HEX
Server: Apache/2
System: Linux nexus-01 4.18.0-553.120.1.el8_10.x86_64 #1 SMP Mon Apr 20 18:04:27 EDT 2026 x86_64
User: aglcoke (1118)
PHP: 8.2.31
Disabled: mail,exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /usr/local/cwaf/rules/
Upload Files
File: //usr/local/cwaf/rules/08_Global_Other.conf
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule REQUEST_FILENAME "!@rx (?:/wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags)\.php)|(?:/wp-comments-post\.php)|(?:/node/\d+/edit$)|(?:/administrator/(index|index2|index3|options|postarticles|contactus|homepagecontent|functions/update_article)\.php)|(?:/admin\w*/)" \
	"id:211020,chain,t:none,msg:'COMODO WAF: Injection of Undocumented ColdFusion Tags||%{tx.domain}|%{tx.mode}|2',phase:2,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',rev:1,severity:2,tag:'CWAF',tag:'Other'"
SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/ "\bcf(?:_(?:setdatasource(?:password|username)|(?:getdatasourceusernam|iscoldfusiondatasourc)e)|admin_registry_(?:delete|set)|execute|internaldebug|newinternal(?:adminsecurit|registr)y|usion_(?:d(?:bconnections_flush|ecrypt)|encrypt|getodbc(?:dsn|ini)|set(?:odbcini|tings_refresh)|verifymail))\b" \
	"capture,setvar:'tx.points=+%{tx.points_limit4}',ctl:auditLogParts=+E,t:none,t:htmlEntityDecode,t:lowercase"

SecRule REQUEST_FILENAME "!@rx (?:/wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags)\.php)|(?:/wp-comments-post\.php)|(?:/node/\d+/edit$)|(?:/administrator/(index|index2|index3|options|postarticles|contactus|homepagecontent|functions/update_article)\.php)|(?:/admin\w*/)" \
	"id:211030,chain,t:none,msg:'COMODO WAF: LDAP Injection Attack||%{tx.domain}|%{tx.mode}|2',phase:2,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',rev:3,severity:2,tag:'CWAF',tag:'Other'"
SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:i|!ARGS:i|!ARGS:/install\[values\]\[\w*]\[fileDenyPattern\]/|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/ "(?:\((?:[^a-zA-Z0-9_]{0,}?(?:cn|homedirectory|objectc(?:ategory|lass)|[gu]idnumber)\b[^a-zA-Z0-9_]{0,}?=|[^a-zA-Z0-9\-_]{0,}?[!&|][^a-zA-Z0-9\-_]{0,}?\()|\)[^a-zA-Z0-9\-_]{0,}?\([^a-zA-Z0-9\-_]{0,}?[!&|])" \
	"chain,capture,setvar:'tx.points=+%{tx.points_limit4}',ctl:auditLogParts=+E,t:none,t:htmlEntityDecode,t:lowercase"
SecRule &ARGS:newspost.add "@eq 0"

SecRule REQUEST_FILENAME "!@rx (?:/wp-admin/(admin|admin-ajax|edit|options|options-general|plugin-editor|themes|theme-editor|tools|plugin-install|post|page|widgets|media|edit-tags)\.php)|(?:/wp-comments-post\.php)|(?:/node/\d+/edit$)|(?:/administrator/(index|index2|index3|options|postarticles|contactus|homepagecontent|functions/update_article)\.php)|(?:/admin\w*/)" \
	"id:211050,chain,t:none,msg:'COMODO WAF: Universal PDF XSS URL Detected.||%{tx.domain}|%{tx.mode}|2',phase:2,block,rev:2,severity:2,tag:'CWAF',tag:'Other'"
SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:text|!ARGS:panels_data|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/ "@rx http:\/\/[a-z0-9._]{1,}?\/.{0,}?\.pdf\b[^\n\r]{0,}#" \
	"capture,setvar:'tx.points=+%{tx.points_limit4}',ctl:auditLogParts=+E,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase"

SecRule RESPONSE_BODY "@rx \Q{varbuffer='\x41'for(i=0;i<=100;++i){buffer+=buffer+bufferdocument.write(buffer);}}\E" \
	"id:220130,msg:'COMODO WAF: DoS attack vulnerabikity in RealNetworks RealPlayer 16.0.2.32 and earlier (CVE-2013-3299)||%{tx.domain}|%{tx.mode}|2',phase:4,deny,status:403,log,t:none,t:removeWhitespace,t:lowercase,rev:3,severity:2,tag:'CWAF',tag:'Other'"

SecRule ARGS_POST:Locale|ARGS_POST:FailedLoginCount "@rx \x22|<" \
	"id:215030,chain,msg:'COMODO WAF: XSS Vulnerability in the SilverStripe CMS &amp; Framework v3.1.15 (CVE-2015-8606)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,rev:1,severity:2,tag:'CWAF',tag:'Other'"
SecRule REQUEST_FILENAME "@contains /admin/security/editform/field/members/" \
	"chain,t:none,t:normalizePath,t:lowercase"
SecRule REQUEST_COOKIES_NAMES "@rx ^SESS([0-9a-f]{32})$" \
	"t:none"

SecRule ARGS_GET:returnURL "@contains //" \
	"id:215040,chain,msg:'COMODO WAF: Open Redirect vulnerability in the SilverStripe CMS &amp; Framework v3.1.13 (CVE-2015-5062)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'Other'"
SecRule REQUEST_FILENAME "@contains /index.php/dev/build" \
	"chain,t:none,t:lowercase,t:normalizePath"
SecRule REQUEST_COOKIES_NAMES "@rx ^SESS([0-9a-f]{32})$" \
	"t:none"

SecRule REQUEST_FILENAME "@pmf userdata_bl_URLs" \
	"id:215090,msg:'COMODO WAF: Restricted File Access Attempt||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin,rev:3,severity:2,tag:'CWAF',tag:'Other'"

SecRule ARGS_GET:type "@rx \x22" \
	"id:215100,chain,msg:'COMODO WAF: XSS vulnerability in Gazelle before 2017-03-19 (CVE-2017-7248)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'Other'"
SecRule REQUEST_FILENAME "@endsWith /sections/better/transcode.php" \
	"t:none,t:normalizePath,t:urlDecodeUni,t:lowercase"

SecRule ARGS_GET:type "@rx \x22" \
	"id:215110,chain,msg:'COMODO WAF: XSS vulnerability in Gazelle before 2017-03-19 (CVE-2017-7248)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'Other'"
SecRule REQUEST_FILENAME "@endsWith /sections/better/transcode.php" \
	"t:none,t:normalizePath,t:urlDecodeUni,t:lowercase"

SecRule ARGS_GET:action|ARGS_GET:userid "@rx \x22" \
	"id:215120,chain,msg:'COMODO WAF: XSS vulnerability in Gazelle before 2017-03-19 (CVE-2017-7249)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:1,severity:2,tag:'CWAF',tag:'Other'"
SecRule REQUEST_FILENAME "@endsWith /sections/tools/data/ocelot_info.php" \
	"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"

SecRule ARGS_GET:action "@contains <" \
	"id:215130,chain,msg:'COMODO WAF: XSS vulnerability in Gazelle before 2017-03-19 (CVE-2017-7250)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'Other'"
SecRule REQUEST_FILENAME "@endsWith /sections/tools/finances/bitcoin_balance.php" \
	"t:none,t:urlDecodeUni,t:normalizePath,t:lowercase"
@ Telegram