403Webshell
Server IP : 199.250.200.62  /  Your IP : 216.73.216.68
Web Server : Apache
System : Linux vps37394.inmotionhosting.com 3.10.0-1160.119.1.vz7.224.4 #1 SMP Mon Sep 30 15:36:27 MSK 2024 x86_64
User : jasonp18 ( 1000)
PHP Version : 7.4.33
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /etc/apache2/conf.d/imh-modsec/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /etc/apache2/conf.d/imh-modsec/15_bad_requests.conf
# all.conf
# Block access to sensitive dotfiles (.env, .git)
SecRule REQUEST_URI "\/\.(?:env|git)" \
    "phase:1,log,deny,status:406,auditlog,id:14206,rev:1,severity:2,\
    msg:'Blocking access to sensitive dotfiles'"

# both.conf
# Contains rules which are designed to block disruptive behavior such as stress
# testing and security scans

# Block benchmark functions in the url
SecRule ARGS "benchmark\([0-9]{5,1000}\," \
    "deny,log,auditlog,status:406,t:none,t:lowercase,t:htmlEntityDecode,\
    t:removeWhitespace,msg:'Benchmark function call in request args',id:'13425',\
    tag:'WEB_ATTACK/SQL INJECTION',severity:'4'"

# Block attempts to abuse download plugins for php files in parent directories
SecRule ARGS_GET "(?:\/|)\.{2}\/.+\.php" \
    "log,deny,status:406,auditlog,id:14205,rev:1,severity:2,\
    msg:'Attempting to access php files from parent dir'"

# Rate limit cPanel/webmail/webdisk/cpcontacts/cpcalendars subdomains: 10 requests per minute per IP
# Matches hostnames like cpanel.example.com, webmail.example.com, webdisk.example.com
# Excludes authenticated sessions (URIs containing /cpsessNNNN/)
# Tracks globally per-IP (not per-hostname)

# Initialize the IP collection for rate limiting
SecAction "id:13094,phase:1,pass,nolog,initcol:ip=%{remote_addr}"

# Skip rate limit counting for authenticated sessions and static assets
SecRule REQUEST_URI "@rx /(cpsess[0-9]+|cPanel_magic_revision_[0-9]+|.well-known)/" \
    "id:13095,phase:2,pass,nolog,skipAfter:END_CPANEL_RATELIMIT"

# Increment counter for cpanel/webmail/webdisk/cpcontacts/cpcalendars subdomains
SecRule REQUEST_HEADERS:Host "@rx ^(cpanel|webmail|webdisk|cpcontacts|cpcalendars)\." \
    "id:13096,phase:2,pass,nolog,\
    setvar:ip.ratelimit_cpanel=+1,\
    expirevar:ip.ratelimit_cpanel=60"

# Deny if over limit
SecRule IP:RATELIMIT_CPANEL "@gt 10" \
    "id:13097,phase:2,deny,status:429,chain,\
    setenv:RATELIMITED_CPANEL,\
    log,msg:'RATELIMITED CPANEL/WEBMAIL/WEBDISK %{remote_addr}'"
    SecRule REQUEST_HEADERS:Host "@rx ^(cpanel|webmail|webdisk|cpcontacts|cpcalendars)\."

SecMarker "END_CPANEL_RATELIMIT"

ErrorDocument 429 "Too Many Requests"

# Block attempts to access httpoxy exploit
SecRule &REQUEST_HEADERS:Proxy "@gt 0" \
    "id:1000005,log,deny,status:406,msg:'httpoxy denied'"

Youez - 2016 - github.com/yon3zu
LinuXploit