.php\?bgcolor=.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/edit_table_row_props\.php\?bgcolor=.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/edit_table_props\.php\?bgcolor=.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/edit_table_cell_type_wysiwyg.php?stylesheet=\">"
+
+#Chipmunk Topsites "ID" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/recommend\.php" chain
+SecRule ARGS:ID|ARGS:entryID "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Chipmunk Forum "forumID" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/(newtopic|quote|index|reply)\.php" chain
+SecRule ARGS:ForumID "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#PHP-Nuke NukeFixes Addon "file" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/modules\.php" chain
+SecRule ARGS:files "\.\./"
+
+#ManageEngine NetFlow Analyzer "grDisp" Cross-Site Scripting
+SecRule REQUEST_URI "/index\.jsp" chain
+SecRule ARGS:grDisp "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#IBM Lotus Domino XSS attempts
+SecRule REQUEST_URI "OpenForm.*/BaseTarget=.*\""
+SecRule REQUEST_URI "OpenFrameSet.*/src=.*\"><\/FRAMESET>.*<script>.*<\/script>"
+
+#HP OpenView Network Node Manager Remote Command Execution Attempt
+SecRule REQUEST_URI "/OvCgi/connectedNodes\.ovpl\?" chain
+SecRule ARGS:node "\|"
+
+#
+SecRule REQUEST_URI "/chat\.php" chain
+SecRule ARGS:Username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\')"
+
+#Zomplog Cross-Site Scripting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "detail\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\')"
+SecRule REQUEST_URI "/(get|index)\.php" chain
+SecRule ARGS:catid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\')"
+
+#Basic Analysis and Security Engine SQL Injection Vulnerability
+SecRule REQUEST_URI "/base_qry_main\.php\?new=.*&sig\[.*\]=\x3D&sig\[.*\]=((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\')"
+
+#TClanPortal "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\')"
+SecRule REQUEST_URI "/index\.php\?action=.*id.*UNION.*SELECT.*id="
+
+#SaphpLesson "forumid" SQL Injection Vulnerability
+SecRule REQUEST_URI "/(showcat|add)\.php" chain
+SecRule ARGS:forumid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\')"
+
+#PHP-Nuke SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/modules\.php\?name=Downloads&d_op=.*&url.*((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION SELECT)"
+SecRule REQUEST_URI "/modules\.php\?name=Web_Links&d_op=.*title=.*description.*((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#PHP-Fusion "news_body" Script Insertion Vulnerability
+SecRule REQUEST_URI "/submit\.php" chain
+SecRule ARGS:news_body "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#FlatNuke Cross-Site Scripting and Disclosure of Sensitive Information
+SecRule REQUEST_URI "/index\.php\?op=profile&user=\.\./"
+SecRule REQUEST_URI "/index\.php\?op=newtopic&mode=ris&quale=\.\./.*&page="
+SecRule REQUEST_URI "/index\.php\?op=.*&(user|nome|from)=*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Mantis File Inclusion
+SecRule REQUEST_URI "/bug_sponsorship_list_view_inc\.php\?t_core_path.*((http|https|ftp)\:/|\.\.)"
+
+#PHP iCalendar File Inclusion Vulnerability and XSS
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:phpicalendar "((http|https|ftp)\:/|\.\.)"
+SecRule REQUEST_URI "phpicalendar=.*cookie_view.*(http|https)\:/"
+
+#RSA ACE/Agent for Web "image" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/webauthentication\?GetPic\?image.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#honeypot
+SecRule REQUEST_URI "/tiki-view_cache\.php\?url=\.\./\.\."
+
+#Woltlab Burning Board Database Module SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/info_db\.php" chain
+SecRule ARGS:fileid|ARGS:subkatid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#gCards "limit" SQL Injection Vulnerability
+SecRule REQUEST_URI "/news\.php" chain
+SecRule ARGS:limit "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#ATutor Multiple Vulnerabilities
+SecRule REQUEST_URI "/forum\.inc\.php\?addslashes.*(chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)&(asc|desc)="
+SecRule REQUEST_URI "/(body_header\.inc|print)\.php\?section.*(/|\.\.)"
+SecRule REQUEST_URI "admin/translate\.php" chain
+SecRule ARGS:_base_href "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "include/html/editor_tabs/news\.inc\.php" chain
+SecRule ARGS:_base_path "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "documentation/add_note\.php" chain
+SecRule ARGS:p "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#PHP config recon attack
+SecRule REQUEST_URI "/php\.ini$"
+
+#saphp Lesson add.php forumid Variable SQL Injection
+SecRule REQUEST_URI "/(showcat|add)\.php\?forumid.*(UNION.*SELECT|\|)"
+
+# SaveWebPortal menu_dx.php and menu_sx.php Multiple Variable XSS
+SecRule REQUEST_URI "/menu_dx\.ph" chain
+SecRule ARGS:L_InsertCorrectly|ARGS:L_MENUDX_Login|ARGS:L_MENUDX_Username|ARGS:L_MENUDX_Password|ARGS:L_Ok|ARGS:IMAGES_Url|ARGS:L_MENUDX_Registration|ARGS:BANNER_Url|ARGS:L_MENUSX_Newsletter|ARGS:L_MENUDX_InsertEMail "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/menu_sx\.php" chain
+SecRule ARGS:L_InsertNOK3Char|ARGS:L_MENUSX_Channels|ARGS:L_MENUSX_Home|ARGS:L_MENUSX_Archive|ARGS:L_Search|ARGS:L_Ok|ARGS:IMAGES_Url|ARGS:L_MENUSX_Services|ARGS:L_MENUSX_Links|ARGS:L_MENUSX_Newsletter|ARGS:L_MENUSX_Polls|ARGS:L_MENUSX_ECards|ARGS:L_MENUSX_Downloads|ARGS:L_MENUSX_Community|ARGS:L_MENUSX_Forum|ARGS:L_MENUSX_Chat|ARGS:L_MENUSX_Nicknames|ARGS:L_MENUSX_Membership|ARGS:L_MENUSX_Login|ARGS:L_MENUSX_UserProfile|ARGS:L_MENUSX_PasswordForgot|ARGS:L_MENUSX_Logout|ARGS:L_MENUSX_Contacts|ARGS:L_MENUSX_Guestbook|ARGS:L_MENUSX_ContactUs "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#phpbb xss, sql injection and PHP code injection
+SecRule REQUEST_URI "usercp_register\.php" chain
+SecRule ARGS:error_msg "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "login\.php" chain
+SecRule ARGS:forward_page "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "search\.php" chain
+SecRule ARGS:list_cat "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "usercp_register\.php" chain
+SecRule ARGS:signature_bbcode_uid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule ARGS:signature_bbcode_uid "(<.*php|<php)"
+
+#honeypot
+SecRule REQUEST_URI "index\.php?x=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/classes\.php\?LOCAL_PATH=(http|https|ftp)\:/"
+
+#News2Net "category" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:category "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#eyeOS Script Insertion and Exposure of User Credentials
+SecRule REQUEST_URI "desktop\.php" chain
+SecRule ARGS:motd "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/usrinfo\.xml"
+
+#Invision Gallery "st" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:st "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#oaboard SQL Injection Vulnerabilities
+SecRule REQUEST_URI "forum\.php" chain
+SecRule ARGS:channel|ARGS:topic "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#honeypot
+SecRule REQUEST_URI "/main\.php\?\*=(http|https|ftp)\:/"
+
+#CuteNews "template" Local File Inclusion and remote code execution Vulnerabilities
+SecRule REQUEST_URI "/show_archives\.php" chain
+SecRule ARGS:template "(/|\.\.)"
+#cutenews shell injection vuln
+SecRule REQUEST_URI "/inc/ipban\.mdu" chain
+SecRule ARGS:add_ip "(php|system)"
+SecRule REQUEST_URI "/ipban\.db\.php\?cmd="
+
+
+#phpWebThings "forum" SQL Injection Vulnerability
+SecRule REQUEST_URI "/forum\.php" chain
+SecRule ARGS:forum "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#PHP Handicapper Multiple Vulnerabilities
+SecRule REQUEST_URI "/msg\.php" chain
+SecRule ARGS:msg "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/process_signup\.php" chain
+SecRule ARGS:login "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/process_signup\.php" chain
+SecRule ARGS:serviceid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Simple PHP Blog Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/preview(_cgi|_static_cgi)\.php" chain
+SecRule ARGS:entry "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "preview_cgi\.php" chain
+SecRule ARGS:blog_subject|ARGS:blog_text "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/preview_static_cgi\.php" chain
+SecRule ARGS:blog_subject|ARGS:blog_text|ARGS:file_name "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+SecRule REQUEST_URI "/colors_cgi\.php" chain
+SecRule ARGS:scheme_name|ARGS:bg_color "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#honeypot
+SecRule REQUEST_URI "tiki-pagehistory\.php\?page=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/uniq_login\.php\?login.*(http|https|ftp)\:/"
+SecRule REQUEST_URI "/viewtopic\.php\?t=.*&highlight=\'"
+
+#sumthin scan
+SecRule REQUEST_URI "/sumthin"
+
+#PHPKIT XSS Vulnerability
+SecRule REQUEST_URI "admin/admin\.php" chain
+SecRule ARGS:site_body "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#toendaCMS Disclosure of Sensitive Information
+SecRule REQUEST_URI "/admin\.php" chain
+SecRule ARGS:id_user "(\.\.|/|(http|https|ftp)\:/)"
+
+#Phorum "forum_ids[]" SQL Injection Vulnerability
+SecRule REQUEST_URI "/search\.php" chain
+SecRule ARGS:forums_ids "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Tonio Gallery "galid" SQL Injection Vulnerability
+SecRule REQUEST_URI "/showgallery\.php" chain
+SecRule ARGS:galid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#ibProArcade Module "user" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:user "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#XMB "username" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/u2u\.php" chain
+SecRule ARGS:username "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#tikiwiki XSS
+SecRule REQUEST_URI "/tiki-view_forum_thread\.php" chain
+SecRule ARGS:topics_sort_mode|ARGS:topics_offset "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)"
+
+#Tikiwiki tiki-user_preferences Command Injection Vulnerability
+SecRule REQUEST_URI "/tiki-user_preferences\.php" chain
+SecRule ARGS:language "(/|\.\.)"
+
+#Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability
+SecRule REQUEST_URI "/tiki-editpage\.php" chain
+SecRule ARGS:suck_url "(/|\.\.)"
+
+#phpAdsNew SQL Injection Vulnerability
+SecRule REQUEST_URI "/logout\.php" chain
+SecRule ARGS:sessiodID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Moodle "datalib.php" Remote SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(datalib|category|info)\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/plot\.php" chain
+SecRule ARGS:user "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#honeypot
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:Config_absolute_path|ARGS:configFile "(http|https|ftp)\:/"
+SecRule REQUEST_URI "/error\.php\?dir=(http|https|ftp)\:/"
+SecRule REQUEST_URI "/common\.php\?pun_root=(http|https|ftp)\:/"
+SecRule REQUEST_URI "tiki-wiki_rss\.php\?ver=.*(http|https|ftp)\:/"
+
+#Winmail Server Multiple Vulnerabilities
+SecRule REQUEST_URI "admin/main\.php" chain
+SecRule ARGS:sid "\.\./\.\."
+SecRule REQUEST_URI "badlogin\.php" chain
+SecRule ARGS:retid "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)"
+
+#Pearl Forums SQL Injection and Local File Inclusion Vulnerabilities
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:forumsid|ARGS:topicid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:mode "(\.\./\.\.|/)"
+
+#Peel "rubid" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:rubid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#CodeGrrl Products "siteurl" File Inclusion Vulnerability
+SecRule REQUEST_URI "protection\.php" chain
+SecRule ARGS:siteurl "(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#Wizz Forum Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "ForumauthDetails\.php" chain
+SecRule ARGS:AuthID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "ForumTopicDetails\.php" chain
+SecRule ARGS:TopicID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#iCMS "page" File Inclusion Vulnerability
+SecRule REQUEST_URI "ForumauthDetails\.php" chain
+SecRule ARGS:page "(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#Xoops "xoopsConfig[language]" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "editor_registry\.php" chain
+SecRule REQUEST_URI "xoopsConfig\[language\].*(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#PollVote "pollname" File Inclusion Vulnerability
+SecRule REQUEST_URI "pollvote\.php" chain
+SecRule ARGS:pollname "(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#Xoops WF-Downloads Module "list" SQL Injection Vulnerability
+SecRule REQUEST_URI "viewcat\.php" chain
+SecRule ARGS:list "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#phpwcms Disclosure of Sensitive Information and Cross-Site Scripting
+SecRule REQUEST_URI "login\.php" chain
+SecRule ARGS:form_lang "(\.\./\.\.|/|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "random_image\.php" chain
+SecRule ARGS:imgdir "\.\./\.\."
+
+#OnContent // CMS "pid" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:pid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Mambo "register_globals" Emulation Layer Overwrite Vulnerability
+#Mambo <= 4.5.2 Globals overwrite / remote commands execution
+SecRule ARGS:mosConfig_absolute_path "(\.\./\.\.|/|(http|https|ftp)\:/)" "id:390075,rev:1,severity:2,msg:'JITP: Generic mosConfig_absolute_path File Inclusion Vulnerability'"
+SecRule REQUEST_URI "\.php\?.*mosConfig_absolute_path=(http|https|ftp)\:\/" "id:390076,rev:1,severity:2,msg:'JITP: Generic mosConfig_absolute_path File Inclusion Vulnerability'"
+
+
+#Arki-DB "catid" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:catid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#EkinBoard 1.0.3 config.php SQL Injection through cookie
+SecRule REQUEST_COOKIES:username "or isnull\(1"
+SecRule REQUEST_URI "&activate=1&allow_attch=1&attch_exts=.*php&.*attch_max_size="
+SecRule REQUEST_URI "attachments/suntzu.*\?cmd="
+
+#HPWebThings 1.4 "msg" and "forum" SQL injection
+SecRule REQUEST_URI "forum\.php\?act=.*&msg.*UNION.*SELECT.*(name|password|outfile).*forum="
+SecRule REQUEST_URI "forum\.php\?forum=.*UNION.*SELECT.*(name|password|outfile)"
+SecRule REQUEST_URI "forum\.php\?act=.*&forum.*UNION.*SELECT.*ORD"
+
+#phpnuke query sql injection
+SecRule REQUEST_URI "modules\.php" chain
+SecRule ARGS:query "(\'|UNION.*SELECT)"
+
+#Cyphor Forum SQL Injection Exploit
+SecRule REQUEST_URI "show\.php" chain
+SecRule ARGS:id|ARGS:fid "(\'|UNION.*SELECT)"
+
+#OTRS vulnerabilities, SQL injection and XSS
+SecRule REQUEST_URI "/index\.pl\?Action=(Login&User|AgentTicketPlain&(ArticleID|TicketID))=.*((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/index\.pl\?(QueueID|Action)=.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Omnistar Live SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/kb\.php" chain
+SecRule ARGS:id|ARGS:category_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Ezyhelpdesk Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/\?mid=.*&m2id=.*page=.*(faq_id|c_id).*((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/\?edit=spec_view&edit_id.*((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#1-2-3 Music Store "AlbumID" SQL Injection Vulnerability
+SecRule REQUEST_URI "/process\.php" chain
+SecRule ARGS:AlbumID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#PHP Labs Top Auction SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/viewcat\.php" chain
+SecRule ARGS:category|ARGS:type "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#PHP Labs Survey Wizard "sid" SQL Injection Vulnerability
+SecRule REQUEST_URI "/survey\.php" chain
+SecRule ARGS:sid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#AFFCommerce Shopping Cart Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/subcategory\.php" chain
+SecRule ARGS:cl "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/(iteminfo|itemreview)\.php" chain
+SecRule ARGS:item_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#WSN Forum "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/memberlist\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Tunez SQL Injection and Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/songinfo\.php" chain
+SecRule ARGS:songid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/search\.php" chain
+SecRule ARGS:searchfor "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+# PmWiki 2.0.12 Cross Site Scripting
+SecRule REQUEST_URI "/Search\?action=search.*<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#PHP-Post Cross-Site Scripting
+SecRule REQUEST_URI "/(profile|mail)\.php" chain
+SecRule ARGS:user "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#CommodityRentals "user_id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/usersession" chain
+SecRule ARGS:userid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Joomla! mod_poll SQL Injection
+SecRule REQUEST_URI "/mod_poll" chain
+SecRule ARGS:itemid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Advanced Poll "popup.php" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/popup\.php" chain
+SecRule ARGS:poll_ident "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#PHP-Fusion SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/options\.php" chain
+SecRule ARGS:forum_id|ARGS:thread_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/(viewforum|index)\.php" chain
+SecRule ARGS:lastvisted "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#phpComasy "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#honeypot
+SecRule REQUEST_URI "_head\.php\?_zb_path=(http|https|ftp)\:/"
+
+#vTiger code inclusion attack
+SecRule REQUEST_URI "/vtigercrm\.log"
+
+#Comdev Vote Caster "campaign_id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:campaign_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Softbiz Web Host Directory Script SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(search_result|browsecats)\.php" chain
+SecRule ARGS:cid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/review\.php" chain
+SecRule ARGS:sbres_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/email\.php" chain
+SecRule ARGS:h_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Nicecoder iDesk "cat_id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/faq\.php" chain
+SecRule ARGS:cat_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#IsolSoft Support Center SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/search\.php" chain
+SecRule ARGS:field|ARGS:lorder "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#AgileBill "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/\?_page=product_cat\:t_" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#ActiveCampaign SupportTrio "page" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:page "(\.\./\.\.|/(etc|tmp|var)|(http|https|ftp)\:/)"
+
+#sNews "index.php" SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:id|ARGS:category "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Online Work Order Suite Lite Edition SQL Injection Vulnerability
+SecRule REQUEST_URI "/search\.php" chain
+SecRule ARGS:keyword "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#phpWordPress SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:poll|ARGS:category|ARGS:ctg "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Pdjk-support Suite Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:news_id|ARGS:faq_id|ARGS:rowstart "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+# freeForum 1.x "cat" and "thread" SQL inj.
+SecRule REQUEST_URI "/forum\.php" chain
+SecRule ARGS:cat|ARGS:thread "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#ActiveCampaign KnowledgeBuilder SQL Injection
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:article "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Helpdesk Issue Manager SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/issue\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/find\.php" chain
+SecRule ARGS:orderdir|ARGS:orderby "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/find\.php" chain
+SecRule REQUEST_URI "detail\[\].*((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Q-News "id" File Inclusion Vulnerability
+SecRule REQUEST_URI "/q-news\.php" chain
+SecRule ARGS:id "(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#ADC2000 NG Pro "cat" SQL Injection Vulnerability
+SecRule REQUEST_URI "/adcbrowres\.php" chain
+SecRule ARGS:cat "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Enterprise Connector "messageid" SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/send\.php" chain
+SecRule ARGS:messageid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Softbiz Resource Repository Script SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/showcats\.php" chain
+SecRule ARGS:sbcat_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/(details_res|refer_friend|report_link)\.php" chain
+SecRule ARGS:sbres_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#PHP Doc System Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:show "(\.\./\.\.|/)"
+
+#Netzbrett "p_entry" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:pentry "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#ShockBoard "offset" SQL Injection Vulnerability
+SecRule REQUEST_URI "/topic\.php" chain
+SecRule ARGS:offset "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#K-Search SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:id|ARGS:stat|ARGS:source "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#AllWeb Search "search" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:search "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Simple Document Management System SQL Injection Vulnerability
+SecRule REQUEST_URI "/message\.php" chain
+SecRule ARGS:mid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/list\.php" chain
+SecRule ARGS:folder_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+# edmoBBS SQL inj. vuln.
+SecRule REQUEST_URI "/edmobbs9r\.php" chain
+SecRule ARGS:table|ARGS:messageID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Joels Bulletin Board SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/topiczeigen\.php" chain
+SecRule ARGS:nr "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/(showforum|newtopic)\.php" chain
+SecRule ARGS:forum "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/showforum\.php" chain
+SecRule ARGS:zeigeseite "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/neuerbeitrag\.php" chain
+SecRule ARGS:tidnr "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#UGroup Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/forum\.php" chain
+SecRule ARGS:FORUM_ID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/topic\.php" chain
+SecRule ARGS:TOPIC_ID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Fantastic News "category" SQL Injection Vulnerability
+SecRule REQUEST_URI "/news\.php" chain
+SecRule ARGS:category "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#ClientExec Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:billshowid|ARGS:billdetailid|ARGS:frmClientID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Entergal MX SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:idcat|ARGS:action "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#GuppY PHP Code Injection and Local File Inclusion Vulnerabilities
+SecRule REQUEST_URI "/error\.php" chain
+SecRule REQUEST_URI "_SERVER\[REMOTE_ADDR\].*(php|system\()"
+SecRule REQUEST_URI "/editorTypetool\.php" chain
+SecRule ARGS:meskin "(\.\./\.\.|/|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "/(archbatch|nwlmail)\.php" chain
+SecRule ARGS:lng "(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#DMANews Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:id|ARGS:sortorder|ARGS:display_num "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#BosDates SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/calendar\.php" chain
+SecRule ARGS:year|ARGS:category "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#Post Affiliate Pro "sortorder" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:sortorder "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#BedengPSP Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(index|download)\.php" chain
+SecRule ARGS:cwhere "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/baca\.php" chain
+SecRule ARGS:ckode "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#randshop SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:kategorieid|ARGS:katid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#SourceWell "cnt" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:cnt "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#phpGreetz Include File Bug
+SecRule REQUEST_URI "/content\.php" chain
+SecRule ARGS:content "(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#Athena Include File Bug
+SecRule REQUEST_URI "/athena\.php" chain
+SecRule ARGS:athena_dir "(\.\./\.\.|/|(http|https|ftp)\:/)"
+
+#Athena Include File Bug vulns
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:module "\.\./"
+SecRule REQUEST_URI "/index\.php" chain
+SecRule REQUEST_URI "Users\&Action.*templatename.*/"
+SecRule REQUEST_URI "/index\.php\?module=uploads&action=add2db" chain
+SecRule REQUEST_URI|REQUEST_BODY "\.php"
+
+#Fake gif file shell attacvk
+SecRule HTTP_Content-Type "image/gif"
+SecRule REQUEST_BODY "chr\("
+
+#bogus graphics file
+SecRule HTTP_Content-Disposition "\.php" chain
+SecRule HTTP_Content-Type "(image/gif|image/jpg|image/png|image/bmp)"
+
+#Post Affiliate Pro "sortorder" Remote SQL Injection and Arbitrary File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:md "(\.\./\.\.|/)"
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:sortorder "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+
+#EkinBoard 1.0.3 (config.php) SQL Injection / Command Execution
+SecRule REQUEST_URI "/(index|viewforum|newtopic)\.php" chain
+SecRule REQUEST_COOKIES:username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO.*FROM)"
+SecRule REQUEST_URI "/newtopic\.php" chain
+SecRule HTTP_Content-Disposition "topic_title" chain
+SecRule REQUEST_BODY "php.*system\("
+
+#Unclassified NewsBoard 1.5.3 patch level 3 "Datefrom" blind SQL injection
+SecRule REQUEST_URI "/forum\.php" chain
+SecRule ARGS:DateFrom "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PHPNuke <= 7.8 sql injection
+SecRule REQUEST_URI "/forum\.php" chain
+SecRule ARGS:query "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Moodle <= 1.6dev get record() SQL injection
+SecRule REQUEST_URI "/plot\.php" chain
+SecRule ARGS:user "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/info\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#interesting new pattern
+SecRule REQUEST_URI "/ThisFileMustNotExist"
+
+#honeypot
+SecRule REQUEST_URI "/tiki-backlinks\.php\?page=(http|https|ftp)\:/"
+
+# SocketKB 1.1.x file include Vuln
+SecRule REQUEST_URI "\?__f=(http|https|ftp)\:/"
+SecRule REQUEST_URI "\?__f=rating_add&"
+SecRule ARGS:art_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "\?__f=category&"
+SecRule ARGS:node "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Xaraya "module" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:module "(\.\./\.\.|/)"
+
+#N-13 News "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Softbiz B2B Trading Marketplace Script "cid" SQL Injection
+SecRule REQUEST_URI "/(selloffers|buyoffers|products|profiles)\.php" chain
+SecRule ARGS:cid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+# WEB-MISC mod_gzip_status access
+SecRule REQUEST_URI "/mod_gzip_status" log,pass
+
+#honeypot
+SecRule REQUEST_URI "/index\.php\?main=/"
+
+#PHP Fusion CMS SQL injection Vulnerabilities
+SecRule REQUEST_URI "/viewforum\.php\?" chain
+SecRule ARGS:lastvisited "\'"
+
+#Saxon XSLT command execution attacks
+SecRule REQUEST_URI|REQUEST_BODY "xsl\:value-of select=\"run\:exec\("
+SecRule REQUEST_URI|REQUEST_BODY "xsl.*run\:getRuntime\(\)\, \'\""
+
+#Lore Article.PHP SQL Injection Vulnerability
+SecRule REQUEST_URI "/article\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#honeypoy
+SecRule REQUEST_URI "/imageviewer\.php\?filename="
+
+#PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution
+SecRule REQUEST_URI "/admin/" chain
+SecRule ARGS:username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM|or user_id=2)"
+SecRule REQUEST_URI "files/.*\.php\.menu\?cmd="
+
+#NetClassifieds Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(ViewCat|gallery)\.php" chain
+SecRule ARGS:Catid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/ViewItem\.php" chain
+SecRule ARGS:ItemNum "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Coppermine Photo Gallery "relocate_server.php" Exposure of Configuration
+SecRule REQUEST_URI "/relocate_server\.php"
+
+#WebCalendar HTTP Response Splitting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/edit_report_handler\.php" chain
+SecRule ARGS:time_range "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/layers_toggle\.php" chain
+SecRule ARGS:ret "HTTP"
+
+#Instant Photo Gallery SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/portfolio\.php" chain
+SecRule ARGS:cat_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/content\.php" chain
+SecRule ARGS:cid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Lore "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/article\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#DotClear "dc_xd" SQL Injection Vulnerability
+SecRule REQUEST_URI "/session\.php" chain
+SecRule REQUEST_COOKIES:cd_xd "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#DotClear "dc_xd" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:x "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#O-Kiraku Nikki "day_id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/nikki\.php" chain
+SecRule ARGS:day_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+# AltantisFAQ SQL inj. vuln.
+SecRule REQUEST_URI "/search\.php" chain
+SecRule ARGS:searchStr "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#FAQRing "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/answer\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#WSN Knowledge Base SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:catid|ARGS:perpage|ARGS:ascdesc|ARGS:orderlinks "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/(comments|memberlist)\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Softbiz FAQ Script SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(faq_qanda|refer_friend|print_article|add_comment)\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:cid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#OmniStar KBase SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/comments\.php" chain
+SecRule ARGS:article_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/kb\.php" chain
+SecRule ARGS:category_id|ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#FAQ System SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/viewFAQ\.php" chain
+SecRule ARGS:FAQ_ID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:CATEGORY_ID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#KBase Express SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/category\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Orca Knowledgebase "qid" SQL Injection Vulnerability
+SecRule REQUEST_URI "/knowledgebase\.php" chain
+SecRule ARGS:qid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Survey System "SURVEY_ID" SQL Injection Vulnerability
+SecRule REQUEST_URI "/survey\.php" chain
+SecRule ARGS:SURVEY_ID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Orca Blog SQL inj. vuln.
+SecRule REQUEST_URI "/blog\?msg=((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Orca Ringmaker "start" SQL Injection Vulnerability
+SecRule REQUEST_URI "/ringmaker\.php" chain
+SecRule ARGS:start "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#ltwCalendar "id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/calendar\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Nephp Publisher SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.html" chain
+SecRule ARGS:id|ARGS:nnet_catid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Zainu SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:start|ARGS:term "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Babe Logger "gal" and "id" SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:gal "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/comments\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Zen Cart Input Validation Hole in 'password_forgotten.php' sql injection
+SecRule REQUEST_URI "admin/password_forgotten\.php" chain
+SecRule ARGS:admin_email "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO)"
+
+#Sugar Suite "beanFiles[1]" File Inclusion Vulnerability
+SecRule REQUEST_URI "acceptDecline\.php" chain
+SecRule REQUEST_URI "beanFiles\[1\].*(http|https|ftp)\:/"
+
+#phpMyAdmin register_globals Emulation "import_blacklist" Manipulation
+SecRule REQUEST_URI "/grab_globals\.php" chain
+SecRule ARGS:import_blacklist "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|(http|https|ftp)\:/)"
+
+#Magic Forum Personal Cross-Site Scripting and SQL Injection
+SecRule REQUEST_URI "/view_forum\.cfm" chain
+SecRule ARGS:ForumID|ARGS:Thread|ARGS:ThreadID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO)"
+SecRule REQUEST_URI "/search_forums\.cfm" chain
+SecRule ARGS:Words "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#Magic List Pro "ListID" SQL Injection Vulnerability
+SecRule REQUEST_URI "/view_archive\.cfm" chain
+SecRule ARGS:ListID "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*INTO)"
+
+#CF_Nuke Directory Traversal and Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "/index\.cfm" chain
+SecRule ARGS:sector|ARGS:page "\.cfm"
+
+#phpForumPro SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:parent|ARGS:day "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Cars Portal SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:page|ARGS:car "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PluggedOut Blog "index.php" SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:categoryid|ARGS:entryid|ARGS:year|ARGS:month|ARGS:day "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PluggedOut Nexus SQL Injection and Cross-Site Scripting
+SecRule REQUEST_URI "/search\.php" chain
+SecRule ARGS:firstname|ARGS:lastname|ARGS:location "(((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>)"
+SecRule REQUEST_URI "/search_forums\.cfm" chain
+SecRule ARGS:Words "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#honeypot
+SecRule REQUEST_URI "/tiki-view_forum_thread\.php" "chain,id:390083,rev:1,severity:2,msg:'JITP: tikiwiki XSS Vulnerability'"
+SecRule ARGS:comments_parentId|ARGS:forumId|ARGS:topics_offset "(<+(script|about|applet|activex|chrome)|onmouseover=\'javascript)"
+SecRule REQUEST_URI "/tiki-view_forum_thread\.php" "chain,id:390082,rev:1,severity:2,msg:'JITP: tikiwiki Remote File Inclusion Vulnerability'"
+SecRule ARGS:comments_parentId|ARGS:forumId|ARGS:topics_offset "(ht|f)tps?\:/"
+
+#wormsign
+SecRule REQUEST_URI "Hacked.*by.*member.*of.*SCC"
+
+#phpMyAdmin Cross-Site Scripting Vulnerabilities
+SecRule ARGS:HTTP_HOST "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)"
+
+#Web4Future eCommerce Products SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/view\.php" chain
+SecRule ARGS:prod|ARGS:brid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/viewbrands\.php" chain
+SecRule ARGS:bid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:grp|ARGS:cat "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#DoceboLMS Information Disclosure
+SecRule REQUEST_URI "/connector\.php" chain
+SecRule ARGS:Type "\.\."
+
+#Web4Future Affiliate Manager Pro "pid" SQL Injection Vulnerability
+SecRule REQUEST_URI "/functions\.php" chain
+SecRule ARGS:pid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PHP-addressbook "view.php" SQL Injection Vulnerability
+SecRule REQUEST_URI "/view\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Blog System SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/blog\.php" chain
+SecRule ARGS:note "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:cat "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Multiple vendor vulnerability
+#Amazon Search Directory "search.cgi" Cross-Site Scripting
+#Warm Links "search.cgi" Cross-Site Scripting Vulnerability
+#Hot Links SQL "search.cgi" Cross-Site Scripting Vulnerability
+#Hot Links Pro "search.cgi" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/search\.cgi" chain
+SecRule ARGS:search "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#1-Search "1search.cgi" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/1search\.cgi" chain
+SecRule ARGS:q "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#Easy Search System "search.cgi" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/search\.cgi" chain
+SecRule ARGS:q "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#phpYellow SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/search_result\.php" chain
+SecRule ARGS:haystack "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/print_me\.php" chain
+SecRule ARGS:ckey "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Relative Real Estate Systems "mls" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:mls "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#LandShop SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/ls\.php" chain
+SecRule ARGS:search_order|ARGS:search_type|ARGS:search_area|ARGS:keyword "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Widget Imprint "product_id" SQL Injection Vulnerability
+SecRule REQUEST_URI "/create\.php" chain
+SecRule ARGS:product_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Widget Property SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/property\.php" chain
+SecRule ARGS:property_id|ARGS:zip_code|ARGS:property_type_id|ARGS:price|ARGS:city_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Web4Future Portal Solutions Information Disclosure and SQL Injection
+SecRule REQUEST_URI "/comentarii\.php" chain
+SecRule ARGS:idp "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/archiva\.php" chain
+SecRule ARGS:dir "\.\."
+
+#HobSR "view.php" SQL Injection Vulnerability
+SecRule REQUEST_URI "/view\.php" chain
+SecRule ARGS:arrange "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Web4Future eDating Professional SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:s|ARGS:pg|ARGS:sortb "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/(gift|fq)\.php" chain
+SecRule ARGS:cid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/articles\.php" chain
+SecRule ARGS:cat "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#FileLister "searchwhat" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "/definesearch\.jsp" chain
+SecRule ARGS:searchwhat "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#PHP-Fusion "srch_text" SQL Injection Vulnerability
+SecRule REQUEST_URI "/messages\.php" chain
+SecRule ARGS:srch_text "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Nortel SSL VPN Web Interface XSS
+SecRule REQUEST_URI "/tunnelform\.yaws" chain
+SecRule ARGS:a "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#Scout Portal Toolkit Possible Sql Injection..and XSS
+SecRule REQUEST_URI "BrowseResources\.php\?ParentId=\'"
+SecRule REQUEST_URI "SPT\-\-UserLogin\.php" chain
+SecRule ARGS:F_UserName|ARGS:F_Password "(\'|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+SecRule REQUEST_URI "SPT\-\-FullRecord\.php" chain
+SecRule ARGS:ResourceId "(\'|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+SecRule REQUEST_URI "SPT\-\-BrowseResources\.php" chain
+SecRule ARGS:ParentId "(\'|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+SecRule REQUEST_URI "SPT\-\-Home\.php" chain
+SecRule ARGS:ResourceOffset "(\'|<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+SecRule REQUEST_URI "SPT\-\-QuickSearch\.php" chain
+SecRule ARGS:ss|ARGS:F_SearchString "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+SecRule REQUEST_URI "SPT\-\-BrowseResources\.php" chain
+SecRule ARGS:ParentId "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+SecRule REQUEST_URI "SPT\-\-AdvancedSearch\.php" chain
+SecRule ARGS "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#Magic Book v2.0 Professional XSS Vuln
+SecRule REQUEST_URI "/book\.cfm\?StartRow.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#flatnuke remote shell
+SecRule REQUEST_URI "verify\.php" chain
+SecRule REQUEST_URI|REQUEST_BODY "mod=modcont&from=index\.php&body=.*\<\?php.*&file=forum.*users.*\.php"
+SecRule REQUEST_URI "forum/users/.*\.php\?cmd="
+
+#Netref "cat" SQL Injection Vulnerability
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:cat "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#milliscripts Redirection "domainname" Cross-Site Scripting
+SecRule REQUEST_URI "register\.php" chain
+SecRule ARGS:domainname "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#phpnuke exploit
+SecRule REQUEST_URI "/modules\.php\?name=Search&type=comments&query=.*&instory=.*UNION.*SELECT.*pwd.*FROM.*nuke_authors"
+
+#limbo exploit
+SecRule REQUEST_URI "index2\.php\?cmd.*\&_SERVER\[\]=\&_SERVER\[REMOTE_ADDR\]=" chain
+SecRule REQUEST_URI|REQUEST_BODY "system"
+
+#Plogger '/admin/plog-admin-functions.php' Include File Bug Lets Remote Users Execute
+SecRule REQUEST_URI "admin/plog-admin-functions\.php\?config\[basedir\]=(http|https|ftp)\:/"
+
+#PHPGedView <= 3.3.7 remote commands execution
+SecRule REQUEST_URI "help_text_vars\.php\?.*=.*PGV_BASE_DIRECTORY=./index/pgv.*\.log"
+SecRule REQUEST_URI "help_text_vars\.php\?suntzu="
+
+#AlstraSoft EPay Enterprise Script Insertion Vulnerabilities
+SecRule REQUEST_URI "(profile|card|bank|subscriptions|send|request|forgot|escrow|donations|products)\.htm" chain
+SecRule ARGS "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#PHP-Fusion Multiple Vulnerabilities
+SecRule REQUEST_URI "members\.php" chain
+SecRule ARGS:sortby "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+SecRule REQUEST_URI "ratings_include\.php" chain
+SecRule ARGS:rating "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#e-publish Cross-Site Scripting and SQL Injection Vulnerabilities
+SecRule REQUEST_URI "printer_friendly\.cfm" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "show\.cfm" chain
+SecRule ARGS:obcatid|ARGS:comid "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#eggblog "q" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "search\.php" chain
+SecRule ARGS:q "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+# SyntaxCMS XSS vuln.
+SecRule REQUEST_URI "/search/\?search_query=*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#SPIP Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "spip_(login|pass)\.php3" chain
+SecRule ARGS "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#SiteSage "norelay_highlight_words" Cross-Site Scripting Vulnerability
+SecRule ARGS:norelay_highlight_words "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#OpenEdit Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "results\.html" chain
+SecRule ARGS:oe-action|ARGS:page "(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=\'javascript)"
+
+#Portfolio NetPublish "template" Disclosure of Sensitive Information
+SecRule REQUEST_URI "server\.np\?base&site=\[.*\]&catalog=.*&template=*\.\./"
+
+#Papoo SQL Injection Vulnerabilities
+SecRule REQUEST_URI "(index|guestbook)\.php" chain
+SecRule ARGS:menuid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "print\.php" chain
+SecRule ARGS:forumid|ARGS:reporeid_print "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#phpSlash "story_id" SQL Injection Vulnerability
+SecRule REQUEST_URI "article\.php" chain
+SecRule ARGS:story_id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PhpGedView File Inclusion and PHP Code Injection Vulnerabilities
+SecRule REQUEST_URI "authenticate\.php" chain
+SecRule ARGS:user_language|ARGS:user_email|ARGS:user_gedcomid "\<.*php"
+
+#Miraserver SQL Injection Vulnerabilities
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:page "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "newsitem\.php" chain
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "article\.php" chain
+SecRule ARGS:cat "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Information Call Center "CallCenterData.mdb" Exposure of User Credentials
+SecRule REQUEST_URI "CallCenterData\.mdb"
+
+#phpBB <= 2.0.17 remote command execution exploit
+SecRule REQUEST_URI "profile\.php\?GLOBALS\[signature_bbcode_uid\]=\(\.\x2B\)/e\x00"
+SecRule REQUEST_URI|REQUEST_BODY "r57phpBB2017xpl"
+SecRule REQUEST_BODY "_bill_gates@microsoft\.com"
+
+#phpDocumentor File Inclusion Vulnerabilities
+SecRule REQUEST_URI "Documentation/tests/bug-559668\.php" chain
+SecRule ARGS:FORUM\[LIB\] "(http|https|ftp)\:/"
+SecRule REQUEST_URI "docbuilder/file_dialog\.php" chain
+SecRule ARGS:root_dir "(http|https|ftp)\:/"
+
+#honeypot
+SecRule REQUEST_URI "/tiki-index\.php\?page=(\||/|\.)"
+SecRule REQUEST_URI "/tech_o\.php\?absolute_path=(http|https|ftp)\:/"
+SecRule REQUEST_URI "moblog_lib\.php\?basedir=(cmd|(http|https|ftp)\:/)"
+
+#FlatCMS <=1.01 Remote Command Execution Exploit
+SecRule REQUEST_URI "/admin/cijfer\.php\?cij="
+SecRule REQUEST_URI "/admin/file_editor\.php" chain
+SecRule REQUEST_URI "\?save_file=cijfer\.php&f_content="
+SecRule REQUEST_URI "/admin/file_editor\.php" chain
+SecRule REQUEST_URI "\x3C\x3F\x24"
+#the specific payload, if you prefer
+#SecRule REQUEST_URI "\x3C\x3F\x24handle\x3Dpopen\x5C\x28\x24_GET\x5Bcij\x5D\x2C\x22r\x22\x29\x3Bwhile\x28\x21feof\x28\x24handle\x29\x29\x7B\x24line\x3Dfgets\x28\x24handle\x29\x3Bif\x28strlen\x28\x24line\x29\x3E\x3D1\x29\x7Becho\x22\x24line\x22\x3B\x7D\x7Dpclose\x28\x24handle\x29\x3B\x3F\x3E"
+
+#Valdersoft Shopping Cart <=3.0 Remote Command Execution Exploit
+SecRule REQUEST_URI "/include/templates/categories/default\.php\?.*\;echo"
+SecRule REQUEST_URI "/include/templates/categories/default\.php\?.*<\?passthru\(\$_GET\[cmd\]\)\;\?>"
+SecRule ARGS:catalogDocumentRoot "(https|http|ftp)\:/"
+
+#honeypot
+SecRule REQUEST_URI "index\.php\?p=(http|https|ftp)\:/"
+
+#Phgstats "phgdir" File Inclusion Vulnerability
+SecRule REQUEST_URI "phgstats\.inc\.php" chain
+SecRule ARGS:phgdir "(http|https|ftp)\:/"
+
+#VenomBoard SQL Injection Vulnerabilities
+SecRule REQUEST_URI "post\.php3" chain
+SecRule ARGS:topic_id|ARGS:root|ARGS:parent "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+# PHPNuke EV 7.7 'search' module 'query' variable SQL injection
+SecRule REQUEST_URI "/modules\.php\?name=Search" chain
+SecRule REQUEST_URI "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#honeypot
+SecRule REQUEST_URI "/admin\.php\?op=AddAuthor&add_aid=.*&add_name=.*&add_pwd=.*&add_email=r00t_System@hush\.com"
+
+#Etomite "cij" shell command backdoor
+SecRule REQUEST_URI "manager/includes/todo\.inc\.php"
+
+#openSRS exploit
+SecRule REQUEST_URI "mod_opensrs/mod_config\.php\?this_mod_opensrs_config.*=.*&DIR=(http|https|ftp)\:/"
+
+#honeypot
+SecRule REQUEST_URI "/index\.php" chain
+SecRule ARGS:lp "(http|https|ftp)\:/"
+SecRule REQUEST_URI "\.php\?forum=.*union.*select.*password,password,null,null"
+SecRule REQUEST_URI "/wwForum\.mdb"
+
+#ImpExData.php?systempath=
+SecRule REQUEST_URI "/ImpExData\.php" chain
+SecRule ARGS:systempath "(http|https|ftp)\:/"
+
+#SQuery <= 4.5 Remote File Inclusion Exploit
+SecRule REQUEST_URI "lib/(armygame|ase|devi|doom3|et|flashpoint.php|gameSpy|gameSpy2|gore|gsvari|halo|hlife|hlife2|igi2|main.lib|netpanzer|old_hlife|pkill|q[23]a|qworlp|rene|rvbshld|savage|simracer|sof1|sof2|unreal|ut2004|vietcong)\.php" chain
+SecRule ARGS:libpath "(http|https|ftp)\:/"
+
+#MonAlbum Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "index\.php" chain
+SecRule ARGS:pc "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "image_agrandir.php" chain
+SecRule ARGS:pnom|ARGS:pcourriel "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PHPNuke-Clan "vwar_root" File Inclusion Vulnerability
+#VWar <= 1.5.0 R12 Remote File Inclusion Exploit
+SecRule REQUEST_URI "(/includes/functions_(common|install)|/includes/get_header)\.php" "chain,id:390039,rev:2,severity:2,msg:'JITP: vwar_root remote/local file inclusion'"
+SecRule ARGS:vwar_root "((http|https|ftp)\:/|\.\./\.\.)"
+
+#gtd-php Cross-Site Scripting and Script Insertion Vulnerabilities
+SecRule REQUEST_URI "new(Project|List|WaitingOn|ChecklistContext|Category.php|Goal)\.php" chain
+SecRule ARGS "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "listReport\.php" chain
+SecRule ARGS:listTitle "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "projectReport\.php" chain
+SecRule ARGS:projectName "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "checklistReport\.php" chain
+SecRule ARGS:checklistTitle "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#aWebBB Multiple Vulnerabilities
+SecRule REQUEST_URI "post\.php" "chain,id:390001,rev:1,severity:2,msg:'JITP: aWebBB XSS attack on post.php'"
+SecRule ARGS:tname|ARGS:fpost "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "editac\.php" "chain,id:390002,rev:1,severity:2,msg:'JITP: aWebBB XSS attack on editac.php'"
+SecRule ARGS:fullname|ARGS:emailadd|ARGS:country|ARGS:sig|ARGS:otherav "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "register\.php" "chain,id:390003,rev:1,severity:2,msg:'JITP: aWebBB XSS attack on register.php'"
+SecRule ARGS:fullname|ARGS:emailadd|ARGS:country "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "(accounts|changep|editac|feedback|fpass|login|post|reply|reply_log)\.php" "chain,id:390004,rev:1,severity:2,msg:'JITP: aWebBB XSS attack'"
+SecRule ARGS:Username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "dpost\.php" "chain,id:390004,rev:1,severity:2,msg:'JITP: aWebBB SQL attack'"
+SecRule ARGS:p "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "(ndis|list)\.php" "chain,id:390005,rev:1,severity:2,msg:'JITP: aWebBB SQL attack'"
+SecRule ARGS:c "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "search\.php" "chain,id:390005,rev:1,severity:2,msg:'JITP: aWebBB SQL attack'"
+SecRule ARGS:q "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#phpBB "cur_password" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "profile\.php" "chain,id:390006,rev:1,severity:2,msg:'JITP: phpBB cur_password XSS attack'"
+SecRule ARGS:cur_password "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit
+SecRule REQUEST_URI "modules/vWar_Account/includes/functions_(common|front)\.php" "chain,id:390007,rev:2,severity:2,msg:'JITP: PHPNuke-Clan 3.0.1 Remote File Inclusion Exploit'"
+SecRule ARGS:vwar_root2 "(http|https|ftp)\:/"
+
+#Claroline <= 1.7.4 scormExport.inc.php remote command vuln
+SecRule REQUEST_URI "scormExport\.inc\.php" "chain,id:390008,rev:1,severity:2,msg:'JITP: Claroline <= 1.7.4 scormExport.inc.php remote command vuln'"
+SecRule ARGS:includePath "((http|https|ftp)\:/|\.\./\.\.)"
+SecRule REQUEST_URI "scormExport\.inc\.php\?cmd=" "id:390009,rev:1,severity:2,msg:'JITP: Claroline <= 1.7.4 scormExport.inc.php remote command vuln'"
+
+#Claroline <= 1.7.4 XSS and recursion attack
+SecRule REQUEST_URI "rqmkhtml\.php" "chain,id:390010,rev:1,severity:2,msg:'JITP: Claroline <= 1.7.4 XSS attack'"
+SecRule ARGS:cmd "(rqEdit|rwEditHtml)" chain
+SecRule ARGS:file "(><|\.\./\.\.)"
+
+#aWebNews Multiple Vulnerabilities
+SecRule REQUEST_URI "visview\.php" "chain,id:390011,rev:1,severity:2,msg:'JITP: aWebNews XSS attack'"
+SecRule ARGS:yname|ARGS:emailadd|ARGS:subject|ARGS:comment "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+SecRule REQUEST_URI "(login|fpass)\.php" "chain,id:390012,rev:1,severity:2,msg:'JITP: aWebBBNewsSQL attack'"
+SecRule ARGS:user123 "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "visview\.php" "chain,id:390013,rev:1,severity:2,msg:'JITP: aWebBBNewsSQL attack'"
+SecRule ARGS:cid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#WebAPP Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "index\.cgi" "chain,id:390014,rev:1,severity:2,msg:'JITP: aWebAPP XSS attack'"
+SecRule ARGS:action|ARGS:id|ARGS:num|ARGS:board|ARGS:cat|ARGS:writer|ARGS:viewcat|ARGS:img|ARGS:curcatname|ARGS:vsSD "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#qliteNews "loginprocess.php" SQL Injection Vulnerability
+SecRule REQUEST_URI "loginprocess\.php" "chain,id:390015,rev:1,severity:2,msg:'JITP: qliteNEws SQL injection attack'"
+SecRule ARGS:username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#RedCMS SQL Injection and Script Insertion Vulnerabilities
+SecRule REQUEST_URI "login\.php" "chain,id:390016,rev:1,severity:2,msg:'JITP: RedCMS SQL Injection'"
+SecRule ARGS:username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "profile\.php" "chain,id:390017,rev:1,severity:2,msg:'JITP: RedCMS SQL Injection'"
+SecRule ARGS:u "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "register\.php" "chain,id:390018,rev:1,severity:2,msg:'JITP: RedCMS XSS attack'"
+SecRule ARGS:Email|ARGS:Location|ARGS:Website "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#Oxygen "fid" SQL Injection Vulnerability
+SecRule REQUEST_URI "post\.php" "chain,id:390019,rev:1,severity:2,msg:'JITP: Oxygen SQL Injection'"
+SecRule ARGS:fid "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Mantis Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "view_set_all\.php" "chain,id:390020,rev:1,severity:2,msg:'JITP: Mantis XSS attack'"
+SecRule ARGS:start_day|ARGS:start_year|ARGS:start_month "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#vCounter "url" SQL Injection Vulnerability
+SecRule REQUEST_URI "vCounter\.php" "chain,id:390021,rev:1,severity:2,msg:'JITP: Oxygen SQL Injection'"
+SecRule ARGS:url "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PHP Classifieds "searchword" Cross-Site Scripting Vulnerability
+SecRule REQUEST_URI "search\.php" "chain,id:390022,rev:1,severity:2,msg:'JITP: Mantis XSS attack'"
+SecRule ARGS:searchword "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#PHPCollab v2.x / NetOffice v2.x sendpassword.php SQL Injection
+SecRule REQUEST_URI "/sendpassword\.php\?action=send" "chain,id:390023,rev:1,severity:2,msg:'JITP: PHPCollab v2.x / NetOffice v2.x sendpassword.php SQL Injection'"
+SecRule REQUEST_BODY "UNION SELECT.*concat.*password.*admin\.php"
+
+#Sourceworkshop newsletter "email" SQL Injection Vulnerability
+SecRule REQUEST_URI "/newsletter\.php" "chain,id:390024,rev:1,severity:2,msg:'JITP: Sourceworkshop newsletter SQL Injection Vulnerability'"
+SecRule ARGS:newsletteremail "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#X-Changer SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/index\.php" "chain,id:390025,rev:1,severity:2,msg:'JITP: X-Changer SQL Injection Vulnerability'"
+SecRule ARGS:from|ARGS:into|ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Cholod Mysql based message board Script Insertion and SQL Injection
+SecRule REQUEST_URI "/mb\.cgi" "chain,id:390025,rev:1,severity:2,msg:'JITP: X-Changer SQL Injection Vulnerability'"
+SecRule ARGS:topicnumber|ARGS:threadnumber "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/mb\.cgi" "chain,id:390026,rev:1,severity:2,msg:'JITP: X-Changer XSS Vulnerability'"
+SecRule ARGS:Name|ARGS:Subject|ARGS:Message "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#Null news Multiple SQL Injection Vulnerabilities
+SecRule REQUEST_URI "/(sub|unsub)\.php" "chain,id:390027,rev:1,severity:2,msg:'JITP: Null news Multiple SQL Injection Vulnerabilities'"
+SecRule ARGS:user_username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "/lostpass\.php" "chain,id:390028,rev:1,severity:2,msg:'JITP: Null news Multiple SQL Injection Vulnerabilities'"
+SecRule ARGS:user_email "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#VSNS Lemon SQL injection Vulnerabilities
+SecRule REQUEST_URI "/functions/final_functions\.php" "chain,id:390029,rev:1,severity:2,msg:'JITP: Null news Multiple SQL Injection Vulnerabilities'"
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#PHPLiveHelper 1.8 remote command execution Xploit
+SecRule REQUEST_URI "initiate\.php" "chain,id:390030,rev:1,severity:2,msg:'JITP: PHPLiveHelper 1.8 remote command execution Xploit'"
+SecRule ARGS:abs_path "(http|https|ftp)\:/"
+
+#Pixel Motion Blog SQL Injection Vulnerabilities
+SecRule REQUEST_URI "admin/index\.php" "chain,id:390031,rev:1,severity:2,msg:'JITP: Pixel Motion Blog SQL Injection Vulnerabilities'"
+SecRule ARGS:user|ARGS:pass "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "index\.php" "chain,id:390032,rev:1,severity:2,msg:'JITP: Pixel Motion Blog SQL Injection Vulnerabilities'"
+SecRule ARGS:date "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Nuked-Klan "m" SQL Injection Vulnerability
+SecRule REQUEST_URI "index\.php" "chain,id:390033,rev:1,severity:2,msg:'JITP: Nuked-Klan SQL Injection Vulnerability'"
+SecRule ARGS:m "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#TFT Gallery "passwd" Exposure of User Credentials
+SecRule REQUEST_URI "admin/passwd$" "id:390035,rev:1,severity:2,msg:'JITP: TFT Gallery passwd Exposure of User Credentials'"
+
+#PHP Ticket "frm_search_in" SQL Injection Vulnerability
+SecRule REQUEST_URI "search\.php" "chain,id:390036,rev:1,severity:2,msg:'JITP: Nuked-Klan SQL Injection Vulnerability'"
+SecRule ARGS:frm_search_in "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#WEBalbum Local File Inclusion Vulnerability
+SecRule REQUEST_COOKIES:skin2 "\.\." "id:390037,rev:1,severity:2,msg:'JITP: WEBalbum Local File Inclusion Vulnerability'"
+
+#G-Book "g_message" Script Insertion Vulnerability
+SecRule REQUEST_URI "/guestbook\.php" "chain,id:390038,rev:1,severity:2,msg:'JITP: G-Book g_message Script Insertion Vulnerability'"
+SecRule ARGS:g_message "((javascript|script|about|applet|activex|chrome)*\>|html|(http|https|ftp)\:/)"
+
+#PHPMyChat exploit
+SecRule REQUEST_URI "messagesL\.php.?\?L=.*R=.*N=.*&T=.*cmd=" "id:390039,rev:1,severity:2,msg:'JITP: PHPMyChat exploit'"
+
+#Horde Help Module Remote Execution
+SecRule REQUEST_URI "/services/help/\?show=.*&module=;\"" "id:390040,rev:1,severity:2,msg:'JITP: Horde Help Module Remote Execution'"
+
+#Internet PhotoShow Remote File Inclusion Exploit
+SecRule REQUEST_URI "index\.php?page=(ht|f)tps?:/.*\?&[a-z]+=[a-z]" "id:390041,rev:1,severity:2,msg:'JITP: Internet PhotoShow Remote File Inclusion Exploit'"
+
+#Censtore.cgi exploit
+SecRule REQUEST_URI "/censtore\.cgi\?page=\|" "id:390042,rev:1,severity:2,msg:'JITP: Censtore.cgi exploit'"
+
+#quizz.pl exploit
+SecRule REQUEST_URI "quizz\.pl/ask/\;" "id:390043,rev:1,severity:2,msg:'JITP: quizz.pl exploit'"
+
+#phpinfo.cgi command execution
+SecRule REQUEST_URI "/phpinfo\.php\?cmd=" "id:390044,rev:1,severity:2,msg:'JITP: phpinfo.cgi command execution'"
+
+#phpRaid "phpbb_root_path" File Inclusion Vulnerability
+SecRule REQUEST_URI "auth/auth_phpbb\.php" "chain,id:390045,rev:1,severity:2,msg:'JITP: phpRaid phpbb_root_path File Inclusion Vulnerability'"
+SecRule ARGS:phpbb_root_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#openEngine "template" Parameter Local File Inclusion Vulnerability
+SecRule REQUEST_URI "website\.php" "chain,id:390046,rev:1,severity:2,msg:'JITP: openEngine template Parameter Local File Inclusion Vulnerability'"
+SecRule ARGS:template "\.\./\.\."
+
+#ISPConfig "go_info[server][classes_root]" File Inclusion
+SecRule REQUEST_URI "lib/session\.inc\.php" "chain,id:390047,rev:1,severity:2,msg:'JITP: ISPConfig go_info[server][classes_root] File Inclusion'"
+SecRule REQUEST_URI "go_info\[server\]\[classes_root\].*((ht|f)tps?:/|\.\./\.\.)"
+
+#ManageEngine OpManager "searchTerm" Cross-Site Scripting
+SecRule REQUEST_URI "search\.do" "chain,id:390048,rev:1,severity:2,msg:'JITP: ManageEngine OpManager searchTerm Cross-Site Scripting'"
+SecRule ARGS:searchTerm "(javascript|script|about|applet|activex|chrome)*\>"
+
+#AliPAGER "ubild" Cross-Site Scripting and SQL Injection
+SecRule REQUEST_URI "inc/elementz\.php" "chain,id:390049,rev:1,severity:2,msg:'JITP: AliPAGER ubild Cross-Site Scripting and SQL Injection'"
+SecRule ARGS:ubild "((javascript|script|about|applet|activex|chrome)*\>|((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM))"
+
+#MxBB Portal pafileDB Module "module_root_path" File Inclusion
+SecRule REQUEST_URI "includes/pafiledb_constants\.php" "chain,id:390050,rev:1,severity:2,msg:'JITP: MxBB Portal pafileDB Module module_root_path File Inclusion'"
+SecRule ARGS:module_root_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#Jadu CMS "register.php" Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "site/scripts/register\.php" "chain,id:390051,rev:1,severity:2,msg:'JITP: Jadu CMS register.php Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:forename|ARGS:surname|ARGS:reg_email|ARGS:email_conf|ARGS:company|ARGS:city|ARGS:postcode|ARGS:telephone "(javascript|script|about|applet|activex|chrome|php)*\>"
+
+#OpenFAQ "q" Parameter Script Insertion Vulnerability
+SecRule REQUEST_URI "search\.php" "chain,id:390052,rev:1,severity:2,msg:'JITP: OpenFAQ q Parameter Script Insertion Vulnerability'"
+SecRule ARGS:q "(javascript|script|about|applet|activex|chrome)*\>"
+
+#phpBB foing Module "phpbb_root_path" File Inclusion
+SecRule REQUEST_URI "(index|faq|song|list|gen_m3u|playlist)\.php" "chain,id:390053,rev:1,severity:2,msg:'JITP: phpBB foing Module phpbb_root_path File Inclusion'"
+SecRule ARGS:phpbb_root_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#Sugar Suite "sugarEntry" Parameter Security Bypass
+SecRule REQUEST_URI "/modules/.*/.*\.php\?GLOBALS\[sugarEntry\].*((ht|f)tps?:/|\.\./\.\.)" "id:390054,rev:1,severity:2,msg:'JITP: Sugar Suite sugarEntry Parameter Security Bypass'"
+SecRule REQUEST_URI "/modules/.*/.*\.php\?cmd=.*GLOBALS\[sugarEntry\].*((ht|f)tps?:/|\.\./\.\.)" "id:390055,rev:1,severity:2,msg:'JITP: Sugar Suite sugarEntry Parameter Security Bypass'"
+SecRule REQUEST_URI "/modules/.*/.*\.php" "chain,id:390056,rev:1,severity:2,msg:'JITP: Sugar Suite sugarEntry Parameter Security Bypass'"
+SecRule REQUEST_BODY|REQUEST_URI "\?GLOBALS\[sugarEntry\].*((ht|f)tps?:/|\.\./\.\.)"
+
+#Sugar Suite exploit
+SecRule REQUEST_URI "modules/Administration/RebuildAudit\.php\?cmd=" "id:390057,rev:1,severity:2,msg:'JITP: Sugar Suite exploit'"
+
+#TikiWiki Multiple Cross-Site Scripting Vulnerabilities
+SecRule REQUEST_URI "tiki-lastchanges\.php" "chain,id:390058,rev:1,severity:2,msg:'JITP: TikiWiki Multiple Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:days|ARGS:offset "(javascript|script|about|applet|activex|chrome)+.?\>"
+SecRule REQUEST_URI "tiki-orphan_pages\.php" "chain,id:390059,rev:1,severity:2,msg:'JITP: TikiWiki Multiple Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:find "(javascript|script|about|applet|activex|chrome)+.?\>"
+SecRule REQUEST_URI "tiki-listpages\.php" "chain,id:390060,rev:1,severity:2,msg:'JITP: TikiWiki Multiple Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:offset|ARGS:initial "(javascript|script|about|applet|activex|chrome)+.?\>"
+SecRule REQUEST_URI "tiki-remind_password\.php" "chain,id:390061,rev:1,severity:2,msg:'JITP: TikiWiki Multiple Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:username "(javascript|script|about|applet|activex|chrome)+.?\>"
+SecRule REQUEST_URI "tiki-(admin_(rssmodules|notifications|content_templates|chat)|syslog)\.php" "chain,id:390062,rev:1,severity:2,msg:'JITP: TikiWiki Multiple Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:offset "(javascript|script|about|applet|activex|chrome)+.?\>"
+SecRule REQUEST_URI "tiki-adminusers\.php" "chain,id:390063,rev:1,severity:2,msg:'JITP: TikiWiki Multiple Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:numrows "(javascript|script|about|applet|activex|chrome)+.?\>"
+SecRule REQUEST_URI "tiki-searchindex\.php" "chain,id:390095,rev:1,severity:2,msg:'JITP: TikiWiki Multiple Cross-Site Scripting Vulnerabilities'"
+SecRule ARGS:highlist "(javascript|script|about|applet|activex|chrome)+.?\>"
+
+#Wordpress shell injection Vulnerability
+SecRule REQUEST_URI "/cache/user.*/.*\.php\?cmd=" "id:390064,rev:1,severity:2,msg:'JITP: Wordpress shell injection Vulnerability'"
+
+#Nucleus <= 3.22 arbitrary remote inclusion exploit
+SecRule REQUEST_URI "PLUGINADMIN\.php\?GLOBALS\[DIR_LIBS\]=((ht|f)tps?\:/|/tmp|/opt|/etc|/export|/var|/home|/usr|\.\.)" "id:390065,rev:1,severity:2,msg:'JITP: Nucleus arbitrary remote inclusion exploit'"
+
+#Horde passthru protection
+SecRule REQUEST_URI "/services/help(/)?\?(.*)?\&module=.*passthru\(.*\)" "id:390066,rev:1,severity:2,msg:'JITP: Horde passthru exploit'"
+
+#CMS-Bandits "spaw_root" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "dialogs/(img|td|table)\.php" "chain,id:390067,rev:2,severity:2,msg:'JITP: CMS-Bandits spaw_root File Inclusion Vulnerability'"
+SecRule ARGS:spaw_root "(ht|f)tps?\:/"
+
+#phpBB Blend Portal System Module "phpbb_root_path" File Inclusion
+SecRule REQUEST_URI "dialogs/(img|td)\.php" "chain,id:390068,rev:1,severity:2,msg:'JITP: phpBB Blend Portal System Module phpbb_root_path File Inclusion'"
+SecRule ARGS:phpbb_root_path "(ht|f)tps?\:/"
+
+#Admanager Pro exploit
+SecRule REQUEST_URI "common\.php" "chain,id:390069,rev:1,severity:2,msg:'JITP: Admanager Pro exploit'"
+SecRule ARGS:ipath "((ht|f)tps?\:/|\.\./)"
+
+#Bible Portal Project destination File Inclusion Vulnerability'
+SecRule REQUEST_URI "Admin/rtf_parser\.php" "chain,id:390071,rev:1,severity:2,msg:'JITP: Bible Portal Project destination File Inclusion Vulnerability'"
+SecRule ARGS:destination "((ht|f)tps?\:/|\.\./)"
+
+#Flipper Poll "root_path" File Inclusion Vulnerability
+SecRule REQUEST_URI "poll\.php" "chain,id:390072,rev:1,severity:2,msg:'JITP: Flipper Poll root_path File Inclusion Vulnerability'"
+SecRule ARGS:root_path "((ht|f)tps?\:/|\.\./)"
+
+#PictureDis Products "lang" Parameter File Inclusion Vulnerability
+SecRule REQUEST_URI "(thumstbl|wpfiles|wallpapr)\.php" "chain,id:390073,rev:1,severity:2,msg:'JITP: PictureDis Products lang Parameter File Inclusion Vulnerability'"
+SecRule ARGS:lang "((ht|f)tps?\:/|\.\./)"
+
+#Joomla and Mambo 'Weblinks' blind SQL injection / admin credentials EXPLOIT
+SecRule REQUEST_URI "index\.php" "chain,id:390074,rev:1,severity:2,msg:'JITP: Joomla/Mambo Weblinks blind SQL injection'"
+SecRule ARGS:title "(users[[:space:]]+WHERE[[:space:]]+usertype|UNION[[:space:]]+SELECT[[:space:]]+IF|insert[[:space:]]+into.+values|select.+from|bulk[[:space:]]+insert|union.+select)" chain
+SecRule ARGS:task "save"
+
+#new pattern
+SecRule REQUEST_URI "index\.php\?mod=files&action=view&where=-1+UNION+SELECT+users_nick,0,users_pwd"
+
+#phpBB Mail2Forum Module "m2f_root_path" File Inclusion
+SecRule ARGS:m2f_root_path "((ht|f)tps?\:/|\.\./)" "id:390076,rev:1,severity:2,msg:'JITP: Generic m2f_root_path File Inclusion Vulnerability'"
+
+#
+SecRule REQUEST_URI "downloads\.php" "chain,id:390077,rev:1,severity:2,msg:'JITP: Generic PHP download incddir File Inclusion Vulnerability'"
+SecRule ARGS:incdir "((ht|f)tps?\:/|\.\./)"
+
+#SiteDepth CMS "SD_DIR" Parameter Handling Remote File Inclusion Vulnerability
+SecRule REQUEST_URI "constants\.php" "chain,id:390078,rev:1,severity:2,msg:'JITP: SiteDepth CMS SD_DIR Parameter Handling Remote File Inclusion Vulnerability'"
+SecRule ARGS:SD_DIR "((ht|f)tps?\:/|\.\./)"
+
+#PhpLinkExchange "page" Parameter Handling Remote File Inclusion Vulnerability
+SecRule REQUEST_URI "index\.php" "chain,id:390079,rev:1,severity:2,msg:'JITP: PhpLinkExchange page Parameter Handling Remote File Inclusion Vulnerability'"
+SecRule ARGS:page "((ht|f)tps?\:/|\.\./)"
+
+#test for valid X-forearded header
+SecRule HTTP_X_FORWARDED_FOR "!^(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|)|unknown),?(((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|)|unknown)?" "id:390080,rev:1,severity:2,msg:'Test: Checking for valid X-Forwarded header',log,pass"
+
+#authldap
+SecRule REQUEST_URI "authldap\.php" "chain,id:390081,rev:1,severity:2,msg:'JITP: authldap Remote File Inclusion Vulnerability'"
+SecRule ARGS:includePath "((ht|f)tps?\:/|\.\./)"
+
+#honeypot
+SecRule REQUEST_URI "global_header\.php" "chain,id:390082,rev:1,severity:2,msg:'JITP: globalheader domain variable Remote File Inclusion Vulnerability'"
+SecRule ARGS:domain "((ht|f)tps?\:/|\.\./)"
+
+#Generic phpbb_root_path inclusion
+SecRule ARGS:phpbb_root_path "((ht|f)tps?:/|\.\./\.\.)" "id:390083,rev:1,severity:2,msg:'JITP: Generic phpbb_root_path variable Remote File Inclusion Vulnerability'"
+
+#Generic BBCodeFile variable remote file include
+SecRule ARGS:BBCodeFile "((ht|f)tps?:/|\.\./\.\.)" "id:390084,rev:1,severity:2,msg:'JITP: Generic BBCodeFile variable Remote File Inclusion Vulnerability'"
+
+#Generic wb_class_dir variable remote file include
+SecRule ARGS:wb_class_dir "((ht|f)tps?:/|\.\./\.\.)" "id:390085,rev:1,severity:2,msg:'JITP: Generic wb_class_dir variable Remote File Inclusion Vulnerability'"
+
+#Generic component_dir variable remote file include
+SecRule ARGS:component_dir "((ht|f)tps?:/|\.\./\.\.)" "id:390086,rev:1,severity:2,msg:'JITP: Generic component_dir variable Remote File Inclusion Vulnerability'"
+
+#Generic da_path variable remote file include
+SecRule ARGS:da_path "((ht|f)tps?:/|\.\./\.\.)" "id:390087,rev:1,severity:2,msg:'JITP: Generic da_path variable Remote File Inclusion Vulnerability'"
+
+#Generic spaw_root variable remote file include
+SecRule ARGS:spaw_root "((ht|f)tps?:/|\.\./\.\.)" "id:390088,rev:1,severity:2,msg:'JITP: Generic spaw_root variable Remote File Inclusion Vulnerability'"
+
+#Generic sitee variable remote file include
+SecRule ARGS:sitee "((ht|f)tps?:/|\.\./\.\.)" "id:390089,rev:1,severity:2,msg:'JITP: Generic sitee variable Remote File Inclusion Vulnerability'"
+
+#Generic default_path variable remote file include
+SecRule REQUEST_URI "\.php" "chain,id:390092,rev:1,severity:2,msg:'JITP: PHP default_path variable Remote File Inclusion Vulnerability'"
+SecRule ARGS:default_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#file_upload sbp remote file inclusion vuln
+SecRule REQUEST_URI "file_upload\.php" "chain,id:390090,rev:1,severity:2,msg:'JITP: file_upload sbp variable Remote File Inclusion Vulnerability'"
+SecRule ARGS:sbp "((ht|f)tps?\:/|\.\./)"
+
+#viewtopic sid remote file inclusion vuln
+SecRule REQUEST_URI "viewtopic\.php" "chain,id:390091,rev:1,severity:2,msg:'JITP: viewtopic sid variable Remote File Inclusion Vulnerability'"
+SecRule ARGS:sid "((ht|f)tps?\:/|\.\./)"
+
+#get_infochannel root_path remote file inclusion vuln
+SecRule REQUEST_URI "get_infochannel\.inc\.php" "chain,id:390093,rev:1,severity:2,msg:'JITP: get_infochannel root_path variable Remote File Inclusion Vulnerability'"
+SecRule ARGS:root_path "((ht|f)tps?\:/|\.\./)"
+
+#Generic root_path variable remote file include
+SecRule ARGS:root_path "((ht|f)tps?:/|\.\./\.\.)" "id:390094,rev:1,severity:2,msg:'JITP: Generic root_path variable Remote File Inclusion Vulnerability'"
+
+#Generic default_path variable remote file include
+SecRule REQUEST_URI "\.php" "chain,id:390096,rev:1,severity:2,msg:'JITP: PHP glConf variable Remote File Inclusion Vulnerability'"
+SecRule REQUEST_URI "glConf\[path_library\].*((ht|f)tps?:/|\.\./\.\.)"
+
+#MyNewsGroups :) "myng_root" File Inclusion Vulnerability
+SecRule REQUEST_URI "layersmenu\.inc\.php" "chain,id:390097,rev:1,severity:2,msg:'JITP: MyNewsGroups myng_root Remote File Inclusion Vulnerability'"
+SecRule ARGS:myng_root "((ht|f)tps?:/|\.\./\.\.)"
+
+#Joomla invalid arguments check
+#SecRule "joomla/" "chain,id:390098,rev:1,severity:2,msg:'JITP: Joomla invalid character Vulnerability'"
+#SecRule ARGS:from|ARGS:fromname|ARGS:subject "[\x00-\x1F\x7F]"
+
+#TikiWiki jhot.php upload exploit
+SecRule REQUEST_URI "img/wiki/" "chain,id:390099,rev:1,severity:2,msg:'JITP: TikiWiki non-image upload exploit'"
+SecRule REQUEST_URI "\.!(jpe?g|gif|png|bmp)"
+
+#pageheaderdefault sysSessionPath upload exploit
+SecRule REQUEST_URI "pageheaderdefault\.inc\.php\?" "chain,id:390100,rev:1,severity:2,msg:'JITP: pageheaderdefault sysSessionPath upload exploit'"
+SecRule REQUEST_URI "_sysSessionPath=((ht|f)tps?:/|\.\./\.\.)"
+
+#new pattern
+SecRule REQUEST_URI "\.php\?" "chain,id:390101,rev:1,severity:2,msg:'JITP: possible vulnscan6 exploit'"
+SecRule REQUEST_URI "(CONFIG_EXT\[LANGUAGES_DIR\]|dir\[inc\])=((ht|f)tps?:/|\.\./\.\.)"
+
+#Socketwiz Bookmarks "root_dir" File Inclusion Vulnerability
+SecRule REQUEST_URI "smarty_config\.php" "chain,id:390102,rev:1,severity:2,msg:'JITP: Socketwiz Bookmarks root_dir File Inclusion Vulnerability'"
+SecRule ARGS:root_dir "((ht|f)tps?:/|\.\./\.\.)"
+
+#MyABraCaDaWeb "base" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "(index|pop)\.php" "chain,id:390103,rev:1,severity:2,msg:'JITP: MyABraCaDaWeb base File Inclusion Vulnerabilities'"
+SecRule ARGS:base "((ht|f)tps?:/|\.\./\.\.)"
+
+#Vivvo Article Management CMS SQL Injection and File Inclusion
+SecRule REQUEST_URI "pdf_version\.php" "chain,id:390104,rev:1,severity:2,msg:'JITP: Vivvo Article Management CMS SQL Injection'"
+SecRule ARGS:id "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#Vivvo Article Management classified_path file inclusion
+SecRule ARGS:classified_path "((ht|f)tps?:/|\.\./\.\.)" "id:390105,rev:1,severity:2,msg:'JITP: Vivvo Article Management CMS File Inclusion'"
+
+#RaidenHTTPD "SoftParserFileXml" File Inclusion Vulnerability
+SecRule REQUEST_URI "raidenhttpd-admin/slice/check\.php" "chain,id:390106,rev:1,severity:2,msg:'JITP: RaidenHTTPD SoftParserFileXml File Inclusion Vulnerability'"
+SecRule ARGS:SoftParserFileXml "((ht|f)tps?:/|\.\./\.\.)"
+
+#mcGalleryPRO "path_to_folder" File Inclusion Vulnerability
+SecRule REQUEST_URI "random2\.php" "chain,id:390107,rev:1,severity:2,msg:'JITP: mcGalleryPRO path_to_folder File Inclusion Vulnerability'"
+SecRule ARGS:path_to_folder "((ht|f)tps?:/|\.\./\.\.)"
+
+#Timesheet PHP "username" Parameter SQL Injection
+SecRule REQUEST_URI "username\.php" "chain,id:390108,rev:1,severity:2,msg:'JITP: Timesheet PHP username Parameter SQL Injection'"
+SecRule ARGS:username "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+
+#CCleague Pro "language" Parameter Local File Inclusion
+SecRule ARGS:language "((ht|f)tps?:/|\.\./\.\.)" "id:390109,rev:1,severity:2,msg:'JITP: CCleague Pro language Parameter Local File Inclusion'"
+
+#TWiki "filename" Parameter Disclosure of Sensitive Information
+SecRule REQUEST_URI "/TWiki/" "chain,id:390110,rev:1,severity:2,msg:'JITP: TWiki filename Parameter Disclosure of Sensitive Information'"
+SecRule ARGS:filename "\.\./\.\."
+
+#photokorn "dir_path" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "(includes/cart\.inc\.php|extras/ext_cat\.php)" "chain,id:390111,rev:1,severity:2,msg:'JITP: photokorn dir_path File Inclusion Vulnerabilities'"
+SecRule ARGS:dir_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#Somery "skindir" File Inclusion Vulnerability
+SecRule REQUEST_URI "admin/system/include\.php" "chain,id:390112,rev:1,severity:2,msg:'JITP: Somery skindir File Inclusion Vulnerability'"
+SecRule ARGS:skindir "((ht|f)tps?:/|\.\./\.\.)"
+
+#DokuWiki "TARGET_FN" Directory Traversal Vulnerability
+SecRule REQUEST_URI "bin/dwpage\.php" "chain,id:390113,rev:1,severity:2,msg:'JITP: DokuWiki TARGET_FN Directory Traversal Vulnerability'"
+SecRule ARGS:TARGET_FN "((ht|f)tps?:/|\.\./\.\.)"
+
+#Fantastic News "CONFIG[script_path]" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "(archive|headlines)\.php" "chain,id:390114,rev:1,severity:2,msg:'JITP: Fantastic News CONFIG[script_path] File Inclusion Vulnerabilities'"
+SecRule REQUEST_URI "CONFIG\[script_path\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#BP News "bnrep" File Inclusion Vulnerability
+SecRule REQUEST_URI "bp_ncom\.php" "chain,id:390115,rev:1,severity:2,msg:'JITP: BP News bnrep File Inclusion Vulnerability'"
+SecRule ARGS:bnrep "((ht|f)tps?:/|\.\./\.\.)"
+
+#Akarru Social BookMarking Engine "bm_content" File Inclusion
+SecRule REQUEST_URI "akarru\.gui/main_content\.php" "chain,id:390116,rev:1,severity:2,msg:'JITP: Akarru Social BookMarking Engine bm_content File Inclusion'"
+SecRule ARGS:bm_content "((ht|f)tps?:/|\.\./\.\.)"
+
+#Beautifier "BEAUT_PATH" Parameter File Inclusion Vulnerability
+#phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability
+SecRule REQUEST_URI "Beautifier/Core\.php" "chain,id:390117,rev:1,severity:2,msg:'JITP: Beautifier BEAUT_PATH Parameter File Inclusion Vulnerability'"
+SecRule ARGS:BEAUT_PATH "((ht|f)tps?:/|\.\./\.\.)"
+
+#phpFullAnnu "repmod" File Inclusion Vulnerability
+SecRule REQUEST_URI "modules/home\.module\.php" "chain,id:390118,rev:1,severity:2,msg:'JITP: phpFullAnnu repmod File Inclusion Vulnerability'"
+SecRule ARGS:repmod "((ht|f)tps?:/|\.\./\.\.)"
+
+#Sponge News "sndir" File Inclusion Vulnerability
+SecRule REQUEST_URI "news\.php" "chain,id:390119,rev:1,severity:2,msg:'JITP: Sponge News sndir File Inclusion Vulnerability'"
+SecRule ARGS:sndir "((ht|f)tps?:/|\.\./\.\.)"
+
+#ACGV News "PathNews" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "\.php\?" "chain,id:390120,rev:1,severity:2,msg:'JITP: ACGV News PathNews File Inclusion Vulnerabilities'"
+SecRule ARGS:PathNews "((ht|f)tps?:/|\.\./\.\.)"
+
+#MySpeach "my_ms[root]" Parameter File Inclusion Vulnerability
+SecRule REQUEST_URI "jscript\.php\?" "chain,id:390121,rev:1,severity:2,msg:'JITP: MySpeach my_ms[root] Parameter File Inclusion Vulnerability'"
+SecRule REQUEST_URI "my_ms\[root\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#annoncesV "page" Parameter File Inclusion Vulnerability
+SecRule REQUEST_URI "annonce\.php\?" "chain,id:390122,rev:1,severity:2,msg:'JITP: annoncesV page Parameter File Inclusion Vulnerability'"
+SecRule ARGS:page "((ht|f)tps?:/|\.\./\.\.)"
+
+#GrapAgenda "page" File Inclusion Vulnerability
+SecRule REQUEST_URI "index\.php\?" "chain,id:390123,rev:1,severity:2,msg:'JITP: GrapAgenda page File Inclusion Vulnerability'"
+SecRule ARGS:page "((ht|f)tps?:/|\.\./\.\.)"
+
+#C-News "path" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "/affichage/.*\.php\?" "chain,id:390124,rev:1,severity:2,msg:'JITP: C-News path File Inclusion Vulnerabilities'"
+SecRule ARGS:path "((ht|f)tps?:/|\.\./\.\.)"
+
+#PhpCommander "Directory" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "download\.php\?" "chain,id:390125,rev:1,severity:2,msg:'JITP: PhpCommander Directory Local File Inclusion Vulnerability'"
+SecRule ARGS:Directory "((ht|f)tps?:/|\.\./\.\.)"
+
+#dyncms "x_admindir" File Inclusion Vulnerability
+SecRule REQUEST_URI "0_admin/modules/Wochenkarte/frontend/index\.php" "chain,id:390126,rev:1,severity:2,msg:'JITP: dyncms x_admindir File Inclusion Vulnerability'"
+SecRule ARGS:x_admindir "((ht|f)tps?:/|\.\./\.\.)"
+
+#MyBace Light Skript File Inclusion Vulnerabilities
+SecRule REQUEST_URI "includes/login_check\.php" "chain,id:390127,rev:1,severity:2,msg:'JITP: MyBace Light Skript File Inclusion Vulnerabilities'"
+SecRule ARGS:hauptverzeichniss "((ht|f)tps?:/|\.\./\.\.)"
+SecRule REQUEST_URI "dmin/login/content/user_daten\.php" "chain,id:390128,rev:1,severity:2,msg:'JITP: MyBace Light Skript File Inclusion Vulnerabilities'"
+SecRule ARGS:template_back "((ht|f)tps?:/|\.\./\.\.)"
+
+#YACS "context[path_to_root]" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "\.php" "chain,id:390129,rev:1,severity:2,msg:'JITP: YACS context[path_to_root] File Inclusion Vulnerabilities'"
+SecRule REQUEST_URI "context\[path_to_root\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#Pheap "lpref" File Inclusion Vulnerability
+SecRule REQUEST_URI "lib/config\.php" "chain,id:390130,rev:1,severity:2,msg:'JITP: Pheap lpref File Inclusion Vulnerability'"
+SecRule ARGS:lpref "((ht|f)tps?:/|\.\./\.\.)"
+
+#phpECard "include_path" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "functions\.php" "chain,id:390131,rev:1,severity:2,msg:'JITP: phpECard include_path File Inclusion Vulnerabilities'"
+SecRule ARGS:include_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#MiniBill "config[include_dir]" Parameter File Inclusion
+SecRule REQUEST_URI "actions/ipn\.php" "chain,id:390132,rev:1,severity:2,msg:'JITP: MiniBill config[include_dir] File Inclusion Vulnerabilities'"
+SecRule REQUEST_URI "config\[include_dir\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#phpGroupWare Local File Inclusion Vulnerability
+SecRule REQUEST_URI "alendar/inc/class.holidaycalc\.inc\.php" "chain,id:390133,rev:1,severity:2,msg:'JITP: phpGroupWare Local File Inclusion Vulnerabilities'"
+SecRule REQUEST_URI "phpgw_info\[user\]\[preferences\]\[common\]\[country\]=\.\./\.\."
+
+#ExBB Italia "exbb[home_path]" File Inclusion Vulnerability
+SecRule REQUEST_URI "modules/userstop/userstop\.php" "chain,id:390134,rev:1,severity:2,msg:'JITP: ExBB Italia exbb[home_path] File Inclusion Vulnerability'"
+SecRule REQUEST_URI "exbb\[home_path\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#Web3news "PHPSECURITYADMIN_PATH" File Inclusion
+SecRule REQUEST_URI "security/include/_class\.security\.php" "chain,id:390135,rev:1,severity:2,msg:'JITP: Web3news PHPSECURITYADMIN_PATH File Inclusion Vulnerabilities'"
+SecRule ARGS:PHPSECURITYADMIN_PATH "((ht|f)tps?:/|\.\./\.\.)"
+
+#phpCOIN "_CCFG[_PKG_PATH_INCL]" File Inclusion
+SecRule REQUEST_URI "\.php\?" "chain,id:390136,rev:1,severity:2,msg:'JITP: phpCOIN _CCFG[_PKG_PATH_INCL] File Inclusion'"
+SecRule REQUEST_URI "_CCFG\[_PKG_PATH_INCL\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#Wikepage "lng" Local File Inclusion Vulnerability
+SecRule REQUEST_URI "index\.php" "chain,id:390137,rev:1,severity:2,msg:'JITP: Wikepage lng Local File Inclusion Vulnerability'"
+SecRule ARGS:lng "((ht|f)tps?:/|\.\./\.\.)"
+
+#Empire CMS "check_path" File Inclusion Vulnerability
+SecRule REQUEST_URI "e/class/CheckLevel\.php" "chain,id:390138,rev:1,severity:2,msg:'JITP: Empire CMS check_path File Inclusion Vulnerability'"
+SecRule ARGS:check_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#Dolphin "dir[inc]" File Inclusion Vulnerability
+SecRule REQUEST_URI "templates/tmpl_dfl/scripts/index.php" "chain,id:390139,rev:1,severity:2,msg:'JITP: Dolphin dir[inc] File Inclusion Vulnerability'"
+SecRule REQUEST_URI "dir\[inc\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#SportsPHool "mainnav" File Inclusion Vulnerability
+SecRule REQUEST_URI "includes/layout/plain\.footer\.php" "chain,id:390140,rev:1,severity:2,msg:'JITP: SportsPHool mainnav File Inclusion Vulnerability'"
+SecRule ARGS:mainnav "((ht|f)tps?:/|\.\./\.\.)"
+
+#NES Game & NES System "phphtmllib" File Inclusion
+SecRule REQUEST_URI "\.php\?" "chain,id:390141,rev:1,severity:2,msg:'JITP: NES Game & NES System phphtmllib File Inclusion'"
+SecRule ARGS:phphtmllib "((ht|f)tps?:/|\.\./\.\.)"
+
+#PHlyMail Lite "_PM_[path][handler]" File Inclusion Vulnerability
+SecRule REQUEST_URI "handlers/email/mod.listmail.php" "chain,id:390142,rev:1,severity:2,msg:'JITP: PHlyMail Lite _PM_[path][handler] File Inclusion Vulnerability'"
+SecRule REQUEST_URI "_PM_\[path\]\[handler\]=((ht|f)tps?:/|\.\./\.\.)"
+
+#Sonium Enterprise Adressbook "folder" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "/plugins/(1_Adressbuch/new|2_Branchen/edit|3_Typ/delete)\.php\?" "chain,id:390143,rev:1,severity:2,msg:'JITP: Sonium Enterprise Adressbook folder File Inclusion Vulnerabilities'"
+SecRule ARGS:folder "((ht|f)tps?:/|\.\./\.\.)"
+
+#ff_compath remote file inclusion
+SecRule ARGS:ff_compath "((ht|f)tps?:/|\.\./\.\.)" "id:390150,rev:1,severity:2,msg:'JITP: ff_compath File Inclusion Vulnerabilities'"
+
+#phpBB "avatar_path" PHP Code Execution Vulnerability
+SecRule REQUEST_URI "/admin/admin_board\.php\?" "chain,id:390151,rev:1,severity:2,msg:'JITP: phpBB avatar_path PHP Code Execution Vulnerability'"
+SecRule ARGS:avatar_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#phpMyProfiler "pmp_rel_path" File Inclusion Vulnerability
+SecRule REQUEST_URI "/functions\.php\?" "chain,id:390152,rev:1,severity:2,msg:'JITP: phpMyProfiler pmp_rel_path File Inclusion Vulnerability'"
+SecRule ARGS:pmp_rel_path "((ht|f)tps?:/|\.\./\.\.)"
+
+#Servlet auth attack
+SecRule REQUEST_URI "/servlet/admin\?category=server\&method=listAll\&Authorization" "id:390153,rev:1,severity:2,msg:'JITP: Servlet Auth exposure Vulnerability'"
+
+#Eazy Cart Multiple Vulnerabilities
+SecRule REQUEST_URI "easycart\.php" "chain,id:390154,rev:1,severity:2,msg:'JITP: Eazy Cart SQL injection'"
+SecRule ARGS:price "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM)"
+SecRule REQUEST_URI "admin/config/customer\.dat" "id:390155,rev:1,severity:2,msg:'JITP: Eazy Cart Customer Data Access'"
+SecRule REQUEST_URI "easycart\.php" "chain,id:390156,rev:1,severity:2,msg:'JITP: Eazy Cart XSS ATTACK'"
+SecRule ARGS "<[[:space:]]*(script|about|applet|activex|chrome).*(script|about|applet|activex|chrome)[[:space:]]*>"
+
+#WebYep "webyep_sIncludePath" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "webyep-system/program/((lib|elements)/|webyep\.php)" "chain,id:390157,rev:1,severity:2,msg:'JITP: WebYep webyep_sIncludePath File Inclusion Vulnerabilities'"
+SecRule ARGS:webyep_sIncludePath "((ht|f)tps?:/|\.\./\.\.)"
+
+#Travelsized CMS "setup_folder" File Inclusion Vulnerability
+SecRule REQUEST_URI "frontpage\.php" "chain,id:390158,rev:1,severity:2,msg:'JITP: Travelsized CMS setup_folder File Inclusion Vulnerabilities'"
+SecRule ARGS:setup_folder "((ht|f)tps?:/|\.\./\.\.)"
+
+#VideoDB "config[pdf_module]" File Inclusion Vulnerability
+SecRule REQUEST_URI "core/pdf\.php" "chain,id:390159,rev:1,severity:2,msg:'JITP: VideoDB File Inclusion Vulnerabilities'"
+SecRule REQUEST_URI "config\[pdf_module\].*((ht|f)tps?:/|\.\./\.\.)"
+
+#AllMyGuests "_AMGconfig[cfg_serverpath]" File Inclusion
+SecRule REQUEST_URI "signin\.php" "chain,id:390160,rev:1,severity:2,msg:'JITP: AllMyGuests File Inclusion Vulnerabilities'"
+SecRule REQUEST_URI "_AMGconfig\[cfg_serverpath\].*((ht|f)tps?:/|\.\./\.\.)"
+
+#OpenBiblio Local File Inclusion and SQL Injection
+SecRule REQUEST_URI "shared/(header|help)\.php" "chain,id:390161,rev:1,severity:2,msg:'JITP: OpenBiblio File Inclusion Vulnerabilities'"
+SecRule ARGS "(((ht|f)tps?:/|\.\./\.\.)|((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|\'|UNION.*SELECT.*FROM))"
+
+#BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities
+SecRule REQUEST_URI "\.php" "chain,id:390162,rev:1,severity:2,msg:'JITP: BasiliX BSX_LIBDIR File Inclusion Vulnerabilities'"
+SecRule ARGS:BSX_LIBDIR "((ht|f)tps?:/|\.\./\.\.)"
+
+#PowerPortal "file_name[]" File Inclusion Vulnerability
+SecRule REQUEST_URI "index\.php" "chain,id:390163,rev:1,severity:2,msg:'JITP: Powerportal File Inclusion Vulnerabilities'"
+SecRule REQUEST_URI "file_name\[\].*((ht|f)tps?:/|\.\./\.\.)"
+
+#DeluxeBB "templatefolder" File Inclusion Vulnerability
+SecRule REQUEST_URI "/templates/.*/.*/.*\.php" "chain,id:390164,rev:1,severity:2,msg:'JITP: DeluxeBB teplatefolder File Inclusion Vulnerabilities'"
+SecRule ARGS:templatefolder "((ht|f)tps?:/|\.\./\.\.)"
+
+#TagIt! Tagboard "page" File Inclusion Vulnerability
+SecRule REQUEST_URI "/index\.php" "chain,id:390165,rev:1,severity:2,msg:'JITP: Tagit page File Inclusion Vulnerabilities'"
+SecRule ARGS:page "(ht|f)tps?:/"
diff --git a/config/apache_mod_security/rules/recons.conf b/config/apache_mod_security/rules/recons.conf
new file mode 100644
index 00000000..1ccbd61b
--- /dev/null
+++ b/config/apache_mod_security/rules/recons.conf
@@ -0,0 +1,52 @@
+# http://www.gotroot.com/mod_security+rules
+# Gotroot.com ModSecurity rules
+# Search Engine Recon/Google Hacks Security Rules for modsec 2.x
+# NOTICE: THESE RULES ARE OBSOLETE AND ARE NO LONGER SUPPORTED
+# Visit http://www.gotroot.com to download supported rules
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/recons.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Version: N-20061022-01
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+# Note: For modsecurity 2.x and above only
+
+SecRule HTTP_Referer "Powered by Gravity Board" "id:350000,rev:1,severity:2,msg:'Gravity Board Google Recon attempt'"
+SecRule HTTP_Referer "Powered by SilverNews" "id:350001,rev:1,severity:2,msg:'SilverNews Google Recon attempt'"
+SecRule HTTP_Referer "Powered.*PHPBB.*2\.0\.\ inurl\:" "id:350002,rev:1,severity:2,msg:'PHPBB 2.0 Google Recon attempt'"
+SecRule HTTP_Referer "PHPFreeNews inurl\:Admin\.php" "id:350003,rev:1,severity:2,msg:'PHPFreeNews Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*/cgi-bin/query" "id:350004,rev:1,severity:2,msg:'/cgi-bin/guery Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*tiki-edit_submission\.php" "id:350005,rev:1,severity:2,msg:'tiki-edit Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*wps_shop\.cgi" "id:350006,rev:1,severity:2,msg:'wps_shop.cgi Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*edit_blog\.php.*filetype\:php" "id:350007,rev:1,severity:2,msg:'edit_blog.php Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*passwd.txt.*wwwboard.*webadmin" "id:350008,rev:1,severity:2,msg:'passwd.txt Google Recon attempt'"
+SecRule HTTP_Referer "inurl.*admin\.mdb" "id:350008,rev:1,severity:2,msg:'admin.mdb Google Recon attempt'"
+SecRule HTTP_Referer "filetype:sql \x28\x22passwd values.*password values.*pass values"
+SecRule HTTP_Referer "filetype.*blt.*buddylist"
+SecRule HTTP_Referer "File Upload Manager v1\.3.*rename to"
+SecRule HTTP_Referer "filetype\x3Aphp HAXPLORER .*Server Files Browser"
+SecRule HTTP_Referer "inurl.*passlist\.txt"
+SecRule HTTP_Referer "wwwboard WebAdmininurl\x3Apasswd\.txt wwwboard\x7Cwebadmin"
+SecRule HTTP_Referer "Enter ip.*inurl\x3A\x22php-ping\.php\x22"
+SecRule HTTP_Referer "intitle\.*PHP Shell.*Enable stderr.*filetype\.php"
+SecRule HTTP_Referer "inurl\.*install.*install\.php"
+SecRule HTTP_Referer "Powered by PHPFM.*filetype\.php -username"
+SecRule HTTP_Referer "inurl\.*phpSysInfo.*created by phpsysinfo"
+SecRule HTTP_Referer "SquirrelMail version 1\.4\.4.*inurl:src ext\.php"
+SecRule HTTP_Referer "inurl\.*webutil\.pl"
diff --git a/config/apache_mod_security/rules/rootkits.conf b/config/apache_mod_security/rules/rootkits.conf
new file mode 100644
index 00000000..6c460c7c
--- /dev/null
+++ b/config/apache_mod_security/rules/rootkits.conf
@@ -0,0 +1,184 @@
+# http://www.gotroot.com/mod_security+rules
+# Known rootkits, remote toolkits, etc. signatures for modsec 2.x
+# NOTICE: THESE RULES ARE OBSOLETE AND ARE NO LONGER SUPPORTED
+# Visit http://www.gotroot.com to download supported rules
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/rootkits.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# modsecurity is a trademark of Thinking Stone, Ltd.
+#
+# Version: N-20061022-01
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+SecRule REQUEST_URI "!(horde/services/go\.php)" "chain,id:390144,rev:1,severity:2,msg:'Rootkit attack: Generic Attempt to install rootkit'"
+SecRule REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\x20?\?"
+SecRule REQUEST_URI "!(horde/services/go\.php)" "chain,id:390145,rev:1,severity:2,msg:'Rootkit attack: Generic Attempt to install rootkit'"
+SecRule REQUEST_URI "=(http|www|ftp)\:/(.+)\.(c|dat|kek|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|asp)\?"
+
+SecRule REQUEST_URI "/(cse|cmd)\.(c|dat|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|php|asp)\?"
+SecRule REQUEST_URI|REQUEST_BODY "/(cse|cmd)\.(c|dat|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|html?|tmp|php|asp) "
+SecRule REQUEST_URI "/terminatorX-exp.*\.(gif|jpe?g|txt|bmp|php|png)\?"
+SecRule REQUEST_URI "/\.it/viewde"
+SecRule REQUEST_URI "/cmd\?&(command|cmd)="
+SecRule REQUEST_URI "/cmd\.php\.ns\?&(command|cmd)="
+SecRule REQUEST_URI "/cmd\.(php|dat)\?&(command|cmd)="
+SecRule REQUEST_URI "/(a|ijoo|oinc|s|sep|pro18|shell|(o|0|p)wn(e|3)d)\.(c|dat|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|htm|html|tmp|php|asp).\?&(cmd|command)="
+SecRule REQUEST_URI "/(new(cmd|command)|(cmd|command)[0-9]+|pro18|shell|sh|bash|get|root|spy|nmap|asc|lila)\.(c|dat|gif|jpe?g|jpeg|png|sh|txt|bmp|dat|txt|js|htm|html|tmp|php|asp)\?"
+SecRule REQUEST_URI "/[a-z]?(cmd|command)[0-9]?\.(gif|jpe?g|txt|bmp|png)\?"
+SecRule REQUEST_URI "/(gif|jpe?g|ion|lala|shell|phpshell)\.ph(p(3|4)?|tml)\?"
+SecRule REQUEST_URI "/tool[12][0-9]?\.(ph(p(3|4)?|tml)|js)\?"
+
+#Known rootkits
+SecRule REQUEST_URI|REQUEST_BODY "perl (xpl\.pl|kut|viewde|httpd\.txt)"
+SecRule REQUEST_URI|REQUEST_BODY "\./xkernel\;"
+SecRule REQUEST_URI|REQUEST_BODY "/kaiten\.c"
+SecRule REQUEST_URI|REQUEST_BODY "/mampus\?&(cmd|command)"
+
+#Generic remote perl execution with .pl extension
+SecRule REQUEST_URI "perl .*\.pl(\s|\t)*\;"
+SecRule REQUEST_URI "\;(\s|\t)*perl .*\.pl"
+
+#Known rootkit Defacing Tool 2.0
+SecRule REQUEST_URI "/tool(12)?[0-9]?\.(d(ao)t|gif|jpe?g|bmp|txt|png|asp)\?&?(cmd|command)="
+SecRule REQUEST_URI "/tool\.(d(ao)t|gif|jpe?g|bmp|txt|png|asp)\?&?(cmd|command)="
+SecRule REQUEST_URI "/tool25\.(d(ao)t|gif|jpe?g|bmp|txt|png|asp)\?&?(cmd|command)="
+SecRule REQUEST_URI "/therules25\.(d(ao)t|gif|jpe?g|bmp|txt|png|asp)\?&?(cmd|command)="
+
+#other known tools
+SecRule REQUEST_URI "/xpl\.php\?&(cmd|command)="
+SecRule REQUEST_URI "/(ssh2?|sfdg2)\.php"
+
+#New kit
+SecRule REQUEST_URI|REQUEST_BODY "/\.dump/(bash|httpd)(\;|\w)"
+SecRule REQUEST_URI|REQUEST_BODY "/\.dump/(bash|httpd)\.(txt|php|gif|jpe?g|dat|bmp|png)(\;|\w)"
+
+#new kir
+SecRule REQUEST_URI "/dblib\.php\?&(cmd|command)="
+
+#suntzu
+SecRule REQUEST_URI|REQUEST_BODY|HTTP_Content-Disposition "/(suntzu.*|suntzu)\.php\?cmd="
+
+#proxysx.gif?
+SecRule REQUEST_URI|REQUEST_BODY "/proxysx\.(gif|jpe?g|bmp|txt|asp|png)\?"
+
+#phpbackdoor
+SecRule REQUEST_URI|REQUEST_BODY "/(phpbackdoor|phpbackdoor.*)\.php\?cmd="
+
+#new unknown kit
+SecRule REQUEST_URI "/oops?&"
+
+# known PHP attack shells
+#value of these sigs, pretty low, but here to catch
+# any lose threads, honeypoting, etc.
+SecRule REQUEST_URI|REQUEST_BODY "wiki_up/.*\.(php(3|4)?|tml|cgi|sh)"
+SecRule REQUEST_URI|REQUEST_BODY "(wiki_up|temp)/(gif|ion|jpe?g|lala)\.ph(p(3|4)?|tml)"
+SecRule REQUEST_URI|REQUEST_BODY "/(too20|phpshell|shell)\.ph(p(3|4)?|tml)"
+SecRule REQUEST_URI "/phpterm"
+
+#Frantastico worm
+SecRule REQUEST_URI|REQUEST_BODY "(netenberg |psybnc |fantastico_de_luxe |arta\.zip )"
+
+#new unknown kits
+SecRule REQUEST_URI "/iblis\.htm\?"
+SecRule REQUEST_URI "/gif\.gif\?"
+SecRule REQUEST_URI "/go\.php\.txt\?"
+SecRule REQUEST_URI "/sh[0-9]\.(gif|jpe?g|txt|bmp|png)\?"
+SecRule REQUEST_URI "/iys\.(gif|jpe?g|txt|bmp|png)\?"
+SecRule REQUEST_URI "/shell[0-9]\.(gif|jpe?g|txt|bmp|png)\?"
+SecRule REQUEST_URI "/zehir\.asp"
+SecRule REQUEST_URI "/aflast\.txt\?"
+SecRule REQUEST_URI "/sikat\.txt\?&cmd"
+SecRule REQUEST_URI "/t\.gif\?"
+SecRule REQUEST_URI "/phpbb_patch\?&"
+SecRule REQUEST_URI "/phpbb2_patch\?&"
+SecRule REQUEST_URI "/lukka\?&"
+
+#new kit
+SecRule REQUEST_URI "/c99shell\.txt"
+SecRule REQUEST_URI "/c99\.txt\?"
+
+#remote bash shell
+SecRule REQUEST_URI "/shell\.php\&cmd="
+SecRule ARGS "/shell\.php\&cmd="
+
+#zencart exploit
+SecRule REQUEST_URI "/ipn\.php\?cmd="
+
+#new pattern
+SecRule REQUEST_URI "btn_lists\.(gif|jpe?g|txt|bmp|png)\?"
+SecRule REQUEST_URI "dsoul/tool\?"
+
+#generic suntzu payload
+SecRule REQUEST_URI|REQUEST_BODY "HiMaster\!\<\?php system\("
+SecRule REQUEST_URI|REQUEST_BODY "error_reporting\(.*\)\;if\(isset\(.*\)\)\{system"
+SecRule REQUEST_URI "help_text_vars\.php\?suntzu="
+
+#25dec new one
+SecRule REQUEST_URI "anggands\.(gif|jpe?g|txt|bmp|png)\?"
+
+#26dec new kit
+SecRule REQUEST_URI "newfile[0-9]\.(gif|jpe?g|txt|bmp|png)\?"
+SecRule REQUEST_URI "/vsf\.vsf\?&"
+
+#27dec
+SecRule REQUEST_URI "/scan1\.0/scan/"
+SecRule REQUEST_URI "test\.txt\?&"
+
+#30dec
+SecRule REQUEST_URI "\.k4ka\.txt\?"
+#31dec
+SecRule REQUEST_URI "/php\.txt\?"
+
+#1 jan
+SecRule REQUEST_URI "/sql\.txt\?"
+SecRule REQUEST_URI "bind\.(gif|jpe?g|txt|bmp|png)\?"
+
+#22feb
+SecRule REQUEST_URI "/juax\.(gif|jpe?g|txt|bmp|png)\?"
+SecRule REQUEST_URI "/linuxdaybot/\.(gif|jpe?g|txt|bmp|png)\?"
+
+#24mar
+SecRule REQUEST_URI "/docLib/cmd\.asp"
+SecRule REQUEST_URI "\.asp\?pageName=AppFileExplorer"
+SecRule REQUEST_URI "\.asp\?.*showUpload&thePath="
+SecRule REQUEST_URI "\.asp\?.*theAct=inject&thePath="
+
+#some broken attack program
+SecRule REQUEST_URI|REQUEST_BODY "PUT /.*_@@RNDSTR@@"
+SecRule REQUEST_URI|REQUEST_BODY "trojan\.htm"
+
+SecRule REQUEST_URI "/r57en\.php"
+
+#c99 rootshell
+SecRule REQUEST_URI "\.php\?act=(chmod&f|cmd|f&f=|ls|img&img=)"
+
+#generic shell
+SecRule REQUEST_URI "shell\.txt"
+
+#bad scanner
+SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind"
+
+#wormsign
+SecRule REQUEST_BODY "((stripslashes|passthru)\(\$_REQUEST\[\"|if \(get_magic_quotes_gpc\()"
+
+#New SEL attack seen
+SecRule REQUEST_URI|REQUEST_BODY "select.*from.*information_schema\.tables"
+
+#New SQL attack seen
+SecRule REQUEST_URI "and.+char\(.*\).+user.+char\(.*\)"
diff --git a/config/apache_mod_security/rules/useragents.conf b/config/apache_mod_security/rules/useragents.conf
new file mode 100644
index 00000000..50991af0
--- /dev/null
+++ b/config/apache_mod_security/rules/useragents.conf
@@ -0,0 +1,232 @@
+# http://www.gotroot.com/mod_security+rules
+# Gotroot.com ModSecurity rules
+# User Agent Security Rules for modsec 2.x
+# NOTICE: THESE RULES ARE OBSOLETE AND ARE NO LONGER SUPPORTED
+# Visit http://www.gotroot.com to download supported rules
+
+#
+# Download from: http://www.gotroot.com/downloads/ftp/mod_security/2.0/useragents.conf
+#
+# Created by Michael Shinn of the Prometheus Group (http://www.prometheus-group.com)
+# Copyright 2005 and 2006 by the Michael Shinn and the Prometheus Group, all rights reserved.
+# Redistribution is strictly prohibited in any form, including whole or in part.
+#
+# Version: N-20061022-01
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+# THE POSSIBILITY OF SUCH DAMAGE.
+
+
+#Comment spam header line
+SecRule REQUEST_HEADERS "x-aaaaaa.*"
+SecRule REQUEST_BODY "X-AAAAAA.*"
+
+#check for bad meta characters in User-Agent field
+#SecRule HTTP_User-Agent ".*\'"
+
+#XSS in the UA field
+SecRule HTTP_User-Agent "<(.|\s|\n)?(script|about|applet|activex|chrome|object)(.|\s|\n)?>.*<(.|\s|\n)?(script|about|applet|activex|chrome|object)"
+
+#PHP code injection attack
+SecRule HTTP_User-Agent "(<\?php|<[[:space:]]*\?[[:space:]]*php)"
+SecRule HTTP_User-Agent ".*HTTP_GET_VARS"
+
+#recursion attack in UA field
+SecRule HTTP_User-Agent "\.\./\.\."
+
+#May cause false positives with some software, comment out if it does
+#SecRule REMOTE_ADDR "!^127\.0\.0\.1$" "chain,id:390000,rev:1,severity:1,msg:'Suspicious Automated or Manual Request'"
+#SecRule "HTTP_User-Agent|HTTP_HOST|HTTP_Accept" "^$"
+
+#Exploit agent
+SecRule HTTP_User-Agent "Mosiac 1\.*"
+
+#Bad agent
+SecRule HTTP_User-Agent "Brutus/AET"
+
+#CGI vuln scan tool
+SecRule HTTP_User-Agent cgichk
+SecRule HTTP_User-Agent "DataCha0s/2\.0"
+
+#Damn fine UA
+SecRule HTTP_User-Agent ".*THIS IS AN EXPLOIT*"
+SecRule HTTP_User-Agent "Morzilla"
+
+#CIRT.DK Webroot auditing tool
+SecRule HTTP_User-Agent ".*WebRoot "
+
+#Exploit UA
+SecRule HTTP_User-Agent ".*T H A T \' S G O T T A H U R T*"
+
+#XML RPC exploit tool
+SecRule HTTP_User-Agent "xmlrpc exploit*"
+
+#A friendly little exploit banner for a WP vuln
+SecRule HTTP_User-Agent "Wordpress Hash Grabber"
+
+#Blocks scripts
+SecRule HTTP_User-Agent lwp
+
+#Web leaches
+SecRule HTTP_User-Agent "Web Downloader"
+SecRule HTTP_User-Agent WebZIP
+SecRule HTTP_User-Agent WebCopier
+SecRule HTTP_User-Agent Webster
+SecRule HTTP_User-Agent WebZIP
+SecRule HTTP_User-Agent WebStripper
+SecRule HTTP_User-Agent "teleport pro"
+SecRule HTTP_User-Agent combine
+SecRule HTTP_User-Agent "Black Hole"
+SecRule HTTP_User-Agent "SiteSnagger"
+SecRule HTTP_User-Agent "ProWebWalker"
+SecRule HTTP_User-Agent "CheeseBot"
+
+#Bogus Mozilla UA lines
+SecRule HTTP_User-Agent "Mozilla/(4|5)\.0$"
+SecRule HTTP_User-Agent "Mozilla/3\.Mozilla/2\.01$"
+
+#Bogus IE UA line
+SecRule HTTP_User-Agent "Microsoft Internet Explorer/5\.0$"
+
+#Bogus UA
+SecRule HTTP_User-Agent "FooBar/42"
+
+#Nessus Vuln scanner UA
+SecRule HTTP_User-Agent "Mozilla.*Nessus"
+
+#Nikto vuln scanner UA
+SecRule HTTP_User-Agent ".*Nikto"
+
+#BAd/Bogus UAs
+SecRule HTTP_User-Agent "Indy Library"
+SecRule HTTP_User-Agent "Faxobot"
+SecRule HTTP_User-Agent ".*SAFEXPLORER TL"
+
+#Spam spinder UAs
+SecRule HTTP_User-Agent ".*fantomBrowser"
+SecRule HTTP_User-Agent ".*fantomCrew Browser"
+
+#VB development library used by many spammers, might block legite VBscripts
+#comment out if you have problems
+SecRule HTTP_User-Agent "Crescent Internet ToolPak"
+
+#Borland Delphi signature, as above, comment out if it gives you problems
+#spammers sometimes use these UAs
+SecRule HTTP_User-Agent "NEWT ActiveX\; Win32"
+SecRule HTTP_User-Agent "Mozilla.*NEWT"
+
+#Part of the Microsoft MSINET.OCX, as above, spammers sometimes use this, if
+#it causes problems, comment out. If you are a member of the Microsoft Site
+#Builder Network, you probably do NOT want to block this ID.
+#SecRule HTTP_User-Agent "Microsoft URL Control"
+#SecRule HTTP_User-Agent "^Microsoft URL"
+
+#e-mail collectors and spammers
+SecRule HTTP_User-Agent "WebBandit"
+SecRule HTTP_User-Agent "WEBMOLE"
+SecRule HTTP_User-Agent "Telesoft*"
+SecRule HTTP_User-Agent "WebEMailExtractor"
+SecRule HTTP_User-Agent "CherryPicker*"
+SecRule HTTP_User-Agent NICErsPRO
+SecRule HTTP_User-Agent "Advanced Email Extractor*"
+SecRule HTTP_User-Agent EmailSiphon
+SecRule HTTP_User-Agent Extractorpro
+SecRule HTTP_User-Agent webbandit
+SecRule HTTP_User-Agent EmailCollector
+SecRule HTTP_User-Agent "WebEMailExtrac*"
+SecRule HTTP_User-Agent EmailWolf
+
+#Spiders that eat up bandwidth for their customers
+#Not a spammer, just a spider, comment out if you like
+SecRule HTTP_User-Agent "CopyRightCheck"
+SecRule HTTP_User-Agent "CopyGuard"
+SecRule HTTP_User-Agent "Digimarc WebReader"
+
+#MArketing spiders
+SecRule HTTP_User-Agent "Zeus .*Webster Pro*"
+
+#Poker spam
+SecRule HTTP_User-Agent "8484 Boston Project"
+
+#collectors
+SecRule HTTP_User-Agent "autoemailspider"
+SecRule HTTP_User-Agent "ecollector"
+SecRule HTTP_User-Agent "grub crawler"
+
+#referrer spam, not the real weblogs
+SecRule HTTP_User-Agent "^www\.weblogs\.com"
+
+#spam bots
+SecRule HTTP_User-Agent "DTS Agent"
+SecRule HTTP_User-Agent "POE-Component-Client"
+SecRule HTTP_User-Agent "WISEbot"
+SecRule HTTP_User-Agent "^Shockwave Flash"
+SecRule HTTP_User-Agent "Missigua"
+
+#comment spam sign
+SecRule HTTP_User-Agent "compatible \; MSIE"
+
+#Some regexps to catch silly bots
+SecRule REQUEST_URI "!/ps(zones\|comp).txt1" chain
+SecRule HTTP_User-Agent "^(google|i?explorer?\.exe|(MS)?IE( [0-9.]+)?[ ]?(Compatible( Browser)?)?)$"
+SecRule HTTP_User-Agent "^(Mozilla( [0-9.]+)?[ ]?\((Windows|Linux|(IE )?Compatible)\))$"
+SecRule HTTP_User-Agent "^Mozilla/5\.0 \(X11; U; Linux i686; en-US; rv\:0\.9\.6\+\) Gecko/2001112$"
+SecRule HTTP_User-Agent "^Mozilla/[0-9.]+ \(compatible; MSIE [0-9.]+; Windows( NT)?( [0-9.]*)?;[0-9./ ]*\)?$"
+SecRule HTTP_User-Agent "^Mozilla/.+[. ]+$"
+
+#spammer
+SecRule HTTP_User-Agent "Butch__2\.1\.1"
+SecRule HTTP_User-Agent "agdm79@mail\.ru"
+
+#Fake Gameboy UA
+SecRule HTTP_User-Agent "GameBoy\, Powered by Nintendo"
+
+#bogus amiga UA
+SecRule HTTP_User-Agent "Amiga-AWeb/3\.4"
+
+#exploit UA
+SecRule HTTP_User-Agent "Internet Ninja x\.0"
+
+#bogus googlebot UA
+SecRule HTTP_User-Agent "Nokia-WAPToolkit.* googlebot.*googlebot"
+
+#recently caught sending spam referrals, from their actual crawler IP
+SecRule HTTP_User-Agent "BecomeBot"
+
+#Suverybot
+#SecRule HTTP_User-Agent "SurveyBot"
+
+#exploit
+SecRule HTTP_User-Agent "S\.T\.A\.L\.K\.E\.R\."
+SecRule HTTP_User-Agent "NeuralBot/0\.2"
+SecRule HTTP_User-Agent "Kenjin Spider"
+
+#WebvulnScan
+SecRule HTTP_User-Agent "WebVulnScan"
+
+#broken spam tool
+SecRule HTTP_User-Agent "Mozilla/4\.0 \(compatible\; MSIE 6\.0\; Windows NT 5\.1$"
+
+#PHPBB worm UA
+SecRule HTTP_User-Agent "INTERNET EXPLOITER SUX"
+
+#fake UA
+SecRule HTTP_User-Agent "Windows-Update-Agent"
+
+#exploit
+SecRule HTTP_User-Agent "Internet-exprorer"
+
+# Bad Spider
+SecRule HTTP_User-Agent "hl_ftien_spider"
+
+# PMAFind
+SecRule HTTP_User-Agent "PMAFind"