Files
hub-insurance/wp-content/jetpack-waf/rules/automatic-rules.php
T
2026-07-02 15:54:39 -06:00

3510 lines
98 KiB
PHP

<?php
$rule = (object) array( 'id' => 901140, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'tx' =>
array (
'only' =>
array (
0 => 'critical_anomaly_score',
),
'count' => true,
),
),'eq','0',false,false)) {
$waf->set_var('tx.critical_anomaly_score','5');
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 901141, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'tx' =>
array (
'only' =>
array (
0 => 'error_anomaly_score',
),
'count' => true,
),
),'eq','0',false,false)) {
$waf->set_var('tx.error_anomaly_score','4');
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 901142, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'tx' =>
array (
'only' =>
array (
0 => 'warning_anomaly_score',
),
'count' => true,
),
),'eq','0',false,false)) {
$waf->set_var('tx.warning_anomaly_score','3');
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 901143, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'tx' =>
array (
'only' =>
array (
0 => 'notice_anomaly_score',
),
'count' => true,
),
),'eq','0',false,false)) {
$waf->set_var('tx.notice_anomaly_score','2');
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 901160, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'tx' =>
array (
'only' =>
array (
0 => 'allowed_methods',
),
'count' => true,
),
),'eq','0',false,false)) {
$waf->set_var('tx.allowed_methods','GET HEAD POST OPTIONS');
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$waf->set_var('tx.anomaly_score','0');
$waf->set_var('tx.anomaly_score_pl1','0');
$waf->set_var('tx.anomaly_score_pl2','0');
$waf->set_var('tx.anomaly_score_pl3','0');
$waf->set_var('tx.anomaly_score_pl4','0');
$waf->set_var('tx.sql_injection_score','0');
$waf->set_var('tx.xss_score','0');
$waf->set_var('tx.rfi_score','0');
$waf->set_var('tx.lfi_score','0');
$waf->set_var('tx.rce_score','0');
$waf->set_var('tx.php_injection_score','0');
$waf->set_var('tx.http_violation_score','0');
$waf->set_var('tx.session_fixation_score','0');
$waf->set_var('tx.inbound_anomaly_score','0');
$waf->set_var('tx.outbound_anomaly_score','0');
$waf->set_var('tx.outbound_anomaly_score_pl1','0');
$waf->set_var('tx.outbound_anomaly_score_pl2','0');
$waf->set_var('tx.outbound_anomaly_score_pl3','0');
$waf->set_var('tx.outbound_anomaly_score_pl4','0');
$waf->set_var('tx.sql_error_match','0');
$waf->set_var('tx.tx_source_jetpack','0');
$waf->set_var('tx.allowed_methods','GET HEAD POST OPTIONS PUT DELETE PATCH PURGE');
$rule = (object) array( 'id' => 4280017, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'begins_with','/is-admin/api/',false,false)) {
$waf->flag_rule_for_removal('id','932100');
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100021, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin.php#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => '/^\\s*page$/',
),
),
),'rx','#^CiviCRM$#Ds',false,false)) {
$waf->flag_target_for_removal('id','921130','args','report_header');
$waf->flag_target_for_removal('id','921130','args','report_footer');
$waf->flag_target_for_removal('id','941170','args','report_header');
$waf->flag_target_for_removal('id','941170','args','report_footer');
$waf->flag_target_for_removal('id','941160','args','report_header');
$waf->flag_target_for_removal('id','941160','args','report_footer');
$waf->flag_target_for_removal('id','941190','args','report_header');
$waf->flag_target_for_removal('id','941190','args','report_footer');
$waf->flag_target_for_removal('id','941250','args','report_header');
$waf->flag_target_for_removal('id','941250','args','report_footer');
$waf->flag_target_for_removal('id','941260','args','report_header');
$waf->flag_target_for_removal('id','941260','args','report_footer');
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100023, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#(?i)\\.(?:jpe?g|png|gif|ico|css|js|woff2?|ttf|eot|otf|svg|webp)$#Ds',false,false)) {
$waf->flag_target_for_removal('id','930110','request_uri',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100025, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'ends_with','/wp-admin/admin.php',false,false)) {
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => 'page',
),
),
),'streq','wpcode-snippet-manager',false,false)) {
$waf->flag_target_for_removal('id','99110061','args','wpcode_snippet_code');
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100032, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-content/glive/[^/]+\\.html$#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => 'f',
),
),
),'rx','#\\.clax$#Ds',false,false)) {
$waf->flag_target_for_removal('id','930110','args','f');
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110001, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'uppercase',
),array (
'request_method' =>
array (
),
'request_headers' =>
array (
'only' =>
array (
0 => '/^(?i)X-HTTP-METHOD-OVERRIDE$/',
),
),
'args_get' =>
array (
'only' =>
array (
0 => '/^\\s*.method$/',
),
),
),'rx','#^(PUT|PATCH|DELETE)$#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => '/^(?i)Content-Type$/',
),
'count' => true,
),
),'eq','0',false,false)) {
$waf->set_body_processor('URLENCODED');
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110002, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'uppercase',
),array (
'request_method' =>
array (
),
'request_headers' =>
array (
'only' =>
array (
0 => '/^(?i)X-HTTP-METHOD-OVERRIDE$/',
),
),
'args_get' =>
array (
'only' =>
array (
0 => '/^\\s*.method$/',
),
),
),'rx','#^(PUT|PATCH|DELETE)$#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_headers' =>
array (
'only' =>
array (
0 => '/^(?i)Content-Type$/',
),
),
),'contains','/',true,false)) {
$waf->set_body_processor('URLENCODED');
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101301, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#3dprint.*tinyfilemanager\\.php$#Ds',false,false)) {
$rule->reason = '3DPrint-FileManager json payload blocked';
if($waf->match_targets(array (
),array (
'request_method' =>
array (
),
),'rx','#POST#Ds',false,false)) {
$rule->reason = '3DPrint-FileManager json payload blocked';
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'content-type',
),
),
),'rx','#application/json#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = '3DPrint-FileManager json payload blocked';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110012, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#\\/wp-content\\/plugins\\/core-stab\\/index.*\\.php$#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'core-stab fake plugin direct access blocked';
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110018, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-content/plugins/media-library-assistant/includes/mla-stream-image.php#Ds',false,false)) {
$rule->reason = 'Local File Inclusion or Remote Code Execution attempt against Media Library Assistant '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*mla.stream.file$/',
),
),
),'rx','#(^(https?|s?ftp|php|zlib|data|glob|phar|ssh2?|rar|ogg|expect)://)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Local File Inclusion or Remote Code Execution attempt against Media Library Assistant '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110020, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?tdw/save_css#Ds',false,false)) {
$rule->reason = 'tagDiv Composer json paylod blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'content-type',
),
),
),'rx','#application/json#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'tagDiv Composer json paylod blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110025, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?wml/v1/wml_logs/?$#Ds',false,false)) {
$rule->reason = 'SQL injection in wp-mail-log (non-JSON request)';
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'content-type',
),
),
),'rx','#(?i)application/json#Ds',true,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'SQL injection in wp-mail-log (non-JSON request)';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110027, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?wml/v1/wml_logs/send_mail/?$#Ds',false,false)) {
$rule->reason = 'SQL injection in wp-mail-log send_mail (JSON request)';
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'content-type',
),
),
),'rx','#(?i)application/json#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'SQL injection in wp-mail-log send_mail (JSON request)';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110028, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_cookies' =>
array (
'only' =>
array (
0 => '/wordpress.logged.in/',
),
),
),'rx','#^[^|]*[\'\\"]#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'SQL Injection in wordpress_logged_in cookie '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110029, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-content/backups-dup-.*/tmp/?$#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Attempt to list Duplicator backups directory '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110035, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'rx','#(?i)(/wp-json/)?post-smtp/v1/connect-app#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_headers' =>
array (
'only' =>
array (
0 => '/^(?i)auth.key$/',
),
),
),'rx','#(?i)^0?$#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110036, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'rx','#(?i)(/wp-json/)?post-smtp/v1/connect-app#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'auth-key',
),
'count' => true,
),
),'eq','0',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110037, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#(?i)/backup-heart\\.php$#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'content-dir',
),
),
),'rx','#(?i)^\\w+://#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110051, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'user-agent',
),
),
),'rx','#^wp_is_mobile|Moblie Safari|SM-G892A Bulid|Mozlila|Team Anon Force|8mqULwuL-67#Ds',false,false)) {
$rule->reason = 'Blocked request - contains malware crawler user-agent';
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110052, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'referer',
),
),
),'rx','#^(www.)?google\\.com$|^(www.)?bing\\.com$|^(www.)?binance\\.com$|^(www.)?google\\.comwww\\.duckduckgo\\.com$|^(www.)?yahoo\\.com$#Ds',false,false)) {
$rule->reason = 'Blocked request - contains malware crawler referer URL';
return $waf->block('deny',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110068, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => '/^\\s*page$/',
),
),
),'streq','postman_email_log',false,false)) {
$rule->reason = 'Post SMTP < 3.6.1 - Unauthenticated Email Log Leak';
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => '/^\\s*view$/',
),
),
),'streq','log',false,false)) {
$rule->reason = 'Post SMTP < 3.6.1 - Unauthenticated Email Log Leak';
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin.php#Ds',true,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Post SMTP < 3.6.1 - Unauthenticated Email Log Leak';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 920100, 'reason' => '', 'tags' => array (
0 => 'application-multi',
1 => 'language-multi',
2 => 'platform-multi',
3 => 'attack-protocol',
4 => 'paranoia-level/1',
5 => 'owasp_crs',
6 => 'capec/1000/210/272',
) );
try {
if($waf->match_targets(array (
),array (
'request_line' =>
array (
),
),'rx','#(?i)^(?:(?:[a-z]{3,10}\\s+(?:\\w{3,7}?://[\\w\\-\\./]*(?::\\d+)?)?\\/[^?\\#]*(?:\\?[^\\#\\s]*)?(?:\\#[\\S]*)?|connect (?:(?:\\d{1,3}\\.){3}\\d{1,3}\\.?(?::\\d+)?|[\\w\\-\\./]+:\\d+)|options \\*)\\s+[\\w\\./]+|get \\/[^?\\#]*(?:\\?[^\\#\\s]*)?(?:\\#[\\S]*)?)$#Ds',true,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.warning_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Invalid HTTP Request Line '.$waf->meta('request_line');
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 920330, 'reason' => '', 'tags' => array (
0 => 'application-multi',
1 => 'language-multi',
2 => 'platform-multi',
3 => 'attack-protocol',
4 => 'paranoia-level/1',
5 => 'owasp_crs',
6 => 'capec/1000/210/272',
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'user-agent',
),
),
),'rx','#^$#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.notice_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Empty User Agent Header';
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$waf->set_var('tx.anomaly_score','0');
$waf->set_var('tx.anomaly_score_pl1','0');
$waf->set_var('tx.anomaly_score_pl2','0');
$waf->set_var('tx.anomaly_score_pl3','0');
$waf->set_var('tx.anomaly_score_pl4','0');
$waf->set_var('tx.sql_injection_score','0');
$waf->set_var('tx.xss_score','0');
$waf->set_var('tx.rfi_score','0');
$waf->set_var('tx.lfi_score','0');
$waf->set_var('tx.rce_score','0');
$waf->set_var('tx.php_injection_score','0');
$waf->set_var('tx.http_violation_score','0');
$waf->set_var('tx.session_fixation_score','0');
$waf->set_var('tx.inbound_anomaly_score','0');
$waf->set_var('tx.outbound_anomaly_score','0');
$waf->set_var('tx.outbound_anomaly_score_pl1','0');
$waf->set_var('tx.outbound_anomaly_score_pl2','0');
$waf->set_var('tx.outbound_anomaly_score_pl3','0');
$waf->set_var('tx.outbound_anomaly_score_pl4','0');
$waf->set_var('tx.sql_error_match','0');
$waf->set_var('tx.tx_source_jetpack','0');
$waf->set_var('tx.allowed_methods','GET HEAD POST OPTIONS PUT DELETE PATCH PURGE');
$rule = (object) array( 'id' => 99100020, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#elementor_ajax#Ds',false,false)) {
$waf->flag_target_for_removal('id','941110','args','actions');
$waf->flag_target_for_removal('id','941120','args','actions');
$waf->flag_target_for_removal('id','941140','args','actions');
$waf->flag_target_for_removal('id','941160','args','actions');
$waf->flag_target_for_removal('id','941170','args','actions');
$waf->flag_target_for_removal('id','941210','args','actions');
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100022, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_uri' =>
array (
),
),'rx','#(?i)(/wp-json/)?wp/v2/(posts|pages)#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*json.content$/',
),
),
),'rx','#<!-- wp:html -->(.*?)<!-- /wp:html -->#Ds',false,true)) {
if($waf->match_targets(array (
),array (
'tx' =>
array (
'only' =>
array (
0 => '1',
),
),
),'contains','<script',false,false)) {
$waf->flag_target_for_removal('id','941110','args','json.content');
$waf->flag_target_for_removal('id','941120','args','json.content');
$waf->flag_target_for_removal('id','941140','args','json.content');
$waf->flag_target_for_removal('id','941160','args','json.content');
$waf->flag_target_for_removal('id','941170','args','json.content');
$waf->flag_target_for_removal('id','941210','args','json.content');
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100024, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'args' =>
array (
),
),'rx','#(?is)(?:@import|\\burl\\s*\\()#Ds',false,false)) {
$waf->flag_target_for_removal('id','930110','args',NULL);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100026, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'utf8_to_unicode',
1 => 'remove_nulls',
2 => 'cmd_line',
),array (
'args' =>
array (
),
),'rx','#^[\\s\\S]*(?:(?:^|[\\\\\\\\/])\\.\\.[\\\\\\\\/]|[\\\\\\\\/]\\.\\.(?:[\\\\\\\\/]|$))[\\s\\S]*$#Ds',false,true)) {
if($waf->match_targets(array (
0 => 'utf8_to_unicode',
1 => 'remove_nulls',
2 => 'cmd_line',
),array (
'tx' =>
array (
'only' =>
array (
0 => '0',
),
),
),'rx','#https?://#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'utf8_to_unicode',
1 => 'remove_nulls',
2 => 'cmd_line',
),array (
'tx' =>
array (
'only' =>
array (
0 => '0',
),
),
),'rx','#https?://[^?&,\\"]{1,250}[\\\\\\\\/]\\.\\.[\\\\\\\\/][^?&,\\"]{1,250}.(?:jpe?g|png|gif|ico|css|js|woff2?|ttf|svg|webp)#Ds',false,false)) {
$waf->flag_target_for_removal('id','930110','args',NULL);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100027, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args' =>
array (
),
),'rx','#(?:href|src|action|data|target)=[^>]*?\\.\\.[\\\\\\\\/]#Ds',false,false)) {
$waf->flag_target_for_removal('id','930110','args',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100028, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'referer',
),
),
),'rx','#/wp-admin/post(?:-new)?\\.php#Ds',false,false)) {
$waf->flag_target_for_removal('id','930110','args',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100029, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'referer',
),
),
),'rx','#/wp-admin/post(?:-new)?\\.php#Ds',false,false)) {
$waf->flag_target_for_removal('id','942160','args',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100030, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'user-agent',
),
),
),'contains','WPUmbrella+https://wp-umbrella.com/communication-with-our-service',false,false)) {
$waf->flag_target_for_removal('id','930110','args',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100031, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'referer',
),
),
),'rx','#/wp-admin/customize\\.php#Ds',false,false)) {
$waf->flag_target_for_removal('id','930110','args',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100033, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/options.php#Ds',false,false)) {
$waf->flag_target_for_removal('id','99110066','args',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100034, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_uri' =>
array (
),
),'rx','#[^?\\#]*/wp-json/autonami/v1/wc-add-to-cart$#Ds',false,false)) {
$waf->flag_target_for_removal('id','99110066','args',NULL);
$waf->flag_target_for_removal('id','99110067','args',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100035, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => 'action',
),
),
),'streq','wpide_request',false,false)) {
$waf->flag_target_for_removal('id','933110','files',NULL);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99100036, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'referer',
),
),
),'contains','/wp-admin/admin.php?page=import-code-snippets',false,false)) {
$waf->flag_target_for_removal('id','933110','files',NULL);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110008, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-post.php#Ds',false,false)) {
$rule->reason = 'Poll, Survey, Form & Quiz Maker XSS Attempt Detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => 'page',
),
),
),'rx','#opinionstage-content-login-callback-page#Ds',false,false)) {
$rule->reason = 'Poll, Survey, Form & Quiz Maker XSS Attempt Detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_get' =>
array (
),
),'rx','#(var\\s*u\\s*=|\\"?>.+)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Poll, Survey, Form & Quiz Maker XSS Attempt Detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110010, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'WooCommerce Currency Switcher LFI Attempt Detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => 'action',
),
),
),'streq','parse-media-shortcode',false,false)) {
$rule->reason = 'WooCommerce Currency Switcher LFI Attempt Detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => 'shortcode',
),
),
),'rx','#(\\[woocs\\s.*(?<=\\s)pagepath[^\\]]+\\])#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'WooCommerce Currency Switcher LFI Attempt Detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110011, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = '3DPrint Lite Arbitrary File Upload detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','p3dlite_handle_upload',false,false)) {
$rule->reason = '3DPrint Lite Arbitrary File Upload detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'files' =>
array (
),
),'rx','#\\.php#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = '3DPrint Lite Arbitrary File Upload detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110009, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
),array (
'request_cookies' =>
array (
'except' =>
array (
0 => '/__utm/',
),
),
'request_cookies_names' =>
array (
),
'args_names' =>
array (
),
'args' =>
array (
),
),'rx','#(?i:(union (?:all )?select (?:(?:1,)+concat\\(0x|null|unhex|0x6c6f67696e70776e7a,|char\\(45,120,49,45,81,45\\))))#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Block MSSQL code execution and information gathering attempts '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101000, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Potential Ninja Forms RCE';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#nf_ajax_submit#Ds',false,false)) {
$rule->reason = 'Potential Ninja Forms RCE';
if($waf->match_targets(array (
0 => 'url_decode',
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'referer',
),
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*.wp.http.referer$/',
),
),
),'rx','#\\?.*::#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Potential Ninja Forms RCE';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101002, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Authentication bypass exploit attempt';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#^ajax_save_options$#Ds',false,false)) {
$rule->reason = 'Authentication bypass exploit attempt';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*iubenda.section.name$/',
),
),
),'rx','#^(?!iubenda_)#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Authentication bypass exploit attempt';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101003, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Backdoor Upload Exploit Attempt';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#^user_registration_profile_pic_upload$#Ds',false,false)) {
$rule->reason = 'Backdoor Upload Exploit Attempt';
if($waf->match_targets(array (
),array (
'files' =>
array (
'only' =>
array (
0 => '/^\\s*file$/',
),
),
),'rx','#\\.(ph(p|tml)[3-8]?|htaccess)$#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Backdoor Upload Exploit Attempt';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101004, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Backdoor Upload Exploit Attempt';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => 'action',
),
),
),'rx','#jb-upload-company-logo#Ds',false,false)) {
$rule->reason = 'Backdoor Upload Exploit Attempt';
if($waf->match_targets(array (
),array (
'request_cookies' =>
array (
),
),'rx','#\\.(ph(p|tml)[3-8]?|htaccess)$#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Backdoor Upload Exploit Attempt';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101005, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Arbitrary Plugin Upload Attack Detected';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#^(stopbadbots|wpmemory|wptools|antihacker|cardealer)_install_plugin$#Ds',false,false)) {
$rule->reason = 'Arbitrary Plugin Upload Attack Detected';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*slug$/',
),
),
),'rx','#^(antihacker|stopbadbots|recaptcha-for-all|wp-memory|toolstruthsocial)$#Ds',true,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Arbitrary Plugin Upload Attack Detected';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101300, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
),'rx','#3dprint.*tinyfilemanager\\.php$#Ds',false,false)) {
$rule->reason = '3DPrint-FileManager directory traversal attack';
if($waf->match_targets(array (
),array (
'args_post_names' =>
array (
),
),'rx','#(?i)group#Ds',false,false)) {
$rule->reason = '3DPrint-FileManager directory traversal attack';
if($waf->match_targets(array (
),array (
'args_post_names' =>
array (
),
),'rx','#(?i)(delete|zip|tar)#Ds',false,false)) {
$rule->reason = '3DPrint-FileManager directory traversal attack';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => 'file',
),
),
),'rx','#\\.\\.(\\\\|/)#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = '3DPrint-FileManager directory traversal attack';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110014, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
1 => 'lowercase',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-json/wp/v2/users#Ds',false,false)) {
$rule->reason = 'Block WooCommerce-Payments Priv. Escalation';
if($waf->match_targets(array (
),array (
'request_headers' =>
array (
'only' =>
array (
0 => '/^(?i)X-WCPAY-PLATFORM-CHECKOUT-USER$/',
),
),
),'rx','#^\\d+$#Ds',false,false)) {
$rule->reason = 'Block WooCommerce-Payments Priv. Escalation';
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_headers' =>
array (
'only' =>
array (
0 => '/^(?i)Content-Type$/',
),
),
),'rx','#application/json#Ds',false,false)) {
$rule->reason = 'Block WooCommerce-Payments Priv. Escalation';
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_body' =>
array (
),
),'contains','administrator',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Block WooCommerce-Payments Priv. Escalation';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110015, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?frm-admin/v1/install-addon#Ds',false,false)) {
$rule->reason = 'Block Formidable-Forms Arbitrary Plugin Install. Matched Data: '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*file.url$/',
),
),
'request_cookies' =>
array (
'only' =>
array (
0 => '/^\\s*file.url$/',
),
),
),'rx','#(?i)wordpress\\.org#Ds',false,false)) {
$rule->reason = 'Block Formidable-Forms Arbitrary Plugin Install. Matched Data: '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*file.url$/',
),
),
'request_cookies' =>
array (
'only' =>
array (
0 => '/^\\s*file.url$/',
),
),
),'rx','#^(?i)https://downloads\\.wordpress\\.org/plugin/((formidable-(gravity-forms-importer|import-pirate-forms))|wp-mail-smtp)\\.zip$#Ds',true,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Block Formidable-Forms Arbitrary Plugin Install. Matched Data: '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110016, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Remote Code Execution attempt against WP User Post Gallary detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','upg_datatable',false,false)) {
$rule->reason = 'Remote Code Execution attempt against WP User Post Gallary detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
),
),'rx','#field#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Remote Code Execution attempt against WP User Post Gallary detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110017, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_post_names' =>
array (
),
),'rx','#^\\s*um.request$#Ds',false,false)) {
$rule->reason = 'Privilege Escalation attack against Ultimate Member detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_post_names' =>
array (
),
),'rx','#^\\s*.wpnonce$#Ds',false,false)) {
$rule->reason = 'Privilege Escalation attack against Ultimate Member detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_post_names' =>
array (
),
),'rx','#^\\s*form.id$#Ds',false,false)) {
$rule->reason = 'Privilege Escalation attack against Ultimate Member detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_post_names' =>
array (
),
),'rx','#\\[(?:administrator|editor|author|contributor)\\]$#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Privilege Escalation attack against Ultimate Member detected '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110019, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?tdw/save_css#Ds',false,false)) {
$rule->reason = 'XSS attempt against tagDiv Composer '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*compiled.css$/',
),
),
),'rx','#(<[^>]+>)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'XSS attempt against tagDiv Composer '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110021, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Malicious attempt to delete options '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#^(two_init_flow_score|two_activate_score_check)$#Ds',false,false)) {
$rule->reason = 'Malicious attempt to delete options '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*nonce$/',
),
),
),'rx','#^(?!two_).*$#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Malicious attempt to delete options '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110022, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Attempted RCE through file upload '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','rtmedia_api',false,false)) {
$rule->reason = 'Attempted RCE through file upload '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*image.type$/',
),
),
),'rx','#.*(?:php\\d*|phtml)\\.*$#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Attempted RCE through file upload '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110023, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?wml/v1/wml_logs/send_mail/?$#Ds',false,false)) {
$rule->reason = 'Backdoor Upload Exploit Attempt';
if($waf->match_targets(array (
),array (
'files' =>
array (
),
),'rx','#(?i)\\.(ph(p|tml)\\d*|htaccess)$#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Backdoor Upload Exploit Attempt';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110024, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?wml/v1/wml_logs/?$#Ds',false,false)) {
$rule->reason = 'SQL injection in wp-mail-log';
if($waf->match_targets(array (
),array (
'request_body' =>
array (
),
),'rx','#(?i)(\\"key\\"\\s*:\\s*\\"\\w*[^\\w\\"]|\\"operator\\"\\s*:\\s*(?!\\"\\s*(=|!=|LIKE|NOT\\s+LIKE)\\s*\\")|\\"value\\"\\s*:\\s*\\"(?:[^\'\\"]|\\\\\\")*\'|\\"filterRelation\\"\\s*:\\s*(?!\\"\\s*(and|or)\\s*\\")|\\"page(Size|Index)\\"\\s*:\\s*[^\\d])#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'SQL injection in wp-mail-log';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110026, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
'request_filename' =>
array (
),
),'rx','#(?i)(/wp-json/)?wml/v1/wml_logs/send_mail/?$#Ds',false,false)) {
$rule->reason = 'SQL injection in wp-mail-log send_mail';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*id$/',
),
),
),'rx','#[^\\d]#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'SQL injection in wp-mail-log send_mail';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110030, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'rx','#/wpgmza/v1/(markers|features|polygons|polylines|circles|rectangles|pointlabels)#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_headers' =>
array (
'only' =>
array (
0 => 'x-http-method-override',
),
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*.method$/',
),
),
),'streq','get',false,false)) {
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_method' =>
array (
),
),'streq','get',true,false)) {
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110031, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'rx','#/essential-blocks/v1/queries#Ds',false,false)) {
$rule->reason = 'LFI in Essential Blocks';
if($waf->match_targets(array (
),array (
'request_body' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*attributes$/',
),
),
),'rx','#\\\\?\\x22__file\\\\?\\x22#Ds',false,false)) {
$rule->reason = 'LFI in Essential Blocks';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110032, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*sgpb-is-preview$/',
),
),
),'streq','1',false,false)) {
$rule->reason = 'Popup Builder Stored XSS exploit attempt blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'streq','/wp-admin/post.php',true,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Popup Builder Stored XSS exploit attempt blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110033, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'contains','burst-statistics-endpoint.php',false,false)) {
if($waf->match_targets(array (
),array (
'request_body' =>
array (
),
),'rx','#(?i)(\\\\\\"url\\\\\\"\\s*:\\s*\\\\\\"(([^\'\\"]|\\\\\\\\\\")*\')([^\\"]|\\\\\\\\\\")*[^\\\\\\\\]\\\\\\")#Ds',false,true)) {
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110034, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#elementor_ajax#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*actions$/',
),
),
),'rx','#(\\"import_template\\"\\s*:\\s*\\{)#Ds',false,false)) {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*actions$/',
),
),
),'rx','#(\\"filename\\"\\s*:\\s*\\"((?!\\\\\\\\)[^\\"]|\\\\\\")*(\\.ph(p\\d*|tml)[ .]*\\"|\\.\\.\\/))#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110038, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Cookie Information Arbitrary Option Update Exploit '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','wpgdprc_update_integration',false,false)) {
$rule->reason = 'Cookie Information Arbitrary Option Update Exploit '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*data$/',
),
),
),'rx','#(\\"name\\"\\s*:\\s*\\"(?!wpgdprc_[^\\"]+|integrations\\[[^\\"]+)[^\\"]+\\"|\\"[^\\"]*\\\\[^\\"]*\\":)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Cookie Information Arbitrary Option Update Exploit '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99101303, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Malicious file upload blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','wpr_addons_upload_file',false,false)) {
$rule->reason = 'Malicious file upload blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'files' =>
array (
),
),'rx','#\\..*([^a-zA-Z0-9_.]+|\\.$)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Malicious file upload blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110039, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Attempted XSS in events calendar plugin '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','tribe_events_views_v2_fallback',false,false)) {
$rule->reason = 'Attempted XSS in events calendar plugin '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*view$/',
),
),
),'rx','#reflector#Ds',false,false)) {
$rule->reason = 'Attempted XSS in events calendar plugin '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
),
),'rx','#<#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Attempted XSS in events calendar plugin '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110040, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-content/plugins/wp-automatic/inc/csv.*\\.php$#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Automatic < 3.92.1 - Unauthenticated SQL Injection';
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110041, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/#Ds',true,false)) {
$rule->reason = 'Yoast SEO < 22.6 - Reflected Cross Site Scripting';
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => 'page',
),
),
),'rx','#[\\"]#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Yoast SEO < 22.6 - Reflected Cross Site Scripting';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110042, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'rx','#(?i)(/wp-json/)?seopress/v1/posts/#Ds',false,false)) {
$rule->reason = 'SEOPress Auth. Bypass';
if($waf->match_targets(array (
),array (
'request_headers_names' =>
array (
),
),'rx','#(?i)Authorization#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'SEOPress Auth. Bypass';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110043, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/#Ds',true,false)) {
$rule->reason = 'XML Sitemap & Google News <= 5.4.8 - Local File Inclusion';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => 'feed',
),
),
),'rx','#sitemap[^/]*/#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'XML Sitemap & Google News <= 5.4.8 - Local File Inclusion';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110044, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'rx','#(?i)(/wp-json/)?lp/v1/courses/archive-course#Ds',false,false)) {
$rule->reason = 'LearnPress <= 4.2.6.5 - Unauthenticated SQLi';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => 'term_id',
),
),
),'rx','#\\)#Ds',false,false)) {
$rule->reason = 'LearnPress <= 4.2.6.5 - Unauthenticated SQLi';
if($waf->match_targets(array (
),array (
'request_headers_names' =>
array (
),
),'rx','#(?i)X-WP-Nonce#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'LearnPress <= 4.2.6.5 - Unauthenticated SQLi';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110045, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'lowercase',
2 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Email Subscribers by Icegram < 5.7.21 - Unauthenticated SQLi';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => 'action',
),
),
),'streq','es_add_subscriber',false,false)) {
$rule->reason = 'Email Subscribers by Icegram < 5.7.21 - Unauthenticated SQLi';
if($waf->match_targets(array (
0 => 'base64_decode_ext',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*hash$/',
),
),
),'rx','#(?i)(\\"list_ids\\"\\s*:\\s*(\\"[^\\"]*(=|-|SELECT|FROM|\\\\u[0-9a-fA-F]{4})[^\\"]*\\"))#Ds',false,false)) {
$rule->reason = 'Email Subscribers by Icegram < 5.7.21 - Unauthenticated SQLi';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*es$/',
),
),
),'streq','optin',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Email Subscribers by Icegram < 5.7.21 - Unauthenticated SQLi';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110046, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Malicious object injection blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','give_donation_import',false,false)) {
$rule->reason = 'Malicious object injection blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*mapto$/',
),
),
),'rx','#[oOcC]:?\\+?\\d+:\\".+?[\\w\\W]{2}\\+?\\d+..*}#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Malicious object injection blocked '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110047, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/#Ds',true,false)) {
$rule->reason = 'Profile Builder <= 3.11.8 - Privilege Escalation';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','register',false,false)) {
$rule->reason = 'Profile Builder <= 3.11.8 - Privilege Escalation';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*email$/',
),
),
),'rx','#[\\s\\n\\r\\t\\v\\x00]#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Profile Builder <= 3.11.8 - Privilege Escalation';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110048, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'GiveWP <= 3.14.1 - Object Injection';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','give_process_donation',false,false)) {
$rule->reason = 'GiveWP <= 3.14.1 - Object Injection';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*give.title$/',
1 => '/^\\s*give-form-title$/',
),
),
),'rx','#[oOC]\\\\*:\\\\*\\+?\\\\*\\d+\\\\*:\\\\*\\"#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'GiveWP <= 3.14.1 - Object Injection';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110049, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_cookies_names' =>
array (
'only' =>
array (
0 => '/^\\s*litespeed.role$/',
),
'count' => true,
),
),'gt','0',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'LiteSpeed Cache Privilege Escalation';
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110050, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => '/^\\s*wc-ajax$/',
),
),
),'rx','#(tinvwl)#Ds',false,false)) {
$rule->reason = 'TI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQLi';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*lang$/',
),
),
),'rx','#(\\\\)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'TI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQLi';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110053, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'HUSKY < 1.3.6.6 - LFI';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','woof_text_search',false,false)) {
$rule->reason = 'HUSKY < 1.3.6.6 - LFI';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*template$/',
),
),
),'rx','#[^a-z0-9_\\-]#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'HUSKY < 1.3.6.6 - LFI';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110054, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*everest.forms.\\d+.[a-zA-Z0-9]{10}-\\d+$/',
),
),
),'rx','#(?i)(\\.(ph(p\\d?|html|ar)|htaccess)\\")#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Everest Forms < 3.0.9.5 - Arbitrary File Upload';
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110055, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Ultimate Member < 2.10.2 - SQL Injection';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','um_get_members',false,false)) {
$rule->reason = 'Ultimate Member < 2.10.2 - SQL Injection';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*search$/',
),
),
),'rx','#(?i)([$\\|]|user_pass|meta_value)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Ultimate Member < 2.10.2 - SQL Injection';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110056, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*spbc.remote.call.token$/',
),
),
),'rx','#^(d41d8cd98f00b204e9800998ecf8427e|e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855)$#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Cleantalk Spam Protection < 6.45 - Unauthenticated Arbitrary Plugin Install';
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110057, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'Depicter < 3.6.2 - SQL Injection';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#depicter-lead-(list|index)#Ds',false,false)) {
$rule->reason = 'Depicter < 3.6.2 - SQL Injection';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*s$/',
),
),
),'rx','#(?i)SELECT.*FROM#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Depicter < 3.6.2 - SQL Injection';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110058, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*rating_filter$/',
),
),
),'rx','#(?i)^\\s*0*\\.?[1-5].*(user|select)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Tutor LMS < 2.7.7 - Unauthenticated SQL Injection';
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110059, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_names' =>
array (
),
),'rx','#^\\s*s$#Ds',false,false)) {
$rule->reason = 'Relevanssi < 4.24.5 - Unauthenticated SQL Injection';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*cats$/',
1 => '/^\\s*tags$/',
),
),
),'rx','#(?i)select.*from#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Relevanssi < 4.24.5 - Unauthenticated SQL Injection';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110060, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'User-Registration < 4.1.2 - Privilege Escalation';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'rx','#user_registration_membership_register_member#Ds',false,false)) {
$rule->reason = 'User-Registration < 4.1.2 - Privilege Escalation';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*members_data$/',
),
),
),'rx','#(\\"role\\"|\\\\u00[4567])#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'User-Registration < 4.1.2 - Privilege Escalation';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110061, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),$waf->update_targets(array (
'request_cookies' =>
array (
'except' =>
array (
0 => '/__utm/',
),
),
'request_cookies_names' =>
array (
),
'args_names' =>
array (
),
'args' =>
array (
),
), $rule->id, $rule->tags),'rx','#(?i)php://filter(?:/|$)#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'PHP Injection Attack: php://filter stream found Matched Data: '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') .' found within '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') .': '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110062, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'utf8_to_unicode',
1 => 'remove_nulls',
2 => 'cmd_line',
),array (
'request_cookies' =>
array (
'except' =>
array (
0 => '/__utm/',
),
),
'request_cookies_names' =>
array (
),
'args_names' =>
array (
),
'args' =>
array (
),
),'rx','#(?i:phar)://#Ds',false,false)) {
$rule->reason = 'PHP Injection Attack: Wrapper scheme detected Matched Data: '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') .' found within '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110063, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'rx','#(?i)(/wp-json/)?litespeed/v1/cdn_status#Ds',false,false)) {
$rule->reason = 'LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*result\\[.msg\\]$/',
1 => '/^\\s*result\\[nameservers\\]$/',
),
),
),'contains','<',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110064, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'url_decode',
1 => 'normalize_path',
),array (
'request_filename' =>
array (
),
),'rx','#/wp-admin/admin-ajax.php#Ds',false,false)) {
$rule->reason = 'DB Backup <= 6.0 - Missing Authorization';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*action$/',
),
),
),'streq','myAjax',false,false)) {
$rule->reason = 'DB Backup <= 6.0 - Missing Authorization';
if($waf->match_targets(array (
0 => 'url_decode',
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*data$/',
),
),
),'contains','dbbkp_option',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'DB Backup <= 6.0 - Missing Authorization';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110065, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),array (
'args_get' =>
array (
'only' =>
array (
0 => '/^\\s*wpfi-ajax$/',
),
),
),'streq','wp_freeio_ajax_register',false,false)) {
$rule->reason = 'WP FreeIO < 1.2.22 - Privilege Escalation';
if($waf->match_targets(array (
),array (
'args_post' =>
array (
'only' =>
array (
0 => '/^\\s*role$/',
),
),
),'rx','#^(?:wp_freeio_employer|wp_freeio_freelancer)$#Ds',true,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'WP FreeIO < 1.2.22 - Privilege Escalation';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110066, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),$waf->update_targets(array (
'request_cookies' =>
array (
'except' =>
array (
0 => '/__utm/',
),
),
'request_cookies_names' =>
array (
),
'request_headers' =>
array (
),
'args_names' =>
array (
),
'args' =>
array (
),
), $rule->id, $rule->tags),'rx','#(?i)[OC]:\\d+:\\"(?!StdClass).+?\\":\\d+:{.*}#Ds',false,true)) {
$rule->reason = 'PHP Injection Attack: Serialized Object Injection Matched Data: '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') .' found within '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') .': '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110067, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
),$waf->update_targets(array (
'request_uri' =>
array (
),
'request_headers' =>
array (
),
'args' =>
array (
),
), $rule->id, $rule->tags),'validate_byte_range',array (
'min' => 1,
'max' => 255,
'range' =>
array (
0 =>
array (
0 => 1,
1 => 255,
),
),
),false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Invalid character in request (null character) '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') .'='. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 99110069, 'reason' => '', 'tags' => array (
) );
try {
if($waf->match_targets(array (
0 => 'lowercase',
),array (
'request_filename' =>
array (
),
'args' =>
array (
'only' =>
array (
0 => '/^\\s*rest.route$/',
),
),
),'contains','/pbb/v1/popup/logs',false,false)) {
$rule->reason = 'Popup builder < 2.1.4 - Unauthenticated SQL Injection';
if($waf->match_targets(array (
),array (
'args' =>
array (
'only' =>
array (
0 => '/^\\s*id$/',
),
),
),'rx','#[^0-9]#Ds',false,false)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Popup builder < 2.1.4 - Unauthenticated SQL Injection';
return $waf->block('block',$rule->id,$rule->reason,403);
}
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 930110, 'reason' => '', 'tags' => array (
0 => 'application-multi',
1 => 'language-multi',
2 => 'platform-multi',
3 => 'attack-lfi',
4 => 'paranoia-level/1',
5 => 'owasp_crs',
6 => 'capec/1000/255/153/126',
) );
try {
if($waf->match_targets(array (
0 => 'utf8_to_unicode',
1 => 'remove_nulls',
2 => 'cmd_line',
),$waf->update_targets(array (
'request_uri' =>
array (
),
'args' =>
array (
),
'request_headers' =>
array (
'except' =>
array (
0 => 'referer',
),
),
), $rule->id, $rule->tags),'rx','#(?:(?:^|[\\\\\\\\/])\\.\\.[\\\\\\\\/]|[\\\\\\\\/]\\.\\.(?:[\\\\\\\\/]|$))#Ds',false,true)) {
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$waf->inc_var('tx.lfi_score',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Path Traversal Attack (/../) Matched Data: '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') .' found within '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') .': '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 933110, 'reason' => '', 'tags' => array (
0 => 'application-multi',
1 => 'language-php',
2 => 'platform-multi',
3 => 'attack-injection-php',
4 => 'paranoia-level/1',
5 => 'owasp_crs',
6 => 'capec/1000/152/242',
) );
try {
if($waf->match_targets(array (
0 => 'lowercase',
),$waf->update_targets(array (
'files' =>
array (
),
'request_headers' =>
array (
'only' =>
array (
0 => 'x-filename',
1 => 'x_filename',
2 => 'x.filename',
3 => 'x-file-name',
),
),
), $rule->id, $rule->tags),'rx','#.*\\.(?:php\\d*|phtml)\\.*$#Ds',false,true)) {
$waf->inc_var('tx.php_injection_score',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'PHP Injection Attack: PHP Script File Upload Found Matched Data: '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') .' found within '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') .': '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 941240, 'reason' => '', 'tags' => array (
0 => 'application-multi',
1 => 'language-multi',
2 => 'platform-multi',
3 => 'attack-xss',
4 => 'paranoia-level/1',
5 => 'owasp_crs',
6 => 'capec/1000/152/242',
) );
try {
if($waf->match_targets(array (
0 => 'utf8_to_unicode',
1 => 'html_entity_decode',
2 => 'lowercase',
3 => 'remove_nulls',
),array (
'request_cookies' =>
array (
'except' =>
array (
0 => '/__utm/',
),
),
'request_cookies_names' =>
array (
),
'args_names' =>
array (
),
'args' =>
array (
),
),'rx','#<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=#Ds',false,true)) {
$waf->inc_var('tx.xss_score',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'IE XSS Filters - Attack Detected Matched Data: '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') .' found within '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') .': '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}
$rule = (object) array( 'id' => 942160, 'reason' => '', 'tags' => array (
0 => 'application-multi',
1 => 'language-multi',
2 => 'platform-multi',
3 => 'attack-sqli',
4 => 'paranoia-level/1',
5 => 'owasp_crs',
6 => 'capec/1000/152/248/66',
) );
try {
if($waf->match_targets(array (
),$waf->update_targets(array (
'request_basename' =>
array (
),
'request_cookies' =>
array (
'except' =>
array (
0 => '/__utm/',
),
),
'request_cookies_names' =>
array (
),
'args_names' =>
array (
),
'args' =>
array (
),
), $rule->id, $rule->tags),'rx','#(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))#Ds',false,true)) {
$waf->inc_var('tx.sql_injection_score',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$waf->inc_var('tx.anomaly_score_pl1',htmlentities($waf->get_var('tx.critical_anomaly_score'), ENT_QUOTES, 'UTF-8') );
$rule->reason = 'Detects blind sqli tests using sleep() or benchmark() Matched Data: '.htmlentities($waf->get_var('tx.0'), ENT_QUOTES, 'UTF-8') .' found within '. htmlentities($waf->matched_var_name, ENT_QUOTES, 'UTF-8') .': '. htmlentities($waf->matched_var, ENT_QUOTES, 'UTF-8') ;
return $waf->block('block',$rule->id,$rule->reason,403);
}
} catch ( \Throwable $t ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $t );
} catch ( \Exception $e ) {
error_log( 'Rule ' . $rule->id . ' failed: ' . $e );
}