Abrynos/nginx-extras.conf

## nginx-extras.conf
[Definition]

failregex = (?i)^<HOST> -.*] \"SSH-2(\.0)?-Go
            (?i)^<HOST> -.*] \"PRI
            (?i)^<HOST> -.*] \"SSTP_DUPLEX_POST
            (?i)^<HOST> -.*] \"CONNECT
            (?i)^<HOST> -.*] \"[A-Z]+ (/.*)?/cgi-bin/
            (?i)^<HOST> -.*] \"[A-Z]+ (/.*)?/\.git/
            (?i)^<HOST> -.*] \"[A-Z]+ (/.*)?/\.env
            (?i)^<HOST> -.*] \"[A-Z]+ /\.?aws
            (?i)^<HOST> -.*] \"[A-Z]+ /\.local
            (?i)^<HOST> -.*] \"[A-Z]+ /\.remote
            (?i)^<HOST> -.*] \"[A-Z]+ /\.production
            (?i)^<HOST> -.*] \"[A-Z]+ (/.*)?/.DS_Store
            (?i)^<HOST> -.*] \"[A-Z]+ /_ignition/execute-solution
            (?i)^<HOST> -.*] \"[A-Z]+ /console/
            (?i)^<HOST> -.*] \"[A-Z]+ /wp-commenting?\.php
            (?i)^<HOST> -.*] \"[A-Z]+ /wp-login
            (?i)^<HOST> -.*] \"[A-Z]+ /wp-admin
            (?i)^<HOST> -.*] \"[A-Z]+ /wp-content
            (?i)^<HOST> -.*] \"[A-Z]+ /wordpress
            (?i)^<HOST> -.*] \"[A-Z]+ https?://[a-zA-z0-9\.]+/
            (?i)^<HOST> -.*] \"[A-Z]+ /\?XDEBUG_SESSION_START
            (?i)^<HOST> -.*] \"[A-Z]+ /Autodiscover/Autodiscover.xml
            (?i)^<HOST> -.*] \"[A-Z]+ /boaform/admin/formLogin
            (?i)^<HOST> -.*] \"[A-Z]+ /GponForm/diag_Form
            (?i)^<HOST> -.*] \"[A-Z]+ /\?rest_route=
            (?i)^<HOST> -.*] \"[A-Z]+ /solr/admin/info/system
            (?i)^<HOST> -.*] \"[A-Z]+ /ecp/current/exporttool/microsoft.exchange.ediscovery.exporttool.application
            (?i)^<HOST> -.*] \"[A-Z]+ /mifs/.;/services/LogService
            (?i)^<HOST> -.*] \"[A-Z]+ /api/settings/info
            (?i)^<HOST> -.*] \"[A-Z]+ /ctrlt/DeviceUpgrade_1
            (?i)^<HOST> -.*] \"[A-Z]+ /webapi/entry\.cgi?api=SYNO\..+
            (?i)^<HOST> -.*] \"[A-Z]+ /login\.cgi.+wget
            (?i)^<HOST> -.*] \"[A-Z]+ /dnscfg\.cgi
            (?i)^<HOST> -.*] \"[A-Z]+ /devinfo\?area=version
            (?i)^<HOST> -.*] \"[A-Z]+ /autodiscover/autodiscover.json
            (?i)^<HOST> -.*] \"[A-Z]+ /stalker_portal/server/tools/auth_simple.php
            (?i)^<HOST> -.*] \"[A-Z]+ /system_api\.php
            (?i)^<HOST> -.*] \"[A-Z]+ /spywall/timeConfig\.php
            (?i)^<HOST> -.*] \"[A-Z]+ /config/getuser\?index=0
            (?i)^<HOST> -.*] \"[A-Z]+ /streaming/clients_live\.php
            (?i)^<HOST> -.*] \"[A-Z]+ /stream/live\.php
            (?i)^<HOST> -.*] \"[A-Z]+ /.+/AdvSetDns
            (?i)^<HOST> -.*] \"[A-Z]+ /HNAP1/
            (?i)^<HOST> -.* \"python-requests/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"python-urllib/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"l9tcpid/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"xfa1\"$
            (?i)^<HOST> -.* zgrab/v?[0-9\.x]+\"$
            (?i)^<HOST> -.* \"curl/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"Insomania/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"SuperBot
            (?i)^<HOST> -.* \"HTMLParser/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"axios/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"l9explore/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"python-httpx/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"Go-http-client/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"Hello World\"$
            (?i)^<HOST> -.* \"XTC\"$
            (?i)^<HOST> -.* \"Report Runner\"$
            (?i)^<HOST> -.* \"facebookscraper/v?[0-9\.]+.*\"$
            (?i)^<HOST> -.* \"masscan(-ng)?/v?[0-9\.]+\"$
            (?i)^<HOST> -.* \"url\"$
            (?i)^<HOST> -.* \"<title>.+title>\"$
            (?i)^<HOST> -.* \"-\"$
	    (?i)^<HOST> -.* \"req/v?[0-9\.]+( \(https://github.com/imroc/req\))?\"$
            (?i)^<HOST> -.* \"Apache-HttpClient/v?[0-9\.]+ (\(Java/[0-9\.]+\))?\"$
            (?i)^<HOST> -.*abuse\.xmco\.fr
            (?i)^<HOST> -.*Palo ?Alto ?Networks ?company
            (?i)^<HOST> -.*scaninfo@paloaltonetworks.com
            (?i)^<HOST> -.*NetcraftSurveyAgent/v?[0-9\.]+
            (?i)^<HOST> -.*AhrefsBot/v?[0-9\.]+
            (?i)^<HOST> -.*CensysInspect/v?[0-9\.]+
            (?i)^<HOST> -.*InternetMeasurement/v?([0-9\.]+)?
            (?i)^<HOST> -.*wget.http:
            (?i)^<HOST> -.*www\.bing\.com
            (?i)^<HOST> -.*security\.ipip\.net
            (?i)^<HOST> -.*HTTP Banner Detection
            (?i)^<HOST> -.*/shell(/|\?)
            (?i)^<HOST> -.*/bash[/ ]?
            (?i)^<HOST> -.*php-?my-?admin
            (?i)^<HOST> -.*myadmin
            (?i)^<HOST> -.*sqladmin
            (?i)^<HOST> -.*sqlite
            (?i)^<HOST> -.*main.installer.php
            (?i)^<HOST> -.*dup-installer
            (?i)^<HOST> -.*echo.php
            (?i)^<HOST> -.*php.php
            (?i)^<HOST> -.*phpinfo.php
            (?i)^<HOST> -.*info.php
            (?i)^<HOST> -.*TomcatBypass
            (?i)^<HOST> -.*X-Middleton/[0-9\.]+
            ^<HOST> -.*] \"GET /admin/config\.php
            ^<HOST> -.*] \"GET /fuN3
            ^<HOST> -.*] \"GET //pv/(0+|spa112).cfg
            ^<HOST> -.*] \"GET /database/index\.php
            ^<HOST> -.*] \"GET /db/
            ^<HOST> -.*] \"GET /sql/
            ^<HOST> -.*] \"GET /mysql(-admin|manager)?/
            ^<HOST> -.*] \"GET /sql/sqlweb
            ^<HOST> -.*] \"GET /installer\.php
            ^<HOST> -.*] \"GET /config\.json
            ^<HOST> -.*] \"GET /login\.action
            ^<HOST> -.*] \"GET /login\.rsp
            ^<HOST> -.*] \"GET /manager?action=product
            ^<HOST> -.*] \"GET /telescope/requests
            ^<HOST> -.*] \"GET /cdn-cgi/trace
            ^<HOST> -.*] \"GET /manager/(text/list|html)
            ^<HOST> -.*] \"GET /ReportServer
            ^<HOST> -.*] \"GET /server-status
            ^<HOST> -.*] \"GET /Public/home/js/check.js
            ^<HOST> -.*] \"POST /editBlackAndWhiteList
	    ^<HOST> -.*] \"GET (/.+)?/_ignition/health-check/
            ^<HOST> -.*] \"(GET|POST) /credentials HTTP/1.1\"
            ^<HOST> -.*] \"GET (/.+)?/c/version\.js
            ^<HOST> -.*] \"GET /flu/403\.html
	    ^<HOST> -.*] \"GET /_profiler/phpinfo
            ^<HOST> -.*<php>
            ^<HOST> -.*@md5\(HelloThinkCMF
            ^<HOST> -.*invokefunction.*HelloThinkPHP
            ^<HOST> -.*phpunit
            ^<HOST> -.*maven
            ^<HOST> -.*jira-webapp-dist
            ^<HOST> -.*META-INF
            ^<HOST> -.*\"(\\x[a-zA-Z0-9]{2,3})+

ignoreregex = .*sgo-query.*
	[Definition]

	failregex = (?i)^<HOST> -.*] \"SSH-2(\.0)?-Go
	(?i)^<HOST> -.*] \"PRI
	(?i)^<HOST> -.*] \"SSTP_DUPLEX_POST
	(?i)^<HOST> -.*] \"CONNECT
	(?i)^<HOST> -.] \"[A-Z]+ (/.)?/cgi-bin/
	(?i)^<HOST> -.] \"[A-Z]+ (/.)?/\.git/
	(?i)^<HOST> -.] \"[A-Z]+ (/.)?/\.env
	(?i)^<HOST> -.*] \"[A-Z]+ /\.?aws
	(?i)^<HOST> -.*] \"[A-Z]+ /\.local
	(?i)^<HOST> -.*] \"[A-Z]+ /\.remote
	(?i)^<HOST> -.*] \"[A-Z]+ /\.production
	(?i)^<HOST> -.] \"[A-Z]+ (/.)?/.DS_Store
	(?i)^<HOST> -.*] \"[A-Z]+ /_ignition/execute-solution
	(?i)^<HOST> -.*] \"[A-Z]+ /console/
	(?i)^<HOST> -.*] \"[A-Z]+ /wp-commenting?\.php
	(?i)^<HOST> -.*] \"[A-Z]+ /wp-login
	(?i)^<HOST> -.*] \"[A-Z]+ /wp-admin
	(?i)^<HOST> -.*] \"[A-Z]+ /wp-content
	(?i)^<HOST> -.*] \"[A-Z]+ /wordpress
	(?i)^<HOST> -.*] \"[A-Z]+ https?://[a-zA-z0-9\.]+/
	(?i)^<HOST> -.*] \"[A-Z]+ /\?XDEBUG_SESSION_START
	(?i)^<HOST> -.*] \"[A-Z]+ /Autodiscover/Autodiscover.xml
	(?i)^<HOST> -.*] \"[A-Z]+ /boaform/admin/formLogin
	(?i)^<HOST> -.*] \"[A-Z]+ /GponForm/diag_Form
	(?i)^<HOST> -.*] \"[A-Z]+ /\?rest_route=
	(?i)^<HOST> -.*] \"[A-Z]+ /solr/admin/info/system
	(?i)^<HOST> -.*] \"[A-Z]+ /ecp/current/exporttool/microsoft.exchange.ediscovery.exporttool.application
	(?i)^<HOST> -.*] \"[A-Z]+ /mifs/.;/services/LogService
	(?i)^<HOST> -.*] \"[A-Z]+ /api/settings/info
	(?i)^<HOST> -.*] \"[A-Z]+ /ctrlt/DeviceUpgrade_1
	(?i)^<HOST> -.*] \"[A-Z]+ /webapi/entry\.cgi?api=SYNO\..+
	(?i)^<HOST> -.*] \"[A-Z]+ /login\.cgi.+wget
	(?i)^<HOST> -.*] \"[A-Z]+ /dnscfg\.cgi
	(?i)^<HOST> -.*] \"[A-Z]+ /devinfo\?area=version
	(?i)^<HOST> -.*] \"[A-Z]+ /autodiscover/autodiscover.json
	(?i)^<HOST> -.*] \"[A-Z]+ /stalker_portal/server/tools/auth_simple.php
	(?i)^<HOST> -.*] \"[A-Z]+ /system_api\.php
	(?i)^<HOST> -.*] \"[A-Z]+ /spywall/timeConfig\.php
	(?i)^<HOST> -.*] \"[A-Z]+ /config/getuser\?index=0
	(?i)^<HOST> -.*] \"[A-Z]+ /streaming/clients_live\.php
	(?i)^<HOST> -.*] \"[A-Z]+ /stream/live\.php
	(?i)^<HOST> -.*] \"[A-Z]+ /.+/AdvSetDns
	(?i)^<HOST> -.*] \"[A-Z]+ /HNAP1/
	(?i)^<HOST> -.* \"python-requests/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"python-urllib/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"l9tcpid/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"xfa1\"$
	(?i)^<HOST> -.* zgrab/v?[0-9\.x]+\"$
	(?i)^<HOST> -.* \"curl/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"Insomania/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"SuperBot
	(?i)^<HOST> -.* \"HTMLParser/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"axios/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"l9explore/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"python-httpx/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"Go-http-client/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"Hello World\"$
	(?i)^<HOST> -.* \"XTC\"$
	(?i)^<HOST> -.* \"Report Runner\"$
	(?i)^<HOST> -.* \"facebookscraper/v?[0-9\.]+.*\"$
	(?i)^<HOST> -.* \"masscan(-ng)?/v?[0-9\.]+\"$
	(?i)^<HOST> -.* \"url\"$
	(?i)^<HOST> -.* \"<title>.+title>\"$
	(?i)^<HOST> -.* \"-\"$
	(?i)^<HOST> -.* \"req/v?[0-9\.]+( \(https://github.com/imroc/req\))?\"$
	(?i)^<HOST> -.* \"Apache-HttpClient/v?[0-9\.]+ (\(Java/[0-9\.]+\))?\"$
	(?i)^<HOST> -.*abuse\.xmco\.fr
	(?i)^<HOST> -.*Palo ?Alto ?Networks ?company
	(?i)^<HOST> -.*scaninfo@paloaltonetworks.com
	(?i)^<HOST> -.*NetcraftSurveyAgent/v?[0-9\.]+
	(?i)^<HOST> -.*AhrefsBot/v?[0-9\.]+
	(?i)^<HOST> -.*CensysInspect/v?[0-9\.]+
	(?i)^<HOST> -.*InternetMeasurement/v?([0-9\.]+)?
	(?i)^<HOST> -.*wget.http:
	(?i)^<HOST> -.*www\.bing\.com
	(?i)^<HOST> -.*security\.ipip\.net
	(?i)^<HOST> -.*HTTP Banner Detection
	(?i)^<HOST> -.*/shell(/\|\?)
	(?i)^<HOST> -.*/bash[/ ]?
	(?i)^<HOST> -.*php-?my-?admin
	(?i)^<HOST> -.*myadmin
	(?i)^<HOST> -.*sqladmin
	(?i)^<HOST> -.*sqlite
	(?i)^<HOST> -.*main.installer.php
	(?i)^<HOST> -.*dup-installer
	(?i)^<HOST> -.*echo.php
	(?i)^<HOST> -.*php.php
	(?i)^<HOST> -.*phpinfo.php
	(?i)^<HOST> -.*info.php
	(?i)^<HOST> -.*TomcatBypass
	(?i)^<HOST> -.*X-Middleton/[0-9\.]+
	^<HOST> -.*] \"GET /admin/config\.php
	^<HOST> -.*] \"GET /fuN3
	^<HOST> -.*] \"GET //pv/(0+\|spa112).cfg
	^<HOST> -.*] \"GET /database/index\.php
	^<HOST> -.*] \"GET /db/
	^<HOST> -.*] \"GET /sql/
	^<HOST> -.*] \"GET /mysql(-admin\|manager)?/
	^<HOST> -.*] \"GET /sql/sqlweb
	^<HOST> -.*] \"GET /installer\.php
	^<HOST> -.*] \"GET /config\.json
	^<HOST> -.*] \"GET /login\.action
	^<HOST> -.*] \"GET /login\.rsp
	^<HOST> -.*] \"GET /manager?action=product
	^<HOST> -.*] \"GET /telescope/requests
	^<HOST> -.*] \"GET /cdn-cgi/trace
	^<HOST> -.*] \"GET /manager/(text/list\|html)
	^<HOST> -.*] \"GET /ReportServer
	^<HOST> -.*] \"GET /server-status
	^<HOST> -.*] \"GET /Public/home/js/check.js
	^<HOST> -.*] \"POST /editBlackAndWhiteList
	^<HOST> -.*] \"GET (/.+)?/_ignition/health-check/
	^<HOST> -.*] \"(GET\|POST) /credentials HTTP/1.1\"
	^<HOST> -.*] \"GET (/.+)?/c/version\.js
	^<HOST> -.*] \"GET /flu/403\.html
	^<HOST> -.*] \"GET /_profiler/phpinfo
	^<HOST> -.*<php>
	^<HOST> -.*@md5\(HelloThinkCMF
	^<HOST> -.invokefunction.HelloThinkPHP
	^<HOST> -.*phpunit
	^<HOST> -.*maven
	^<HOST> -.*jira-webapp-dist
	^<HOST> -.*META-INF
	^<HOST> -.*\"(\\x[a-zA-Z0-9]{2,3})+

	ignoreregex = .sgo-query.