D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
bitninja-waf
/
etc
/
BitNinja
/
Filename :
407-BOTNET-PROTECTION.conf
back
Copy
SecRule REQUEST_FILENAME "^.*\/[a-z]{8}\.php$" \ "chain,\ phase:2,\ id:407001,\ t:none,\ auditlog,\ block,\ severity:CRITICAL,\ msg:'Protection against HEXA botnet',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'" SecRule REQUEST_HEADERS:Content-Type ^application/x-www-form-urlencoded$ "t:lowercase,chain" SecRule &ARGS_POST "@eq 1" "chain" SecRule ARGS_POST "^[0-9a-fA-F]+$" "chain" SecRule REQUEST_BODY_LENGTH "@gt 2000" \ "setvar:tx.bn_inbound_found=+1" SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \ "phase:1, \ id:407002, \ t:none, \ deny, \ status:403, \ log, \ auditlog, \ msg:'DVT: CVE-2021-44228 - deny known \"jndi:\" pattern', \ severity:'2', \ rev:1, \ tag:'no_ar',\ setvar:'tx.bn_inbound_found=+1'" SecRule ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING "jndi:ldap:|jndi:dns:|jndi:rmi:|jndi:rni:|\${jndi:" \ "phase:2, \ id:407003, \ t:none, \ deny, \ status:403, \ log, \ auditlog, \ msg:'DVT: CVE-2021-44228 - deny known \"jndi:\" pattern', \ severity:'2', \ rev:1, \ tag:'no_ar',\ setvar:'tx.bn_inbound_found=+1'"