HEX
Server: Apache/2
System: Linux nexus-01 4.18.0-553.120.1.el8_10.x86_64 #1 SMP Mon Apr 20 18:04:27 EDT 2026 x86_64
User: aglcoke (1118)
PHP: 8.2.31
Disabled: mail,exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /usr/local/cwaf/rules/
Upload Files
File: //usr/local/cwaf/rules/20_Outgoing_FiltersEnd.conf
# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecMarker SECMARKER_214410
SecRule TX:OUTGOING_POINTS "@ge %{tx.outgoing_points_limit}" \
	"id:214800,chain,msg:'COMODO WAF: Outbound Points Exceeded|Total Points: %{TX.outgoing_points}|%{tx.domain}|%{tx.mode}|2',phase:4,deny,logdata:'Last Matched Data: %{matched_var}',t:none,rev:2,severity:2,tag:'CWAF',tag:'FiltersEnd'"
SecRule TX:POINTS_BLOCKING "@streq on" \
	"chain"
SecRule TX:/^\d/ "(.{0,})"

SecRule &TX:'/LEAKAGE\\\/ERRORS/' "@ge 1" \
	"id:214900,chain,msg:'COMODO WAF: Correlated Successful Attack Identified|Total Points: %{tx.points}|%{tx.domain}|%{tx.mode}|0',phase:5,pass,log,t:none,skipAfter:'SECMARKER_214900',rev:1,severity:0,tag:'CWAF',tag:'FiltersEnd'"
SecRule &TX:'/WEB_ATTACK/' "@ge 1" \
	"t:none"

SecRule &TX:'/AVAILABILITY\\\/APP_NOT_AVAIL/' "@ge 1" \
	"id:214910,chain,msg:'COMODO WAF: Correlated Attack Attempt Identified|Total Points: %{tx.points}|%{tx.domain}|%{tx.mode}|1',phase:5,pass,log,t:none,skipAfter:'SECMARKER_214900',rev:1,severity:1,tag:'CWAF',tag:'FiltersEnd'"
SecRule &TX:'/WEB_ATTACK/' "@ge 1" \
	"t:none"

SecRule TX:INCOMING_POINTS "@gt 0" \
	"id:214920,chain,msg:'COMODO WAF: Inbound Points|Total Incoming Points: %{TX.incoming_points}|%{tx.domain}|%{tx.mode}|2',phase:5,pass,nolog,noauditlog,t:none,skipAfter:'SECMARKER_214900',rev:2,severity:2,tag:'CWAF',tag:'FiltersEnd'"
SecRule TX:INCOMING_POINTS "@lt %{tx.incoming_points_limit}"

SecRule TX:INCOMING_POINTS "@ge %{tx.incoming_points_limit}" \
	"id:214930,msg:'COMODO WAF: Inbound Points Exceeded|Total Incoming Points: %{TX.incoming_points}|%{tx.domain}|%{tx.mode}|2',phase:5,pass,log,noauditlog,t:none,rev:1,severity:2,tag:'CWAF',tag:'FiltersEnd'"

SecRule TX:OUTGOING_POINTS "@ge %{tx.outgoing_points_limit}" \
	"id:214940,msg:'COMODO WAF: Outbound Points Exceeded| Total Points: %{TX.outgoing_points}|%{tx.domain}|%{tx.mode}|2',phase:5,pass,log,noauditlog,t:none,rev:2,severity:2,tag:'CWAF',tag:'FiltersEnd'"

SecMarker SECMARKER_214900
@ Telegram