| Server IP : 199.250.200.62 / Your IP : 216.73.217.89 Web Server : Apache System : Linux vps37394.inmotionhosting.com 3.10.0-1160.119.1.vz7.224.4 #1 SMP Mon Sep 30 15:36:27 MSK 2024 x86_64 User : jasonp18 ( 1000) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /etc/apache2/conf.d/imh-modsec/ |
Upload File : |
# both.conf
# Rules to block access to known spam scripts
# Will block if the Host header is in all caps with a lower-case tld,
# if the request URI ends with ".php" (case insensitive), if the user agent
# matches the list of patterns, if the method is POST and if Referer is not set.
# See #3885 for details
SecRule REQUEST_HEADERS:Host "[0-9A-Z\.-]\.[a-z\.]+" \
"chain,log,deny,status:406,id:13421,t:none,\
msg:'POST request appears to be to spam mailer'"
SecRule REQUEST_FILENAME "\.php$" "chain,t:lowercase"
SecRule REQUEST_HEADERS:User-Agent "^Mozilla/5.0$" "chain,t:removeWhitespace"
SecRule REQUEST_HEADERS_NAMES "!@contains Referer" "chain"
SecRule REQUEST_METHOD "POST"
# Block for long postdata from sketchy clients 3976
SecRule ARGS "[0-9a-zA-Z=&%]{80}" \
"chain,log,deny,status:406 \
msg:'Unusual POST data',id:13701,t:none"
SecRule REQUEST_FILENAME "\.php$" "chain,t:lowercase"
SecRule REQUEST_HEADERS:Accept "^[*]/[*]$" "chain,t:removeWhitespace"
SecRule REQUEST_HEADERS:User-Agent "^Mozilla/5.0$" "chain,t:none,t:removeWhitespace"
SecRule REQUEST_METHOD "POST"
# Block POSTs to a known spam script payload
SecRule REQUEST_FILENAME "sys\d{5,}\.php$" "chain,log,deny,status:406 \
msg:'Access to known spam script',id:13703,t:lowercase,t:removeWhitespace"
SecRule REQUEST_METHOD "POST"
# Ticket 7140 <https://trac.imhtech.net/T3/ticket/7140>
<Files "sitedata.php">
SecRule ARGS_NAMES "@pm text subj data address port login password email name headers to" \
"log,deny,status:406,msg:'Access to known spam script',id:13704,t:removeWhitespace"
</Files>