HEX
Server: Apache/2
System: Linux nexus-01 4.18.0-553.120.1.el8_10.x86_64 #1 SMP Mon Apr 20 18:04:27 EDT 2026 x86_64
User: aglcoke (1118)
PHP: 8.2.31
Disabled: mail,exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /usr/local/cwaf/rules/
Upload Files
File: //usr/local/cwaf/rules/14_Outgoing_FilterGen.conf
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule TX:PROCESS_RESPONSE "!@streq on" \
	"id:214399,pass,nolog,skipAfter:'SECMARKER_214410',rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?:<h1>internal server error<\/h1>.{0,}?<h2>part of the server has crashed or it has a configuration error\.<\/h2>|Microsoft OLE DB Provider for SQL Server(?: \(0x80040e31\)<br>Timeout expired<br>|<\/font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired)|cannot connect to the server: timed out)" \
	"id:214490,msg:'COMODO WAF: The application is not available||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "href[\t\n\r ]{0,1}=[\t\n\r \x22\']{0,}[a-zA-Z]\:\x5c([^\x22\']{1,})" \
	"id:214510,chain,msg:'COMODO WAF: File or Directory Names Leakage||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"
SecRule TX:1 "!program files\x5cmicrosoft office\x5c(?:office|templates)" \
	"capture,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',t:none,t:lowercase"

SecRule RESPONSE_BODY "!@pm iframe" \
	"id:214520,phase:4,capture,pass,nolog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,skipAfter:'SECMARKER_214400',rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?i)(eval\(.{0,15}unescape\()" \
	"id:214570,msg:'COMODO WAF: Potential Obfuscated Javascript in Output - Eval+Unescape||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?i)(var[^=]+=\s*unescape\s*;)" \
	"id:214580,msg:'COMODO WAF: Potential Obfuscated Javascript in Output - Unescape||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?i:%u0c0c%u0c0c|%u9090%u9090|%u4141%u4141)" \
	"id:214590,msg:'COMODO WAF: Potential Obfuscated Javascript in Output - Heap Spray||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "!@pmFromFile bl_output" \
	"id:214600,phase:4,capture,pass,nolog,t:none,t:urlDecodeUni,t:htmlEntityDecode,skipAfter:'SECMARKER_214410',rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "\b(?:Th(?:ese statistics were produced by (?:PeLAB|getstats)|is (?:analysis was produced by.{0,100}?(?:EasyStat|analog|calamaris)|report was generated by WebLog|summary was generated by.{0,100}?(?:Jware|analog|w(?:ebcruncher|wwstat))))|[Gg]enerated by.{0,100}?[Ww]ebalizer)\b" \
	"id:214640,msg:'COMODO WAF: Statistics Information Leakage||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?:<(?:TITLE>Index of.{0,}?<H|title>Index of.{0,}?<h)1>Index of|>\[To Parent Directory]</[Aa]><br>)" \
	"id:214680,msg:'COMODO WAF: Directory Listing||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"
@ Telegram