Fri Jun 28 09:46:00.148760 2024] [:error] [pid 1922543:tid 140006135953152] [client 180.254.137.10:65494] ModSecurity: Warning. Matched "Operator Rx' with parameter ^(?:(?:\|[^!\\"\\(\\),/:-\\?\\[-\\]\\{\\}]+)/(?:\|[^!\\"\\(\\),/:-\\?\\[-\\]\\{\\}]+)|\)(?:[\s\x0b];[\s\x0b](?:charset[\s\x0b]=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c (760 characters omitted)' against variable REQUEST_HEADERS:Accept' (Value: text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8' ) [file "/etc/apache2/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1243"] [id "920600"] [rev ""] [msg "Illegal Accept header: charset parameter"] [data "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8"] [severity "2"] [ver "OWASP_CRS/4.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [hostname "example.com"] [uri "/abc"] [unique_id "171953916082.506705"] [ref "v90,57t:lowercase"]
[17195447525.996344] [] [4] Initializing transaction
[17195447525.996344] [] [4] Transaction context created.
[17195447525.996344] [] [4] Starting phase CONNECTION. (SecRules 0)
[17195447525.996344] [] [9] This phase consists of 29 rule(s).
[17195447525.996344] [] [4] Starting phase URI. (SecRules 0 + 1/2)
[17195447525.996344] . [4] Starting phase REQUEST_HEADERS. (SecRules 1)
[17195447525.996344] . [9] This phase consists of 238 rule(s).
[17195447525.996344] . [4] (Rule: 200000) Executing operator "Rx" with param "^(?:application(?:/soap+|/)|text/)xml" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 200001) Executing operator "Rx" with param "^application/json" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 900100) Executing unconditional rule...
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:critical_anomaly_score with value: 7
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:error_anomaly_score with value: 4
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:warning_anomaly_score with value: 3
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:notice_anomaly_score with value: 2
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 900990) Executing unconditional rule...
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:crs_setup_version with value: 430
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901001) Executing operator "Eq" with param "0" against TX:crs_setup_version.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:crs_setup_version)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 901100) Executing operator "Eq" with param "0" against TX:inbound_anomaly_score_threshold.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:inbound_anomaly_score_threshold)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:inbound_anomaly_score_threshold with value: 5
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901110) Executing operator "Eq" with param "0" against TX:outbound_anomaly_score_threshold.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:outbound_anomaly_score_threshold)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:outbound_anomaly_score_threshold with value: 4
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901111) Executing operator "Eq" with param "0" against TX:reporting_level.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:reporting_level)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:reporting_level with value: 4
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901115) Executing operator "Eq" with param "0" against TX:early_blocking.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:early_blocking)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:early_blocking with value: 0
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901120) Executing operator "Eq" with param "0" against TX:blocking_paranoia_level.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:blocking_paranoia_level)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_paranoia_level with value: 1
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901125) Executing operator "Eq" with param "0" against TX:detection_paranoia_level.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:detection_paranoia_level)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_paranoia_level with value: 1
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901130) Executing operator "Eq" with param "0" against TX:sampling_percentage.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:sampling_percentage)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:sampling_percentage with value: 100
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901140) Executing operator "Eq" with param "0" against TX:critical_anomaly_score.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:critical_anomaly_score)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 901141) Executing operator "Eq" with param "0" against TX:error_anomaly_score.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:error_anomaly_score)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 901142) Executing operator "Eq" with param "0" against TX:warning_anomaly_score.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:warning_anomaly_score)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 901143) Executing operator "Eq" with param "0" against TX:notice_anomaly_score.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:notice_anomaly_score)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 901160) Executing operator "Eq" with param "0" against TX:allowed_methods.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:allowed_methods)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:allowed_methods with value: GET HEAD POST OPTIONS
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901162) Executing operator "Eq" with param "0" against TX:allowed_request_content_type.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:allowed_request_content_type)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:allowed_request_content_type with value: |application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901168) Executing operator "Eq" with param "0" against TX:allowed_request_content_type_charset.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:allowed_request_content_type_charset)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:allowed_request_content_type_charset with value: |utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901163) Executing operator "Eq" with param "0" against TX:allowed_http_versions.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:allowed_http_versions)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:allowed_http_versions with value: HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901164) Executing operator "Eq" with param "0" against TX:restricted_extensions.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:restricted_extensions)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:restricted_extensions with value: .asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901165) Executing operator "Eq" with param "0" against TX:restricted_headers_basic.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:restricted_headers_basic)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:restricted_headers_basic with value: /content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901171) Executing operator "Eq" with param "0" against TX:restricted_headers_extended.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:restricted_headers_extended)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:restricted_headers_extended with value: /accept-charset/
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901167) Executing operator "Eq" with param "0" against TX:enforce_bodyproc_urlencoded.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:enforce_bodyproc_urlencoded)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:enforce_bodyproc_urlencoded with value: 0
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901169) Executing operator "Eq" with param "0" against TX:crs_validate_utf8_encoding.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:crs_validate_utf8_encoding)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:crs_validate_utf8_encoding with value: 0
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901200) Executing unconditional rule...
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_inbound_anomaly_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_inbound_anomaly_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:inbound_anomaly_score_pl1 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:inbound_anomaly_score_pl2 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:inbound_anomaly_score_pl3 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:inbound_anomaly_score_pl4 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:sql_injection_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:xss_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:rfi_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:lfi_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:rce_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:php_injection_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:http_violation_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:session_fixation_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_outbound_anomaly_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_outbound_anomaly_score with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:outbound_anomaly_score_pl1 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:outbound_anomaly_score_pl2 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:outbound_anomaly_score_pl3 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:outbound_anomaly_score_pl4 with value: 0
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:anomaly_score with value: 0
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901320) Executing operator "Eq" with param "1" against TX:ENABLE_DEFAULT_COLLECTIONS.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 901340) Executing operator "Rx" with param "(?:URLENCODED|MULTIPART|XML|JSON)" against REQBODY_PROCESSOR.
[17195447525.996344] . [9] Target value: "" (Variable: REQBODY_PROCESSOR)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Saving msg: Enabling body inspection
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: noauditlog
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 901350) Executing operator "Eq" with param "1" against TX:enforce_bodyproc_urlencoded.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "0"
[17195447525.996344] . [9] Target value: "0" (Variable: TX:enforce_bodyproc_urlencoded)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 901400) Executing operator "Eq" with param "100" against TX:sampling_percentage.
[17195447525.996344] . [9] Target value: "100" (Variable: TX:sampling_percentage)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-SAMPLING
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '901410' due to a SecMarker: END-SAMPLING
[17195447525.996344] . [9] Skipped rule id '901450' due to a SecMarker: END-SAMPLING
[17195447525.996344] . [4] (Rule: 901500) Executing operator "Lt" with param "1" Was: "" against TX:detection_paranoia_level.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:detection_paranoia_level)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 905100) Executing operator "StrEq" with param "GET /" against REQUEST_LINE.
[17195447525.996344] . [9] Target value: "GET /noble-ojs-3-theme HTTP/1.1" (Variable: REQUEST_LINE)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 905110) Executing operator "IpMatch" with param "127.0.0.1,::1" against REMOTE_ADDR.
[17195447525.996344] . [9] Target value: "180.254.137.10" (Variable: REMOTE_ADDR)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 911011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 911100) Executing operator "Within" with param "GET HEAD POST OPTIONS" Was: "" against REQUEST_METHOD.
[17195447525.996344] . [9] Target value: "GET" (Variable: REQUEST_METHOD)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 911013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '911015' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '911017' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[17195447525.996344] . [4] (Rule: 913011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 913100) Executing operator "PmFromFile" with param "scanners-user-agents.data" against REQUEST_HEADERS:User-Agent.
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 913013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '913015' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[17195447525.996344] . [9] Skipped rule id '913017' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[17195447525.996344] . [4] (Rule: 920011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920100) Executing operator "Rx" with param "(?i)^(?:get /[^#\?](?:?[^\s\x0b#])?(?:#[^\s\x0b])?|(?:connect (?:(?:[0-9]{1,3}.){3}[0-9]{1,3}.?(?::[0-9]+)?|[--9A-Z_a-z]+:[0-9]+)|options *|[a-z]{3,10}[\s\x0b]+(?:[0-9A-Z_a-z]{3,7}?://[--9A-Z_a-z](?::[0-9]+)?)?/[^#\?](?:?[^\s\x0b#])?(?:#[^\s\x0b])?)[\s\x0b]+[.-9A-Z_a-z]+)$" against REQUEST_LINE.
[17195447525.996344] . [9] Target value: "GET /noble-ojs-3-theme HTTP/1.1" (Variable: REQUEST_LINE)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920160) Executing operator "Rx" with param "^\d+$" against REQUEST_HEADERS:Content-Length.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920170) Executing operator "Rx" with param "^(?:GET|HEAD)$" against REQUEST_METHOD.
[17195447525.996344] . [9] Target value: "GET" (Variable: REQUEST_METHOD)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Executing chained rule.
[17195447525.996344] . [4] (Rule: 0) Executing operator "Rx" with param "^0?$" against REQUEST_HEADERS:Content-Length.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920171) Executing operator "Rx" with param "^(?:GET|HEAD)$" against REQUEST_METHOD.
[17195447525.996344] . [9] Target value: "GET" (Variable: REQUEST_METHOD)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Executing chained rule.
[17195447525.996344] . [4] (Rule: 0) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Transfer-Encoding.
[17195447525.996344] . [9] Target value: "0" (Variable: REQUEST_HEADERS:Transfer-Encoding)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920180) Executing operator "Within" with param "HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" against REQUEST_PROTOCOL.
[17195447525.996344] . [9] Target value: "HTTP/1.1" (Variable: REQUEST_PROTOCOL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Executing chained rule.
[17195447525.996344] . [4] (Rule: 0) Executing operator "StrEq" with param "POST" against REQUEST_METHOD.
[17195447525.996344] . [9] Target value: "GET" (Variable: REQUEST_METHOD)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920181) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Transfer-Encoding.
[17195447525.996344] . [9] Target value: "0" (Variable: REQUEST_HEADERS:Transfer-Encoding)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920190) Executing operator "Rx" with param "(\d+)-(\d+)" against REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920210) Executing operator "Rx" with param "\b(?:keep-alive|close),\s?(?:keep-alive|close)\b" against REQUEST_HEADERS:Connection.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920220) Executing operator "Rx" with param "\x25" against REQUEST_URI_RAW.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI_RAW)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920221) Executing operator "Rx" with param "^.%..[^\s\x0b\.]+$" against REQUEST_BASENAME.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "noble-ojs-3-theme" (Variable: REQUEST_BASENAME)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Executing chained rule.
[17195447525.996344] . [4] (Rule: 0) Executing operator "ValidateUrlEncoding against TX:0.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920280) Executing operator "Eq" with param "0" against REQUEST_HEADERS:Host.
[17195447525.996344] . [9] Target value: "1" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920290) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Host.
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920310) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920311) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:Accept.
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920330) Executing operator "Rx" with param "^$" against REQUEST_HEADERS:User-Agent.
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920340) Executing operator "Rx" with param "^0$" against REQUEST_HEADERS:Content-Length.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920350) Executing operator "Rx" with param "(?:^([\d.]+|[[\da-f:]+]|[\da-f:]+)(:[\d]+)?$)" against REQUEST_HEADERS:Host.
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920400) Executing operator "Eq" with param "1" against TX:MAX_FILE_SIZE.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:MAX_FILE_SIZE)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920470) Executing operator "Rx" with param "^[\w/.+-]+(?:\s?;\s?(?:action|boundary|charset|component|start(?:-info)?|type|version)\s?=\s?['"\w.()+,/:=?<>@#-]+)$" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920420) Executing operator "Rx" with param "^[^;\s]+" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920480) Executing operator "Rx" with param "charset\s*=\s*["']?([^;\"'\s]+)" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920530) Executing operator "Rx" with param "charset.?charset" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920430) Executing operator "Within" with param "HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" Was: "" against REQUEST_PROTOCOL.
[17195447525.996344] . [9] Target value: "HTTP/1.1" (Variable: REQUEST_PROTOCOL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920440) Executing operator "Rx" with param ".([^.]+)$" against REQUEST_BASENAME.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "noble-ojs-3-theme" (Variable: REQUEST_BASENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920500) Executing operator "Rx" with param ".[^.~]+~(?:/.|)$" against REQUEST_FILENAME.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920450) Executing operator "Rx" with param "^.$" against REQUEST_HEADERS_NAMES.
[17195447525.996344] . [9] T (0) t:lowercase: "host"
[17195447525.996344] . [9] Target value: "host" (Variable: REQUEST_HEADERS_NAMES:Host)
[17195447525.996344] . [7] Added regex subexpression TX.0: host
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:header_name_920450_host with value: /host/
[17195447525.996344] . [9] T (0) t:lowercase: "user-agent"
[17195447525.996344] . [9] Target value: "user-agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
[17195447525.996344] . [7] Added regex subexpression TX.0: user-agent
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:header_name_920450_user-agent with value: /user-agent/
[17195447525.996344] . [9] T (0) t:lowercase: "accept"
[17195447525.996344] . [9] Target value: "accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
[17195447525.996344] . [7] Added regex subexpression TX.0: accept
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:header_name_920450_accept with value: /accept/
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Executing chained rule.
[17195447525.996344] . [4] (Rule: 0) Executing operator "Within" with param "/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/" Was: "" against TX:regex(^header_name_920450_).
[17195447525.996344] . [9] Target value: "/host/" (Variable: TX:header_name_920450_host)
[17195447525.996344] . [9] Target value: "/user-agent/" (Variable: TX:header_name_920450_user-agent)
[17195447525.996344] . [9] Target value: "/accept/" (Variable: TX:header_name_920450_accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920520) Executing operator "Gt" with param "100" against REQUEST_HEADERS:Accept-Encoding.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920600) Executing operator "Rx" with param "^(?:(?:*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:*|[^!\"\(\),/:-\?\[-\]\{\}]+)|*)(?:[\s\x0b];[\s\x0b](?:charset[\s\x0b]=[\s\x0b]"?(?:iso-8859-15?|utf-8|windows-1252)\b"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}][\s\x0b]=[\s\x0b][^!\(\),/:-\?\[-\]\{\}]+);?)(?:[\s\x0b],[\s\x0b](?:(?:*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:*|[^!\"\(\),/:-\?\[-\]\{\}]+)|*)(?:[\s\x0b];[\s\x0b](?:charset[\s\x0b]=[\s\x0b]"?(?:iso-8859-15?|utf-8|windows-1252)\b"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}][\s\x0b]=[\s\x0b][^!\(\),/:-\?\[-\]\{\}]+);?))$" against REQUEST_HEADERS:Accept.
[17195447525.996344] . [9] T (0) t:lowercase: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:inbound_anomaly_score_pl1 with value: 7
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: application-multi
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: language-multi
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: platform-multi
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: attack-protocol
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: paranoia-level/1
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] This rule severity is: 2 current transaction is: 255
[17195447525.996344] . [9] Saving msg: Illegal Accept header: charset parameter
[17195447525.996344] . [4] Running (disruptive) action: block.
[17195447525.996344] . [8] Marking request as disruptive.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 920610) Executing operator "Contains" with param "#" against REQUEST_URI_RAW.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI_RAW)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920620) Executing operator "Gt" with param "1" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [9] Target value: "0" (Variable: REQUEST_HEADERS:Content-Type)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '920200' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920201' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920320' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920341' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920451' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920015' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920300' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920490' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920510' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920521' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920017' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920202' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920274' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920275' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [4] (Rule: 921011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921140) Executing operator "Rx" with param "[\n\r]" against REQUEST_HEADERS_NAMES|REQUEST_HEADERS.
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "Host"
[17195447525.996344] . [9] Target value: "Host" (Variable: REQUEST_HEADERS_NAMES:Host)
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "User-Agent"
[17195447525.996344] . [9] Target value: "User-Agent" (Variable: REQUEST_HEADERS_NAMES:User-Agent)
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "Accept"
[17195447525.996344] . [9] Target value: "Accept" (Variable: REQUEST_HEADERS_NAMES:Accept)
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "openjournaltheme.com"
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0"
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921160) Executing operator "Rx" with param "[\n\r]+(?:\s|location|refresh|(?:set-)?cookie|(?:x-)?(?:forwarded-(?:for|host|server)|host|via|remote-ip|remote-addr|originating-IP))\s*:" against ARGS_GET_NAMES|ARGS_GET.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921190) Executing operator "Rx" with param "[\n\r]" against REQUEST_FILENAME.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921421) Executing operator "Rx" with param "^[^\s\x0b,;]+[\s\x0b,;].?(?:application/(?:.++)?json|(?:application/(?:soap+)?|text/)xml)" against REQUEST_HEADERS:Content-Type.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921240) Executing operator "Rx" with param "unix:[^|]|" against REQUEST_URI.
[17195447525.996344] . [9] T (0) t:urlDecode: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:lowercase: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '921151' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921422' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921015' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921230' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921017' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [4] (Rule: 930011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 930130) Executing operator "PmFromFile" with param "restricted-files.data" against REQUEST_FILENAME.
[17195447525.996344] . [9] T (0) t:utf8toUnicode: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:normalizePathWin: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 930013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '930121' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[17195447525.996344] . [9] Skipped rule id '930015' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[17195447525.996344] . [9] Skipped rule id '930017' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[17195447525.996344] . [4] (Rule: 931011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 931013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '931131' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [9] Skipped rule id '931015' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [9] Skipped rule id '931017' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [4] (Rule: 932011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 932170) Executing operator "Rx" with param "^(\s*)\s+{" against REQUEST_HEADERS|REQUEST_LINE.
[17195447525.996344] . [9] T (0) t:urlDecode: "openjournaltheme.com"
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:urlDecode: "curl/8.6.0"
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:urlDecode: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [9] T (0) t:urlDecode: "GET /noble-ojs-3-theme HTTP/1.1"
[17195447525.996344] . [9] Target value: "GET /noble-ojs-3-theme HTTP/1.1" (Variable: REQUEST_LINE)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 932013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '932131' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [9] Skipped rule id '932205' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [9] Skipped rule id '932206' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [9] Skipped rule id '932239' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [9] Skipped rule id '932161' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [9] Skipped rule id '932015' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [9] Skipped rule id '932237' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [9] Skipped rule id '932017' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE
[17195447525.996344] . [4] (Rule: 933011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 933013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '933015' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[17195447525.996344] . [9] Skipped rule id '933017' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP
[17195447525.996344] . [4] (Rule: 934011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 934013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-934-APPLICATION-ATTACK-GENERIC
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '934015' due to a SecMarker: END-REQUEST-934-APPLICATION-ATTACK-GENERIC
[17195447525.996344] . [9] Skipped rule id '934017' due to a SecMarker: END-REQUEST-934-APPLICATION-ATTACK-GENERIC
[17195447525.996344] . [4] (Rule: 941011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941010) Executing operator "ValidateByteRange" with param "20, 45-47, 48-57, 65-90, 95, 97-122" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 941013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '941101' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[17195447525.996344] . [9] Skipped rule id '941015' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[17195447525.996344] . [9] Skipped rule id '941017' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS
[17195447525.996344] . [4] (Rule: 942011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 942013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '942101' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942152' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942321' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942015' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942420' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942017' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942421' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [4] (Rule: 943011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 943013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '943015' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[17195447525.996344] . [9] Skipped rule id '943017' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[17195447525.996344] . [4] (Rule: 944011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '944015' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944017' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [4] (Rule: 949052) Executing operator "Ge" with param "1" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_inbound_anomaly_score with value: 7
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 949152) Executing operator "Ge" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_inbound_anomaly_score with value: 7
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 949053) Executing operator "Ge" with param "2" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949153) Executing operator "Ge" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949054) Executing operator "Ge" with param "3" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949154) Executing operator "Ge" with param "3" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949055) Executing operator "Ge" with param "4" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949155) Executing operator "Ge" with param "4" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949111) Executing operator "Ge" with param "5" Was: "" against TX:BLOCKING_INBOUND_ANOMALY_SCORE.
[17195447525.996344] . [9] Target value: "7" (Variable: TX:BLOCKING_INBOUND_ANOMALY_SCORE)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Executing chained rule.
[17195447525.996344] . [4] (Rule: 0) Executing operator "Eq" with param "1" against TX:EARLY_BLOCKING.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:EARLY_BLOCKING)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-949-BLOCKING-EVALUATION
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '949015' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[17195447525.996344] . [9] Skipped rule id '949017' due to a SecMarker: END-REQUEST-949-BLOCKING-EVALUATION
[17195447525.996344] . [4] (Rule: 980011) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 980013) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-RESPONSE-980-CORRELATION
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '980015' due to a SecMarker: END-RESPONSE-980-CORRELATION
[17195447525.996344] . [9] Skipped rule id '980017' due to a SecMarker: END-RESPONSE-980-CORRELATION
[17195447525.996344] . [4] (Rule: 94000000) Executing operator "Rx" with param "wordpress_logged_in_[a-fA-F0-9]{32}" against REQUEST_HEADERS:Cookie.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400005) Executing operator "StrEq" with param "/wp-admin/admin-ajax.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 94000001) Executing operator "Rx" with param "^/(.)$" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 94000002) Executing operator "StrEq" with param "g-recaptcha-response" against ARGS_NAMES.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 94000003) Executing operator "Rx" with param ".(js|css|xml|txt)$" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 94000004) Executing operator "Rx" with param ".(jpg|jpeg|png|gif|bmp|svg|webp|ico|tiff)$" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 94000005) Executing operator "Rx" with param ".(woff|woff2|ttf|otf|eot)$" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 94000006) Executing operator "Rx" with param ".(pdf|doc|docx|xls|xlsx|ppt|pptx)$" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 94000007) Executing operator "Rx" with param ".(mp4|webm|ogg|mp3|wav)$" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400000) Executing operator "StrEq" with param "/" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400001) Executing operator "Rx" with param "^/wp-json/wp/v2/posts/([^/]+)/autosaves/(.)$" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400002) Executing operator "Rx" with param "^/wp-json/wpml/tm/v1/ate/jobs/retry/(.)$" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400003) Executing operator "StrEq" with param "/wp-json/wpml/tm/v1/ate/jobs/retry" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400004) Executing operator "Rx" with param "^/wp-json/amp/v1/validate-post-url/(.)$" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400007) Executing operator "Rx" with param "^.?/wp-json/wp/v2/docs(/.)?$" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400008) Executing operator "Rx" with param "^/wp-admin/nav-menus.php" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400009) Executing operator "StrEq" with param "/wp-admin/admin-ajax.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400010) Executing operator "Contains" with param "/wp-admin" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400011) Executing operator "StrEq" with param "/wp-login.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400013) Executing operator "StrEq" with param "/wp-admin/options-general.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400014) Executing operator "StrEq" with param "/wp-admin/user-edit.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400015) Executing operator "Rx" with param "./openidcallback/google(.)$" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400016) Executing operator "StrEq" with param "/wp-admin/async-upload.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400017) Executing operator "StrEq" with param "/wp-json/openjournalvalidation/v2/product/save" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400018) Executing operator "Rx" with param "/wp-json/wp/v2/posts/[a-zA-Z0-9]+(/autosaves)?" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400019) Executing operator "StrEq" with param "/wp-admin/options.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400020) Executing operator "StrEq" with param "/wp-admin/profile.php" against REQUEST_FILENAME.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400021) Executing operator "StrEq" with param "/index.php/wp-json/openjournalvalidation/v3/license/validate" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400025) Executing operator "Rx" with param "./OpenJournalValidation/validate.php" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400026) Executing operator "Rx" with param "^/wp-content/plugins/OpenJournalValidation/validate.php$" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400028) Executing operator "Rx" with param "./wp-content/(cache|uploads|themes|plugins|js)(.)$" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400031) Executing operator "StrEq" with param "/xmlrpc.php" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400032) Executing operator "Rx" with param "./(subscribe-email-submission|wp-comments-post).php" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400034) Executing operator "BeginsWith" with param "/noble-ojs-3-theme" against REQUEST_URI.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: ctl
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 9400060) Executing operator "PmFromFile" with param "files_blocked.data" against REQUEST_FILENAME.
[17195447525.996344] . [9] T (0) t:utf8toUnicode: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:normalizePathWin: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 9400061) Executing operator "IpMatchFromFile" with param "ips_blocked.data" against REMOTE_ADDR.
[17195447525.996344] . [9] Target value: "180.254.137.10" (Variable: REMOTE_ADDR)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] Starting phase REQUEST_BODY. (SecRules 2)
[17195447525.996344] . [9] This phase consists of 313 rule(s).
[17195447525.996344] . [4] (Rule: 200007) Executing operator "Ge" with param "2000" against ARGS.
[17195447525.996344] . [9] Target value: "0" (Variable: ARGS)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 200002) Executing operator "Eq" with param "0" against REQBODY_ERROR.
[17195447525.996344] . [9] Target value: "0" (Variable: REQBODY_ERROR)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 200003) Executing operator "Eq" with param "0" against MULTIPART_STRICT_ERROR.
[17195447525.996344] . [9] Target value: "" (Variable: MULTIPART_STRICT_ERROR)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 200004) Executing operator "Eq" with param "1" against MULTIPART_UNMATCHED_BOUNDARY.
[17195447525.996344] . [9] Target value: "" (Variable: MULTIPART_UNMATCHED_BOUNDARY)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 200005) Executing operator "StrEq" with param "0" against TX:regex(^MSC_).
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 911012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 911014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-911-METHOD-ENFORCEMENT
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '911016' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '911018' due to a SecMarker: END-REQUEST-911-METHOD-ENFORCEMENT
[17195447525.996344] . [4] (Rule: 913012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 913014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-913-SCANNER-DETECTION
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '913016' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[17195447525.996344] . [9] Skipped rule id '913018' due to a SecMarker: END-REQUEST-913-SCANNER-DETECTION
[17195447525.996344] . [4] (Rule: 920012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920120) Executing operator "Rx" with param "(?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^\"';=])$" against FILES|FILES_NAMES.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920250) Executing operator "Eq" with param "1" against TX:CRS_VALIDATE_UTF8_ENCODING.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:CRS_VALIDATE_UTF8_ENCODING)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920260) Executing operator "Rx" with param "(?i)%uff[0-9a-f]{2}" against REQUEST_URI|REQUEST_BODY.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [9] Target value: "" (Variable: REQUEST_BODY)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920270) Executing operator "ValidateByteRange" with param "1-255" against REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "openjournaltheme.com"
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0"
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920380) Executing operator "Eq" with param "1" against TX:MAX_NUM_ARGS.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:MAX_NUM_ARGS)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920360) Executing operator "Eq" with param "1" against TX:ARG_NAME_LENGTH.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:ARG_NAME_LENGTH)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920370) Executing operator "Eq" with param "1" against TX:ARG_LENGTH.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:ARG_LENGTH)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920390) Executing operator "Eq" with param "1" against TX:TOTAL_ARG_LENGTH.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:TOTAL_ARG_LENGTH)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920410) Executing operator "Eq" with param "1" against TX:COMBINED_FILE_SIZES.
[17195447525.996344] . [9] Target value: "0" (Variable: TX:COMBINED_FILE_SIZES)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920540) Executing operator "StrEq" with param "JSON" against REQBODY_PROCESSOR.
[17195447525.996344] . [9] Target value: "" (Variable: REQBODY_PROCESSOR)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Executing chained rule.
[17195447525.996344] . [4] (Rule: 0) Executing operator "Rx" with param "(?i)\x5cu[0-9a-f]{4}" against REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 920014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '920230' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920271' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920121' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920240' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920016' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920272' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920018' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920273' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [9] Skipped rule id '920460' due to a SecMarker: END-REQUEST-920-PROTOCOL-ENFORCEMENT
[17195447525.996344] . [4] (Rule: 921012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921110) Executing operator "Rx" with param "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\s+[^\s]+\s+http/\d" against ARGS_NAMES|ARGS|REQUEST_BODY|XML:/.
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: ""
[17195447525.996344] . [9] T (0) t:lowercase: ""
[17195447525.996344] . [9] Target value: "" (Variable: REQUEST_BODY)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921120) Executing operator "Rx" with param "[\r\n]\W*?(?:content-(?:type|length)|set-cookie|location):\s*\w" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921130) Executing operator "Rx" with param "(?:\bhttp/\d|<(?:html|meta)\b)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921150) Executing operator "Rx" with param "[\n\r]" against ARGS_NAMES.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921200) Executing operator "Rx" with param "^[^:\(\)\&\|\!\<\>\~])\s(?:((?:[^,\(\)\=\&\|\!\<\>\~]+[><]?=|\s*[&!|]\s*(?:)|()?\s*)|)\s*(\s*[&|!]\s*|[&!|]\s*([^\(\)\=\&\|\!\<\>\~]+[><]?=[^:\(\)\&\|\!\<\>\~])" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 921014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '921016' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921170' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921180' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921210' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921018' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [9] Skipped rule id '921220' due to a SecMarker: END-REQUEST-921-PROTOCOL-ATTACK
[17195447525.996344] . [4] (Rule: 922100) Executing operator "Eq" with param "0" against MULTIPART_PART_HEADERS:charset.
[17195447525.996344] . [9] Target value: "0" (Variable: MULTIPART_PART_HEADERS:charset)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 922110) Executing operator "Rx" with param "^content-type\s*:\s*(.)$" against MULTIPART_PART_HEADERS.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 922120) Executing operator "Rx" with param "content-transfer-encoding:(.)" against MULTIPART_PART_HEADERS.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 930012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 930100) Executing operator "Rx" with param "(?i)(?:[/\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:.(?:%0[01]|?)?|?.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))" against REQUEST_URI_RAW|ARGS|REQUEST_HEADERS|FILES|XML:/.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI_RAW)
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 930110) Executing operator "Rx" with param "(?:(?:^|[\x5c/;]).{2,3}[\x5c/;]|[\x5c/;].{2,3}(?:[\x5c/;]|$))" against REQUEST_URI|ARGS|REQUEST_HEADERS|FILES|XML:/.
[17195447525.996344] . [9] T (0) t:utf8toUnicode: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:removeNulls: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:cmdLine: "/noble-ojs-3-theme"
[17195447525.996344] . [9] multiMatch is enabled. 1 values to be tested.
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_URI)
[17195447525.996344] . [9] T (0) t:utf8toUnicode: "openjournaltheme.com"
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "openjournaltheme.com"
[17195447525.996344] . [9] T (0) t:removeNulls: "openjournaltheme.com"
[17195447525.996344] . [9] T (0) t:cmdLine: "openjournaltheme.com"
[17195447525.996344] . [9] multiMatch is enabled. 1 values to be tested.
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0"
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0"
[17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0"
[17195447525.996344] . [9] T (0) t:cmdLine: "curl/8.6.0"
[17195447525.996344] . [9] multiMatch is enabled. 1 values to be tested.
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:utf8toUnicode: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] T (1) t:urlDecodeUni: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] T (1) t:removeNulls: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] T (2) t:cmdLine: "text/htmlapplication/xhtml xmlapplication/xml q=0.9/q=0.8"
[17195447525.996344] . [9] multiMatch is enabled. 3 values to be tested.
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml xmlapplication/xml q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 930120) Executing operator "PmFromFile" with param "lfi-os-files.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 930014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-930-APPLICATION-ATTACK-LFI
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '930016' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[17195447525.996344] . [9] Skipped rule id '930018' due to a SecMarker: END-REQUEST-930-APPLICATION-ATTACK-LFI
[17195447525.996344] . [4] (Rule: 931012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [9] Rule id: 931100 was skipped due to a ruleRemoveById action...
[17195447525.996344] . [4] (Rule: 931110) Executing operator "Rx" with param "(?i)(?:\binclude\s([^)]|mosConfig_absolute_path|_CONF[path]|_SERVER[DOCUMENT_ROOT]|GALLERY_BASEDIR|path[docroot]|appserv_root|config[root_dir])=(?:file|ftps?|https?)://" against QUERY_STRING|REQUEST_BODY.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: ""
[17195447525.996344] . [9] Target value: "" (Variable: QUERY_STRING)
[17195447525.996344] . [9] T (0) t:urlDecodeUni: ""
[17195447525.996344] . [9] Target value: "" (Variable: REQUEST_BODY)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 931120) Executing operator "Rx" with param "^(?i:file|ftps?|https?).??+$" against ARGS.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 931014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '931130' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [9] Skipped rule id '931016' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [9] Skipped rule id '931018' due to a SecMarker: END-REQUEST-931-APPLICATION-ATTACK-RFI
[17195447525.996344] . [4] (Rule: 932012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 932230) Executing operator "Rx" with param "(?i)(?:b["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?u["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?s["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?y["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?b["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?x|c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?m["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?m["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?n["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?d|e["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?(?:n["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?v|v["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?l)|[ls]["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?t["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?r["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?e|n["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?h["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?u["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?p|t["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?i["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?m["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?e(?:["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?u["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?t)?|w["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?t["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@a-{])?\x5c?h|[\n\r;=\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[arx])?|(?:(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|x)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ckz][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)|f[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dg]|g[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[&,<>\|]|(?:[\-\.0-9A-Z_a-z][\"'\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\*\-0-9\?@_a-\{]*)?\x5c?)+[\s\x0b&,<>\|]).*|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?g)|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:s|z[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:4|[\s\x0b&\),<>\|].*))|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z)|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*)?|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|(?:e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|(?:s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n)|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?3[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932235) Executing operator "Rx" with param "(?i)(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;={]|||?|&&?|$(?:((?|{)|<(?:(|<<)|>(|([\s\x0b]))[\s\x0b](?:[${]|(?:[\s\x0b](|!)[\s\x0b]|[0-9A-Z_a-z]+=(?:[^\s\x0b]|$(?:.|.)|[<>].|'.'|".")[\s\x0b]+)[\s\x0b]["'](?:["'-+--9?A-]a-z|]+/)?["'\x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[\s\x0b&)<>|]|a(?:dd(?:group|user)|getty|(?:l(?:ias|pine)|xel)[\s\x0b&)<>|]|nsible|pt(?:-get|itude[\s\x0b&)<>|])|r(?:ch[\s\x0b&)<>|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm)|b(?:a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&)<>|]|c))|h[\s\x0b&)<>|])|tch[\s\x0b&)<>|])|lkid|pftrace|r(?:eaksw|idge[\s\x0b&)<>|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&)<>|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[\s\x0b&)<>|]|ertbot|h(?:attr|(?:dir|root)[\s\x0b&)<>|]|e(?:ck(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&)-<>|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[\s\x0b&)<>|]|++)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&)<>|]|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[\s\x0b&)<>|]|on(?:[\s\x0b&)<>|]|tab))|s(?:cli[\s\x0b&)<>|]|plit|vtool)|u(?:psfilter|rl[\s\x0b&)<>|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[\s\x0b&)<>|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[\s\x0b&)<>|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[\s\x0b&)<>|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[\s\x0b&)<>|]|iftool|p(?:(?:and|(?:ec|or)t)[\s\x0b&)<>|]|r)))|f(?:acter|(?:etch|lock|unction)[\s\x0b&)<>|]|grep|i(?:le(?:[\s\x0b&)<>|]|test)|(?:n(?:d|ger)|sh)[\s\x0b&)<>|])|o(?:ld[\s\x0b&)<>|]|reach)|ping|tp(?:stats|who))|g(?:awk[\s\x0b&)<>|]|core|e(?:ni(?:e[\s\x0b&)<>|]|soimage)|tfacl[\s\x0b&)<>|])|hci|i(?:mp[\s\x0b&)<>|]|nsh)|r(?:ep[\s\x0b&)<>|]|oup(?:[\s\x0b&)<>|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[\s\x0b&)<>|]|e(?:ad[\s\x0b&)<>|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[\s\x0b&)<>|]|onice|p(?:6?tables|config)|spell)|j(?:ava[\s\x0b&)<>|]|exec|o(?:(?:bs|in)[\s\x0b&)<>|]|urnalctl)|runscript)|k(?:ill(?:[\s\x0b&)<>|]|all)|nife[\s\x0b&)<>|]|sshell)|l(?:a(?:st(?:[\s\x0b&)<>|]|comm|log(?:in)?)|tex[\s\x0b&)<>|])|dconfig|ess(?:[\s\x0b&)<>|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[\s\x0b&)<>|]|o(?:(?:ca(?:l|te)|ok)[\s\x0b&)<>|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[\s\x0b&)<>q|]|x[\s\x0b&)<>|])|ke[\s\x0b&)<>|]|ster.passwd|wk)|k(?:dir[\s\x0b&)<>|]|fifo|nod|temp)|locate|o(?:squitto|unt[\s\x0b&)<>|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[\s\x0b&)<>|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[\s\x0b&)<>|]|sm|wk)|c(?:.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[\s\x0b&)<>|]|map|o(?:de[\s\x0b&)<>|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[\s\x0b&)<>|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[\s\x0b&)<>|]|s(?:swd|te[\s\x0b&)<>|]))|d(?:f(?:la)?tex|ksh)|er(?:(?:f|ms)[\s\x0b&)<>|]|l(?:[\s\x0b&)5<>|]|sh))|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[\s\x0b&)<>|]|dstat|gz)|k(?:exec|g?info|ill)|opd|rint(?:env|f[\s\x0b&)<>|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[\s\x0b&)<>|]|shd)|wd.db|y(?:thon[^\s\x0b]|3?versions))|r(?:ak(?:e[\s\x0b&)<>|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[\s\x0b&)<>|]|stic)|l(?:ogin|wrap)|m(?:dir[\s\x0b&)<>|]|user)|nano|oute[\s\x0b&)<>|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^\s\x0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|c(?:hed|r(?:een|ipt))|nap)[\s\x0b&)<>|]|diff|e(?:(?:lf|rvice)[\s\x0b&)<>|]|ndmail|t(?:arch|env|facl[\s\x0b&)<>|]|sid))|ftp|h(?:.distrib|(?:adow|ells)[\s\x0b&)<>|]|u(?:f|tdown[\s\x0b&)<>|]))|l(?:eep[\s\x0b&)<>|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[\s\x0b&)<>|])|p(?:lit[\s\x0b&)<>|]|wd.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[\s\x0b&)<>|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[\s\x0b&)<>f|]|sk(?:[\s\x0b&)<>|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:datectl|out[\s\x0b&)<>|])|mux|ouch[\s\x0b&)<>|]|r(?:aceroute6?|off)|shark)|u(?:limit[\s\x0b&)<>|]|n(?:ame|(?:compress|s(?:et|hare))[\s\x0b&)<>|]|expand|iq|l(?:ink[\s\x0b&)<>|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[\s\x0b&)<>|]|std))|p(?:2date[\s\x0b&)<>|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[\s\x0b&)<>|]|gr|mdiff|pw|rsh|sudo)|olatility[\s\x0b&)<>|])|w(?:a(?:ll|tch)[\s\x0b&)<>|]|get|h(?:iptail[\s\x0b&)<>|]|o(?:ami|is))|i(?:reshark|sh[\s\x0b&)<>|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[\s\x0b&)<>|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 932120) Executing operator "PmFromFile" with param "windows-powershell-commands.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 932125) Executing operator "Rx" with param "(?i)(?:[\n\r;\{]|\|\|?|&&?)[\s\x0b]*[\s\x0b\"'\(,@]*(?:[\"'\.-9A-Z_a-z]+/|(?:[\"'\x5c\^]*[0-9A-Z_a-z][\"'\x5c\^]*:.*|[ \"'\.-9A-Z\x5c\^_a-z]*)\x5c)?[\"\^]*(?:(?:a[\"\^]*(?:c|s[\"\^]*n[\"\^]*p)|e[\"\^]*(?:b[\"\^]*p|p[\"\^]*(?:a[\"\^]*l|c[\"\^]*s[\"\^]*v|s[\"\^]*n)|[tx][\"\^]*s[\"\^]*n)|f[\"\^]*(?:[cltw]|o[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*c[\"\^]*h)|i[\"\^]*(?:[cr][\"\^]*m|e[\"\^]*x|h[\"\^]*y|i|p[\"\^]*(?:a[\"\^]*l|c[\"\^]*s[\"\^]*v|m[\"\^]*o|s[\"\^]*n)|s[\"\^]*e|w[\"\^]*(?:m[\"\^]*i|r))|m[\"\^]*(?:a[\"\^]*n|[dipv]|o[\"\^]*u[\"\^]*n[\"\^]*t)|o[\"\^]*g[\"\^]*v|p[\"\^]*(?:o[\"\^]*p|u[\"\^]*s[\"\^]*h)[\"\^]*d|t[\"\^]*r[\"\^]*c[\"\^]*m|w[\"\^]*j[\"\^]*b)[\"\^]*[\s\x0b,\./;<>].*|c[\"\^]*(?:(?:(?:d|h[\"\^]*d[\"\^]*i[\"\^]*r|v[\"\^]*p[\"\^]*a)[\"\^]*|p[\"\^]*(?:[ip][\"\^]*)?)[\s\x0b,\./;<>].*|l[\"\^]*(?:(?:[cipv]|h[\"\^]*y)[\"\^]*[\s\x0b,\./;<>].*|s)|n[\"\^]*s[\"\^]*n)|d[\"\^]*(?:(?:b[\"\^]*p|e[\"\^]*l|i[\"\^]*(?:f[\"\^]*f|r))[\"\^]*[\s\x0b,\./;<>].*|n[\"\^]*s[\"\^]*n)|g[\"\^]*(?:(?:(?:(?:a[\"\^]*)?l|b[\"\^]*p|d[\"\^]*r|h[\"\^]*y|(?:w[\"\^]*m[\"\^]*)?i|j[\"\^]*b|[uv])[\"\^]*|c[\"\^]*(?:[ims][\"\^]*)?|m[\"\^]*(?:o[\"\^]*)?|s[\"\^]*(?:n[\"\^]*(?:p[\"\^]*)?|v[\"\^]*))[\s\x0b,\./;<>].*|e[\"\^]*r[\"\^]*r|p[\"\^]*(?:(?:s[\"\^]*)?[\s\x0b,\./;<>].*|v))|l[\"\^]*s|n[\"\^]*(?:(?:a[\"\^]*l|d[\"\^]*r|[iv]|m[\"\^]*o|s[\"\^]*n)[\"\^]*[\s\x0b,\./;<>].*|p[\"\^]*s[\"\^]*s[\"\^]*c)|r[\"\^]*(?:(?:(?:(?:b[\"\^]*)?p|e[\"\^]*n|(?:w[\"\^]*m[\"\^]*)?i|j[\"\^]*b|n[\"\^]*[ip])[\"\^]*|d[\"\^]*(?:r[\"\^]*)?|m[\"\^]*(?:(?:d[\"\^]*i[\"\^]*r|o)[\"\^]*)?|s[\"\^]*n[\"\^]*(?:p[\"\^]*)?|v[\"\^]*(?:p[\"\^]*a[\"\^]*)?)[\s\x0b,\./;<>].*|c[\"\^]*(?:j[\"\^]*b[\"\^]*[\s\x0b,\./;<>].*|s[\"\^]*n)|u[\"\^]*j[\"\^]*b)|s[\"\^]*(?:(?:(?:a[\"\^]*(?:j[\"\^]*b|l|p[\"\^]*s|s[\"\^]*v)|b[\"\^]*p|[civ]|w[\"\^]*m[\"\^]*i)[\"\^]*|l[\"\^]*(?:s[\"\^]*)?|p[\"\^]*(?:(?:j[\"\^]*b|p[\"\^]*s|s[\"\^]*v)[\"\^]*)?)[\s\x0b,\./;<>].*|h[\"\^]*c[\"\^]*m|u[\"\^]*j[\"\^]*b))(?:\.[\"\^]*[0-9A-Z_a-z]+)?\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932130) Executing operator "Rx" with param "\$(?:\((?:.*|\(.*\))\)|\{.*\})|[<>]\(.*\)|/[0-9A-Z_a-z]*\[!?.+\]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932140) Executing operator "Rx" with param "\b(?:for(?:/[dflr].*)? %+[^ ]+ in\(.*\)[\s\x0b]?do|if(?:/i)?(?: not)?(?: (?:e(?:xist|rrorlevel)|defined|cmdextversion)\b|[ \(].*(?:\b(?:g(?:eq|tr)|equ|neq|l(?:eq|ss))\b|==)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932250) Executing operator "Rx" with param "(?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;={]|||?|&&?|$(?:((?|{)|<(?:(|<<)|>(|([\s\x0b]))[\s\x0b](?:[${]|(?:[\s\x0b](|!)[\s\x0b]|[0-9A-Z_a-z]+=(?:[^\s\x0b]|$(?:.|.)|[<>].|'.'|".")[\s\x0b]+)[\s\x0b]["'](?:["'-+--9?A-]_a-z|]+/)?["'\x5c](?:7["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?z(?:["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?[arx])?|(?:b["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?z|x)["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?z|[ckz]["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?s["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?h|d["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?f|e["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?(?:n["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?v|s["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?h)|f["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?[dg]|g["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?(?:c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?c|p["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?g)|(?:h["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?u|u["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?d)["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?p|i["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?r["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?b|l["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?(?:s|z(?:["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?4)?)|p["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?(?:h["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?p|w["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?d|x["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?z)|r["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?c(?:["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?p)?|s["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?(?:c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?p|e["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?d|(?:s["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?)?h|v["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?n)|w["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?3["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?m)[\s\x0b&)<>|]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 932260) Executing operator "Rx" with param "(?i)(?:^|b["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?u["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?s["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?y["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?b["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?x|c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?m["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?m["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?n["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?d|e["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?(?:n["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?v|v["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?l)|[ls]["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?t["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?r["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?e|n["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?h["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?u["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?p|t["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?i["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?m["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?e(?:["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?o["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@a-{])?\x5c?u["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?t)?|w["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@a-{])?\x5c?a["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?t["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@a-{])?\x5c?c["')[\x5c](?:(?:(?:|||&&)[\s\x0b])?$[!#(*-0-9?@_a-{])?\x5c?h|[\n\r;=\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:a(?:ddgroup|nsible)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:ef[\s\x0b&\)\-<>\|]|g(?:passwd|rp)|pass|sh)|lang\+\+|o(?:mm[\s\x0b&\)<>\|]|proc)|(?:ron|scli)[\s\x0b&\)<>\|])|d(?:iff[\s\x0b&\)<>\|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[\s\x0b&\)<>\|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster\.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:\.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|er(?:f[\s\x0b&\)<>\|]|l[\s\x0b&\)5<>\|])|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[\s\x0b&\)<>\|])|tar(?:diff|grep)?|wd\.db|y(?:thon[23]|3?versions))|r(?:(?:bas|ealpat)h|m(?:dir[\s\x0b&\)<>\|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h\.distri|pwd\.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[\s\x0b&\)<>\|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw|sudo)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more))|z(?:c(?:at|mp)|diff|[ef]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932330) Executing operator "Rx" with param "!-\d" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932160) Executing operator "PmFromFile" with param "unix-shell.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932171) Executing operator "Rx" with param "^\(\s*\)\s+{" against ARGS_NAMES|ARGS|FILES_NAMES. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932175) Executing operator "Rx" with param "\ba[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s\b[\s\x0b]+[!\"%',0-9@-Z_a-z]+=[^\s\x0b]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932180) Executing operator "PmFromFile" with param "restricted-upload.data" against FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X-File-Name. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932370) Executing operator "Rx" with param "(?i)(?:[\n\r;{]|||?|&&?)[\s\x0b][\s\x0b"'(,@](?:["'.-9A-Z_a-z]+/|(?:["'\x5c^][0-9A-Z_a-z]["'\x5c^]:.|[ "'.-9A-Z\x5c^_a-z])\x5c)?["^](?:a["^](?:c["^]*c["^]*c["^]*h["^]*e["^]*c["^]*k["^]*c["^]*o["^]*n["^]*s["^]*o["^]*l["^]e|d["^](?:p["^]*l["^]*u["^]*s|v["^]*p["^]*a["^]*c["^]*k)|(?:g["^]*e["^]*n["^]*t["^]*e["^]*x["^]*e["^]*c["^]*u["^]*t["^]*o|s["^]*p["^]*n["^]*e["^]t["^]["^]*c["^]*o["^]*m["^]*p["^]*i["^]*l["^]*e)["^]*r|p["^]p["^](?:i["^]*n["^]*s["^]*t["^]*a["^]*l["^]*l["^]*e["^]*r|v["^]l["^]p)|t["^](?:[\s\x0b,./;<>].|b["^]*r["^]*o["^]*k["^]*e["^]r))|b["^](?:a["^]*s["^]*h|g["^]*i["^]*n["^]*f["^]*o|i["^]*t["^]*s["^]*a["^]*d["^]*m["^]*i["^]n)|c["^](?:d["^]*b|e["^]*r["^]t["^](?:o["^]*c|r["^]*e["^]*q|u["^]*t["^]*i["^]l)|l["^]["^]*(?:i["^]*n["^]*v["^]*o["^]*c["^]*a["^]*t["^]*i["^]*o["^]*n|l["^]*o["^]*a["^]*d["^]*a["^]*s["^]*s["^]*e["^]*m["^]*b["^]*l["^]*y|m["^]*u["^]*t["^]*e["^]*x["^]*v["^]*e["^]*r["^]*i["^]*f["^]*i["^]*e["^]r["^]s)|m["^](?:d(?:["^](?:k["^]*e["^]*y|l["^]*3["^]*2))?|s["^]*t["^]p)|o["^](?:m["^]*s["^]*v["^]*c["^]s|n["^](?:f["^]*i["^]*g["^]*s["^]*e["^]*c["^]*u["^]*r["^]*i["^]*t["^]*y["^]*p["^]*o["^]*l["^]*i["^]*c["^]*y|h["^]*o["^]*s["^]*t|t["^]*r["^]*o["^]*l)|r["^]*e["^]*g["^]*e["^]*n)|r["^]*e["^]*a["^]*t["^]*e["^]*d["^]*u["^]*m["^]p|s["^](?:c(?:["^]*r["^]*i["^]*p["^]*t)?|i)|u["^]*s["^]*t["^]*o["^]*m["^]*s["^]*h["^]*e["^]*l["^]*l["^]*h["^]*o["^]*s["^]t)|d["^](?:a["^]*t["^]*a["^]*s["^]*v["^]*c["^]*u["^]*t["^]*i["^]l|e["^](?:f["^]*a["^]*u["^]*l["^]*t["^]*p["^]*a["^]*c["^]*k|s["^]*k(?:["^]*t["^]*o["^]*p["^]*i["^]*m["^]*g["^]*d["^]*o["^]*w["^]*n["^]*l["^]*d["^]r)?|v["^](?:i["^]*c["^]*e["^]*c["^]*r["^]*e["^]*d["^]*e["^]*n["^]*t["^]*i["^]*a["^]*l["^]*d["^]*e["^]*p["^]*l["^]*o["^]*y["^]*m["^]*e["^]*n["^]*t|t["^]*o["^]*o["^]*l["^]*s["^]*l["^]*a["^]*u["^]*n["^]*c["^]*h["^]*e["^]*r))|f["^]s["^](?:h["^]*i["^]*m|v["^]c)|i["^](?:a["^]*n["^]*t["^]*z|s["^]*k["^]*s["^]*h["^]*a["^]*d["^]*o["^]w)|n["^](?:s["^]*c["^]*m["^]*d|x)|o["^]*t["^]*n["^]*e["^]*t|u["^]*m["^]*p["^]*6["^]*4|x["^]*c["^]*a["^]p)|e["^](?:s["^]*e["^]*n["^]*t["^]*u["^]*t["^]*l|v["^]*e["^]*n["^]*t["^]*v["^]*w["^]r|x["^](?:c["^]*e["^]l|p["^](?:a["^]*n["^]*d|l["^]*o["^]*r["^]*e["^]r)|t["^](?:e["^]*x["^]*p["^]*o["^]*r["^]*t|r["^]*a["^]*c["^]*3["^]2)))|f["^](?:i["^]n["^](?:d["^]*s["^]*t|g["^]*e)["^]*r|l["^]*t["^]*m["^]*c|o["^]*r["^]*f["^]*i["^]*l["^]*e["^]s|s["^](?:i(?:["^]*a["^]*n["^]*y["^]*c["^]*p["^]*u)?|u["^]*t["^]*i["^]*l)|t["^]p)|g["^](?:f["^]*x["^]*d["^]*o["^]*w["^]*n["^]*l["^]*o["^]*a["^]*d["^]*w["^]*r["^]*a["^]*p["^]*p["^]*e["^]*r|p["^]*s["^]*c["^]*r["^]*i["^]*p["^]t)|h["^]h|i["^](?:e["^](?:4["^]*u["^]*i["^]*n["^]*i["^]*t|a["^]*d["^]*v["^]*p["^]*a["^]*c["^]*k|e["^]*x["^]*e["^]*c|f["^]*r["^]*a["^]*m["^]*e)|l["^]*a["^]*s["^]*m|m["^]*e["^]*w["^]*d["^]*b["^]*l["^]d|n["^](?:f["^]*d["^]*e["^]*f["^]*a["^]*u["^]*l["^]*t["^]*i["^]*n["^]*s["^]*t["^]*a["^]*l|s["^]*t["^]*a["^]*l["^]*l["^]*u["^]*t["^]*i)["^]*l)|j["^]*s["^]c|l["^](?:a["^]*u["^]*n["^]*c["^]h["^]-["^]*v["^]*s["^]*d["^]*e["^]*v["^]*s["^]*h["^]*e["^]*l["^]*l|d["^]*i["^]*f["^]d["^]e)|m["^](?:a["^](?:k["^]*e["^]*c["^]*a["^]*b|n["^]*a["^]*g["^]e["^]-["^]*b["^]*d["^]*e|v["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t)|f["^]*t["^]*r["^]*a["^]*c["^]*e|i["^]*c["^]*r["^]*o["^]*s["^]*o["^]*f["^]*t|m["^]*c|p["^]*c["^]*m["^]*d["^]*r["^]*u["^]n|s["^](?:(?:b["^]*u["^]*i["^]*l|o["^]*h["^]*t["^]*m["^]*e)["^]*d|c["^]*o["^]*n["^]*f["^]*i["^]g|d["^](?:e["^]*p["^]*l["^]*o["^]*y|t)|h["^]t["^](?:a|m["^]*l)|i["^]*e["^]*x["^]*e["^]*c|p["^]*u["^]*b|x["^]*s["^]l))|n["^](?:e["^]*t["^]*s["^]*h|t["^]*d["^]*s["^]*u["^]*t["^]*i["^]l)|o["^](?:d["^]*b["^]*c["^]*c["^]*o["^]*n["^]*f|f["^]*f["^]*l["^]*i["^]*n["^]*e["^]*s["^]*c["^]*a["^]*n["^]*n["^]*e["^]*r["^]*s["^]*h["^]*e["^]*l["^]*l|n["^]*e["^]*d["^]*r["^]*i["^]*v["^]*e["^]*s["^]*t["^]*a["^]*n["^]*d["^]*a["^]*l["^]*o["^]*n["^]*e["^]*u["^]*p["^]*d["^]*a["^]*t["^]*e["^]*r|p["^]*e["^]*n["^]*c["^]*o["^]*n["^]*s["^]*o["^]l["^]e)|p["^](?:c["^](?:a["^]*l["^]*u["^]a|w["^](?:r["^]*u["^]*n|u["^]*t["^]*l))|(?:e["^]*s["^]*t["^]*e|s)["^]*r|(?:k["^]*t["^]*m["^]*o|u["^]*b["^]*p["^]*r)["^]*n|n["^]*p["^]*u["^]*t["^]*i["^]*l|o["^]*w["^]*e["^]*r["^]*p["^]*n["^]t|r["^](?:e["^]*s["^]*e["^]*n["^]*t["^]*a["^]*t["^]*i["^]*o["^]*n["^]*h["^]*o["^]*s["^]*t|i["^]*n["^]*t(?:["^]*b["^]*r["^]m)?|o["^](?:c["^]*d["^]*u["^]*m["^]*p|t["^]*o["^]*c["^]*o["^]*l["^]*h["^]*a["^]*n["^]*d["^]*l["^]*e["^]r)))|r["^](?:a["^]*s["^]*a["^]*u["^]*t["^]*o["^]*u|c["^]*s["^]*i|(?:d["^]*r["^]*l["^]*e["^]*a["^]*k["^]*d["^]*i["^]*a|p["^]*c["^]*p["^]*i["^]n)["^]g|e["^](?:g(?:["^](?:a["^]*s["^]*m|e["^]*d["^]*i["^]t|i["^](?:n["^]*i|s["^]*t["^]*e["^]r["^]-["^]*c["^]*i["^]*m["^]*p["^]*r["^]*o["^]*v["^]*i["^]*d["^]*e["^]*r)|s["^]v["^](?:c["^]*s|r["^]*3["^]*2)))?|(?:m["^]*o["^]*t|p["^]*l["^]*a["^]*c)["^]*e)|u["^]n["^](?:d["^]*l["^]*l["^]*3["^]*2|(?:e["^]*x["^]*e|s["^]*c["^]*r["^]*i["^]*p["^]*t)["^]*h["^]*e["^]*l["^]*p["^]*e["^]*r|o["^]n["^]c["^]e))|s["^](?:c["^](?:[\s\x0b,./;<>].|h["^]*t["^]*a["^]*s["^]*k["^]*s|r["^]*i["^]*p["^]*t["^]*r["^]*u["^]*n["^]*n["^]*e["^]*r)|e["^]t["^](?:r["^]*e["^]*s|t["^]*i["^]*n["^]*g["^]*s["^]*y["^]*n["^]*c["^]*h["^]*o["^]*s["^]*t|u["^]*p["^]*a["^]*p["^]i)|h["^](?:d["^]*o["^]*c["^]*v["^]*w|e["^]*l["^]*l["^]3["^]2)|q["^](?:l["^](?:d["^]*u["^]*m["^]*p["^]*e["^]*r|(?:t["^]*o["^]*o["^]*l["^]s["^])?p["^]*s)|u["^]*i["^]*r["^]*r["^]*e["^]*l)|s["^]*h|t["^]*o["^]*r["^]*d["^]*i["^]*a["^]g|y["^](?:n["^]*c["^]*a["^]*p["^]*p["^]*v["^]*p["^]*u["^]*b["^]*l["^]*i["^]*s["^]*h["^]*i["^]*n["^]*g["^]*s["^]*e["^]*r["^]*v["^]*e["^]*r|s["^]*s["^]*e["^]t["^]u["^]p))|t["^](?:e["^][\s\x0b,./;<>].|r["^]*a["^]*c["^]*k["^]*e["^]r|t["^](?:d["^]*i["^]*n["^]*j["^]*e["^]*c["^]*t|t["^]*r["^]*a["^]*c["^]*e["^]r))|u["^](?:n["^]*r["^]*e["^]*g["^]*m["^]*p["^]*2|p["^]*d["^]*a["^]*t["^]*e|r["^]*l|t["^]*i["^]*l["^]*i["^]*t["^]*y["^]*f["^]*u["^]*n["^]*c["^]*t["^]*i["^]*o["^]*n["^]s)|v["^](?:b["^]*c|e["^]*r["^]*c["^]*l["^]*s["^]*i["^]*d|i["^]*s["^]*u["^]*a["^]*l["^]*u["^]*i["^]*a["^]*v["^]*e["^]*r["^]*i["^]*f["^]*y["^]*n["^]*a["^]*t["^]*i["^]*v["^]e|s["^](?:i["^]*i["^]*s["^]e["^]x["^]e["^]l["^]a["^]u["^]n["^]c["^]h|j["^]i["^]t["^]d["^]e["^]b["^]u["^]g["^]g)["^]e["^]r)|w["^](?:a["^]b|(?:f|m["^]i)["^]c|i["^]n["^](?:g["^]e["^]t|r["^]m|w["^]o["^]r["^]d)|l["^]r["^]m["^]d["^]r|o["^]r["^]k["^]f["^]o["^]l["^]d["^]e["^]r["^]s|s["^](?:(?:c["^]r["^]i["^]p|r["^]e["^]s["^]e)["^]t|l)|t["^][\s\x0b,./;<>].|u["^]a["^]u["^]c["^]l["^]t)|x["^]w["^]i["^]z["^]a["^]r["^]d|z["^]i["^]p["^]f["^]l["^]d["^]r)(?:.["^][0-9A-Z_a-z]+)?\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 932380) Executing operator "Rx" with param "(?i)(?:\n\r;\{]|\|\|?|&&?)[\s\x0b]*[\s\x0b\"'\(,@]*(?:[\"'\.-9A-Z_a-z]+/|(?:[\"'\x5c\^]*[0-9A-Z_a-z][\"'\x5c\^]*:.*|[ \"'\.-9A-Z\x5c\^_a-z]*)\x5c)?[\"\^]*(?:a[\"\^]*(?:s[\"\^]*s[\"\^]*o[\"\^]*c|t[\"\^]*(?:m[\"\^]*a[\"\^]*d[\"\^]*m|t[\"\^]*r[\"\^]*i[\"\^]*b)|u[\"\^]*(?:d[\"\^]*i[\"\^]*t[\"\^]*p[\"\^]*o[\"\^]*l|t[\"\^]*o[\"\^]*(?:c[\"\^]*(?:h[\"\^]*k|o[\"\^]*n[\"\^]*v)|(?:f[\"\^]*m|m[\"\^]*o[\"\^]*u[\"\^]*n)[\"\^]*t)))|b[\"\^]*(?:c[\"\^]*d[\"\^]*(?:b[\"\^]*o[\"\^]*o|e[\"\^]*d[\"\^]*i)[\"\^]*t|(?:d[\"\^]*e[\"\^]*h[\"\^]*d|o[\"\^]*o[\"\^]*t)[\"\^]*c[\"\^]*f[\"\^]*g|i[\"\^]*t[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|c[\"\^]*(?:a[\"\^]*c[\"\^]*l[\"\^]*s|e[\"\^]*r[\"\^]*t[\"\^]*(?:r[\"\^]*e[\"\^]*q|u[\"\^]*t[\"\^]*i[\"\^]*l)|h[\"\^]*(?:c[\"\^]*p|d[\"\^]*i[\"\^]*r|g[\"\^]*(?:l[\"\^]*o[\"\^]*g[\"\^]*o[\"\^]*n|p[\"\^]*o[\"\^]*r[\"\^]*t|u[\"\^]*s[\"\^]*r)|k[\"\^]*(?:d[\"\^]*s[\"\^]*k|n[\"\^]*t[\"\^]*f[\"\^]*s))|l[\"\^]*e[\"\^]*a[\"\^]*n[\"\^]*m[\"\^]*g[\"\^]*r|m[\"\^]*(?:d(?:[\"\^]*k[\"\^]*e[\"\^]*y)?|s[\"\^]*t[\"\^]*p)|s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)|d[\"\^]*(?:c[\"\^]*(?:d[\"\^]*i[\"\^]*a[\"\^]*g|g[\"\^]*p[\"\^]*o[\"\^]*f[\"\^]*i[\"\^]*x)|e[\"\^]*(?:f[\"\^]*r[\"\^]*a[\"\^]*g|l)|f[\"\^]*s[\"\^]*(?:d[\"\^]*i[\"\^]*a|r[\"\^]*m[\"\^]*i)[\"\^]*g|i[\"\^]*(?:a[\"\^]*n[\"\^]*t[\"\^]*z|r|s[\"\^]*(?:k[\"\^]*(?:c[\"\^]*o[\"\^]*(?:m[\"\^]*p|p[\"\^]*y)|p[\"\^]*(?:a[\"\^]*r[\"\^]*t|e[\"\^]*r[\"\^]*f)|r[\"\^]*a[\"\^]*i[\"\^]*d|s[\"\^]*h[\"\^]*a[\"\^]*d[\"\^]*o[\"\^]*w)|p[\"\^]*d[\"\^]*i[\"\^]*a[\"\^]*g))|n[\"\^]*s[\"\^]*c[\"\^]*m[\"\^]*d|(?:o[\"\^]*s[\"\^]*k[\"\^]*e|r[\"\^]*i[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*r)[\"\^]*y)|e[\"\^]*(?:n[\"\^]*d[\"\^]*l[\"\^]*o[\"\^]*c[\"\^]*a[\"\^]*l|v[\"\^]*e[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*r[\"\^]*e[\"\^]*a[\"\^]*t[\"\^]*e)|E[\"\^]*v[\"\^]*n[\"\^]*t[\"\^]*c[\"\^]*m[\"\^]*d|f[\"\^]*(?:c|i[\"\^]*(?:l[\"\^]*e[\"\^]*s[\"\^]*y[\"\^]*s[\"\^]*t[\"\^]*e[\"\^]*m[\"\^]*s|n[\"\^]*d[\"\^]*s[\"\^]*t[\"\^]*r)|l[\"\^]*a[\"\^]*t[\"\^]*t[\"\^]*e[\"\^]*m[\"\^]*p|o[\"\^]*r(?:[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)?|r[\"\^]*e[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*s[\"\^]*k|s[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|(?:t[\"\^]*y[\"\^]*p|v[\"\^]*e[\"\^]*u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t)[\"\^]*e)|g[\"\^]*(?:e[\"\^]*t[\"\^]*(?:m[\"\^]*a[\"\^]*c|t[\"\^]*y[\"\^]*p[\"\^]*e)|o[\"\^]*t[\"\^]*o|p[\"\^]*(?:f[\"\^]*i[\"\^]*x[\"\^]*u[\"\^]*p|(?:r[\"\^]*e[\"\^]*s[\"\^]*u[\"\^]*l[\"\^]*)?t|u[\"\^]*p[\"\^]*d[\"\^]*a[\"\^]*t[\"\^]*e)|r[\"\^]*a[\"\^]*f[\"\^]*t[\"\^]*a[\"\^]*b[\"\^]*l)|h[\"\^]*(?:e[\"\^]*l[\"\^]*p[\"\^]*c[\"\^]*t[\"\^]*r|o[\"\^]*s[\"\^]*t[\"\^]*n[\"\^]*a[\"\^]*m[\"\^]*e)|i[\"\^]*(?:c[\"\^]*a[\"\^]*c[\"\^]*l[\"\^]*s|f|p[\"\^]*(?:c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*g|x[\"\^]*r[\"\^]*o[\"\^]*u[\"\^]*t[\"\^]*e)|r[\"\^]*f[\"\^]*t[\"\^]*p)|j[\"\^]*e[\"\^]*t[\"\^]*p[\"\^]*a[\"\^]*c[\"\^]*k|k[\"\^]*(?:l[\"\^]*i[\"\^]*s[\"\^]*t|s[\"\^]*e[\"\^]*t[\"\^]*u[\"\^]*p|t[\"\^]*(?:m[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|p[\"\^]*a[\"\^]*s[\"\^]*s))|l[\"\^]*(?:o[\"\^]*(?:d[\"\^]*c[\"\^]*t[\"\^]*r|g[\"\^]*(?:m[\"\^]*a[\"\^]*n|o[\"\^]*f[\"\^]*f))|p[\"\^]*[qr])|m[\"\^]*(?:a[\"\^]*(?:c[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e|k[\"\^]*e[\"\^]*c[\"\^]*a[\"\^]*b|p[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|k[\"\^]*(?:d[\"\^]*i[\"\^]*r|l[\"\^]*i[\"\^]*n[\"\^]*k)|m[\"\^]*c|o[\"\^]*u[\"\^]*n[\"\^]*t[\"\^]*v[\"\^]*o[\"\^]*l|q[\"\^]*(?:b[\"\^]*k[\"\^]*u[\"\^]*p|(?:t[\"\^]*g[\"\^]*)?s[\"\^]*v[\"\^]*c)|s[\"\^]*(?:d[\"\^]*t|i[\"\^]*(?:e[\"\^]*x[\"\^]*e[\"\^]*c|n[\"\^]*f[\"\^]*o[\"\^]*3[\"\^]*2)|t[\"\^]*s[\"\^]*c))|n[\"\^]*(?:b[\"\^]*t[\"\^]*s[\"\^]*t[\"\^]*a[\"\^]*t|e[\"\^]*t[\"\^]*(?:c[\"\^]*f[\"\^]*g|d[\"\^]*o[\"\^]*m|s[\"\^]*(?:h|t[\"\^]*a[\"\^]*t))|f[\"\^]*s[\"\^]*(?:a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|s[\"\^]*(?:h[\"\^]*a[\"\^]*r[\"\^]*e|t[\"\^]*a[\"\^]*t))|l[\"\^]*(?:b[\"\^]*m[\"\^]*g[\"\^]*r|t[\"\^]*e[\"\^]*s[\"\^]*t)|s[\"\^]*l[\"\^]*o[\"\^]*o[\"\^]*k[\"\^]*u[\"\^]*p|t[\"\^]*(?:b[\"\^]*a[\"\^]*c[\"\^]*k[\"\^]*u[\"\^]*p|c[\"\^]*m[\"\^]*d[\"\^]*p[\"\^]*r[\"\^]*o[\"\^]*m[\"\^]*p[\"\^]*t|f[\"\^]*r[\"\^]*s[\"\^]*u[\"\^]*t[\"\^]*l))|o[\"\^]*(?:f[\"\^]*f[\"\^]*l[\"\^]*i[\"\^]*n[\"\^]*e|p[\"\^]*e[\"\^]*n[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*s)|p[\"\^]*(?:a[\"\^]*(?:g[\"\^]*e[\"\^]*f[\"\^]*i[\"\^]*l[\"\^]*e[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*f[\"\^]*i|t[\"\^]*h[\"\^]*p[\"\^]*i[\"\^]*n)[\"\^]*g|(?:b[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i|k[\"\^]*t[\"\^]*m[\"\^]*o)[\"\^]*n|e[\"\^]*(?:n[\"\^]*t[\"\^]*n[\"\^]*t|r[\"\^]*f[\"\^]*m[\"\^]*o[\"\^]*n)|n[\"\^]*p[\"\^]*u[\"\^]*(?:n[\"\^]*a[\"\^]*t[\"\^]*t[\"\^]*e[\"\^]*n[\"\^]*d|t[\"\^]*i[\"\^]*l)|o[\"\^]*(?:p[\"\^]*d|w[\"\^]*e[\"\^]*r[\"\^]*s[\"\^]*h[\"\^]*e[\"\^]*l[\"\^]*l)|r[\"\^]*n[\"\^]*(?:c[\"\^]*n[\"\^]*f[\"\^]*g|(?:d[\"\^]*r[\"\^]*v|m[\"\^]*n[\"\^]*g)[\"\^]*r|j[\"\^]*o[\"\^]*b[\"\^]*s|p[\"\^]*o[\"\^]*r[\"\^]*t|q[\"\^]*c[\"\^]*t[\"\^]*l)|u[\"\^]*(?:b[\"\^]*p[\"\^]*r[\"\^]*n|s[\"\^]*h[\"\^]*(?:d|p[\"\^]*r[\"\^]*i[\"\^]*n[\"\^]*t[\"\^]*e[\"\^]*r[\"\^]*c[\"\^]*o[\"\^]*n[\"\^]*n[\"\^]*e[\"\^]*c[\"\^]*t[\"\^]*i[\"\^]*o[\"\^]*n[\"\^]*s))|w[\"\^]*(?:l[\"\^]*a[\"\^]*u[\"\^]*n[\"\^]*c[\"\^]*h[\"\^]*e[\"\^]*r|s[\"\^]*h))|q[\"\^]*(?:a[\"\^]*p[\"\^]*p[\"\^]*s[\"\^]*r[\"\^]*v|p[\"\^]*r[\"\^]*o[\"\^]*c[\"\^]*e[\"\^]*s[\"\^]*s|u[\"\^]*s[\"\^]*e[\"\^]*r|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a)|r[\"\^]*(?:d(?:[\"\^]*p[\"\^]*s[\"\^]*i[\"\^]*g[\"\^]*n)?|e[\"\^]*(?:f[\"\^]*s[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|g(?:[\"\^]*(?:i[\"\^]*n[\"\^]*i|s[\"\^]*v[\"\^]*r[\"\^]*3[\"\^]*2))?|l[\"\^]*o[\"\^]*g|(?:(?:p[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i|s[\"\^]*c[\"\^]*a)[\"\^]*)?n|x[\"\^]*e[\"\^]*c)|i[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*u[\"\^]*p|m[\"\^]*d[\"\^]*i[\"\^]*r|o[\"\^]*b[\"\^]*o[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y|p[\"\^]*c[\"\^]*(?:i[\"\^]*n[\"\^]*f[\"\^]*o|p[\"\^]*i[\"\^]*n[\"\^]*g)|s[\"\^]*h|u[\"\^]*n[\"\^]*d[\"\^]*l[\"\^]*l[\"\^]*3[\"\^]*2|w[\"\^]*i[\"\^]*n[\"\^]*s[\"\^]*t[\"\^]*a)|s[\"\^]*(?:a[\"\^]*n|c[\"\^]*(?:h[\"\^]*t[\"\^]*a[\"\^]*s[\"\^]*k[\"\^]*s|w[\"\^]*c[\"\^]*m[\"\^]*d)|e[\"\^]*(?:c[\"\^]*e[\"\^]*d[\"\^]*i[\"\^]*t|r[\"\^]*v[\"\^]*e[\"\^]*r[\"\^]*(?:(?:c[\"\^]*e[\"\^]*i[\"\^]*p|w[\"\^]*e[\"\^]*r)[\"\^]*o[\"\^]*p[\"\^]*t[\"\^]*i[\"\^]*n|m[\"\^]*a[\"\^]*n[\"\^]*a[\"\^]*g[\"\^]*e[\"\^]*r[\"\^]*c[\"\^]*m[\"\^]*d)|t[\"\^]*x)|f[\"\^]*c|(?:h[\"\^]*o[\"\^]*w[\"\^]*m[\"\^]*o[\"\^]*u[\"\^]*n|u[\"\^]*b[\"\^]*s)[\"\^]*t|x[\"\^]*s[\"\^]*t[\"\^]*r[\"\^]*a[\"\^]*c[\"\^]*e|y[\"\^]*s[\"\^]*(?:o[\"\^]*c[\"\^]*m[\"\^]*g[\"\^]*r|t[\"\^]*e[\"\^]*m[\"\^]*i[\"\^]*n[\"\^]*f[\"\^]*o))|t[\"\^]*(?:a[\"\^]*(?:k[\"\^]*e[\"\^]*o[\"\^]*w[\"\^]*n|p[\"\^]*i[\"\^]*c[\"\^]*f[\"\^]*g|s[\"\^]*k[\"\^]*(?:k[\"\^]*i[\"\^]*l[\"\^]*l|l[\"\^]*i[\"\^]*s[\"\^]*t))|(?:c[\"\^]*m[\"\^]*s[\"\^]*e[\"\^]*t[\"\^]*u|f[\"\^]*t)[\"\^]*p|(?:(?:e[\"\^]*l[\"\^]*n[\"\^]*e|i[\"\^]*m[\"\^]*e[\"\^]*o[\"\^]*u)[\"\^]*|r[\"\^]*a[\"\^]*c[\"\^]*e[\"\^]*r[\"\^]*(?:p[\"\^]*)?)t|l[\"\^]*n[\"\^]*t[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*n|p[\"\^]*m[\"\^]*(?:t[\"\^]*o[\"\^]*o[\"\^]*l|v[\"\^]*s[\"\^]*c[\"\^]*m[\"\^]*g[\"\^]*r)|s[\"\^]*(?:(?:d[\"\^]*i[\"\^]*s[\"\^]*)?c[\"\^]*o[\"\^]*n|e[\"\^]*c[\"\^]*i[\"\^]*m[\"\^]*p|k[\"\^]*i[\"\^]*l[\"\^]*l|p[\"\^]*r[\"\^]*o[\"\^]*f)|y[\"\^]*p[\"\^]*e[\"\^]*p[\"\^]*e[\"\^]*r[\"\^]*f|z[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l)|u[\"\^]*n[\"\^]*(?:e[\"\^]*x[\"\^]*p[\"\^]*o[\"\^]*s[\"\^]*e|i[\"\^]*q[\"\^]*u[\"\^]*e[\"\^]*i[\"\^]*d|l[\"\^]*o[\"\^]*d[\"\^]*c[\"\^]*t[\"\^]*r)|v[\"\^]*(?:o[\"\^]*l|s[\"\^]*s[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n)|w[\"\^]*(?:a[\"\^]*i[\"\^]*t[\"\^]*f[\"\^]*o[\"\^]*r|b[\"\^]*a[\"\^]*d[\"\^]*m[\"\^]*i[\"\^]*n|(?:d[\"\^]*s|e[\"\^]*(?:c|v[\"\^]*t))[\"\^]*u[\"\^]*t[\"\^]*i[\"\^]*l|h[\"\^]*(?:e[\"\^]*r[\"\^]*e|o[\"\^]*a[\"\^]*m[\"\^]*i)|i[\"\^]*n[\"\^]*(?:n[\"\^]*t(?:[\"\^]*3[\"\^]*2)?|r[\"\^]*s)|m[\"\^]*i[\"\^]*c|s[\"\^]*c[\"\^]*r[\"\^]*i[\"\^]*p[\"\^]*t)|x[\"\^]*c[\"\^]*o[\"\^]*p[\"\^]*y)(?:\.[\"\^]*[0-9A-Z_a-z]+)?\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 932014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [9] Matched vars updated. [17195447525.996344] . [4] Rule returned 1. [17195447525.996344] . [9] Running action: log [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [9] Running action: auditlog [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [4] Running (non-disruptive) action: tag [17195447525.996344] . [9] Rule tag: OWASP_CRS [17195447525.996344] . [9] Running action: nolog [17195447525.996344] . [9] Running action: skipAfter [17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [4] Running (disruptive) action: pass. [17195447525.996344] . [8] Running action pass [17195447525.996344] . [9] Skipped rule id '932231' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932200' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932220' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932240' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932210' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932300' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932310' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932320' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932236' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932016' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932232' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932238' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932190' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932301' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932311' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932321' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932331' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [9] Skipped rule id '932018' due to a SecMarker: END-REQUEST-932-APPLICATION-ATTACK-RCE [17195447525.996344] . [4] (Rule: 933012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933100) Executing operator "Rx" with param "(?i)<\?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^\s\x0b]|[\s\x0b]+[^a-z]|$)))|$|php)|\[[/\x5c]?php\]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933110) Executing operator "Rx" with param ".*\.ph(?:p\d*|tml|ar|ps|t|pt)\.*$" against FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X.Filename|REQUEST_HEADERS:X-File-Name. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [9] Rule id: 933120 was skipped due to a ruleRemoveById action... [17195447525.996344] . [4] (Rule: 933130) Executing operator "PmFromFile" with param "php-variables.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933140) Executing operator "Rx" with param "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933200) Executing operator "Rx" with param "(?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [9] Rule id: 933150 was skipped due to a ruleRemoveById action... [17195447525.996344] . [4] (Rule: 933160) Executing operator "Rx" with param "(?i)\b\(?[\"']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:\*.*\*/|/.*)|#.*|[\s\x0b\"])*[\"']*\)?[\s\x0b]*\(.*\)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933170) Executing operator "Rx" with param "[oOcC]:\d+:\".+?\":\d+:{.*}" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host) [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933180) Executing operator "Rx" with param "\$+(?:[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*|\s*{.+})(?:\s|\[.+\]|{.+}|/\*.*\*/|//.*|#.*)*\(.*\)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933210) Executing operator "Rx" with param "(?:\((?:.+\)(?:[\"'][\-0-9A-Z_a-z]+[\"'])?\(.+|[^\)]*string[^\)]*\)[\s\x0b\"'\-\.0-9A-\[\]_a-\{\}]+\([^\)]*)|(?:\[[0-9]+\]|\{[0-9]+\}|\$[^\(\),\./;\x5c]+|[\"'][\-0-9A-Z\x5c_a-z]+[\"'])\(.+)\);" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:urlDecode: "/noble-ojs-3-theme" [17195447525.996344] . [9] T (0) t:replaceComments: "/noble-ojs-3-theme" [17195447525.996344] . [9] T (0) t:removeWhitespace: "/noble-ojs-3-theme" [17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 933014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [9] Matched vars updated. [17195447525.996344] . [4] Rule returned 1. [17195447525.996344] . [9] Running action: log [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [9] Running action: auditlog [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [4] Running (non-disruptive) action: tag [17195447525.996344] . [9] Rule tag: OWASP_CRS [17195447525.996344] . [9] Running action: nolog [17195447525.996344] . [9] Running action: skipAfter [17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [4] Running (disruptive) action: pass. [17195447525.996344] . [8] Running action pass [17195447525.996344] . [9] Skipped rule id '933151' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [9] Skipped rule id '933016' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [9] Skipped rule id '933131' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [9] Skipped rule id '933161' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [9] Skipped rule id '933111' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [9] Skipped rule id '933190' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [9] Skipped rule id '933211' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [9] Skipped rule id '933018' due to a SecMarker: END-REQUEST-933-APPLICATION-ATTACK-PHP [17195447525.996344] . [4] (Rule: 934012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 934100) Executing operator "Rx" with param "_(?:\$\$ND_FUNC\$\$_|_js_function)|(?:\beval|new[\s\x0b]+Function[\s\x0b]*)\(|String\.fromCharCode|function\(\)\{|this\.constructor|module\.exports=|\([\s\x0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][\s\x0b]*\)|process(?:\.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:\.call)?\(|binding|constructor|env|global|main(?:Module)?|process|require)|\[[\"'"']\])|(?:binding|constructor|env|global|main(?:Module)?|process|require)\[|console(?:\.(?:debug|error|info|trace|warn)(?:\.call)?\(|\[[\"'"']\])|require(?:\.(?:resolve(?:\.call)?\(|main|extensions|cache)|\[[\"'["']\])" against REQUEST_FILENAME|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme" [17195447525.996344] . [9] T (0) t:jsDecode: "/noble-ojs-3-theme" [17195447525.996344] . [9] T (0) t:removeWhitespace: "/noble-ojs-3-theme" [17195447525.996344] . [9] T (1) t:base64Decode: "" [17195447525.996344] . [9] T (1) t:urlDecodeUni: "" [17195447525.996344] . [9] T (1) t:jsDecode: "" [17195447525.996344] . [9] T (1) t:removeWhitespace: "" [17195447525.996344] . [9] multiMatch is enabled. 2 values to be tested. [17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME) [17195447525.996344] . [9] Target value: "" (Variable: REQUEST_FILENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 934110) Executing operator "PmFromFile" with param "ssrf.data" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 934130) Executing operator "Rx" with param "(?:__proto__|constructor\s*(?:\.|\[)\s*prototype)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 934150) Executing operator "Rx" with param "Process[\s\x0b]*\.[\s\x0b]*spawn[\s\x0b]*\(" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 934160) Executing operator "Rx" with param "while[\s\x0b]*\([\s\x0b\(]*(?:!+(?:false|null|undefined|NaN|[\+\-]?0|\"{2}|'{2}|{2})|(?:!!)(?:(?:t(?:rue|his)|[+-]?(?:Infinity|[1-9][0-9])|new [A-Za-z][0-9A-Z_a-z]|window|String|(?:Boolea|Functio)n|Object|Array)\b|{.}|[.]|"[^\"]+"|'[^']+'|[^]+)).*\)" against REQUEST_FILENAME|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme" [17195447525.996344] . [9] T (0) t:jsDecode: "/noble-ojs-3-theme" [17195447525.996344] . [9] T (1) t:base64Decode: "" [17195447525.996344] . [9] T (1) t:urlDecodeUni: "" [17195447525.996344] . [9] T (1) t:jsDecode: "" [17195447525.996344] . [9] T (1) t:replaceComments: "" [17195447525.996344] . [9] multiMatch is enabled. 2 values to be tested. [17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME) [17195447525.996344] . [9] Target value: "" (Variable: REQUEST_FILENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 934170) Executing operator "Rx" with param "^data:(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*(?:[\s\x0b]*,[\s\x0b]*(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*)*" against REQUEST_FILENAME|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme" [17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 934014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [9] Matched vars updated. [17195447525.996344] . [4] Rule returned 1. [17195447525.996344] . [9] Running action: log [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [9] Running action: auditlog [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [4] Running (non-disruptive) action: tag [17195447525.996344] . [9] Rule tag: OWASP_CRS [17195447525.996344] . [9] Running action: nolog [17195447525.996344] . [9] Running action: skipAfter [17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-934-APPLICATION-ATTACK-GENERIC [17195447525.996344] . [4] Running (disruptive) action: pass. [17195447525.996344] . [8] Running action pass [17195447525.996344] . [9] Skipped rule id '934101' due to a SecMarker: END-REQUEST-934-APPLICATION-ATTACK-GENERIC [17195447525.996344] . [9] Skipped rule id '934120' due to a SecMarker: END-REQUEST-934-APPLICATION-ATTACK-GENERIC [17195447525.996344] . [9] Skipped rule id '934140' due to a SecMarker: END-REQUEST-934-APPLICATION-ATTACK-GENERIC [17195447525.996344] . [9] Skipped rule id '934016' due to a SecMarker: END-REQUEST-934-APPLICATION-ATTACK-GENERIC [17195447525.996344] . [9] Skipped rule id '934018' due to a SecMarker: END-REQUEST-934-APPLICATION-ATTACK-GENERIC [17195447525.996344] . [4] (Rule: 941012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941100) Executing operator "DetectXSS against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:jsDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:cssDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0" [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [9] libinjection was not able to find any XSS in: curl/8.6.0 [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941110) Executing operator "Rx" with param "(?i)<script[^>]*>[\s\S]*?" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:jsDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:cssDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0" [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941130) Executing operator "Rx" with param "(?i).(?:\b(?:x(?:link:href|html|mlns)|data:text/html|formaction|pattern\b.*?=)|!ENTITY[\s\x0b]+(?:%[\s\x0b]+)?[^\s\x0b]+[\s\x0b]+(?:SYSTEM|PUBLIC)|@import|;base64)\b" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:jsDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:cssDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0" [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941140) Executing operator "Rx" with param "(?i)[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\(javascript" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:jsDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:cssDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeWhitespace: "curl/8.6.0" [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941160) Executing operator "Rx" with param "(?i)<[^0-9<>A-Z_a-z]*(?:[^\s\x0b\"'<>]*:)?[^0-9<>A-Z_a-z]*[^0-9A-Z_a-z]*?(?:s[^0-9A-Z_a-z]*?(?:c[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?t|t[^0-9A-Z_a-z]*?y[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e|v[^0-9A-Z_a-z]*?g|e[^0-9A-Z_a-z]*?t[^0-9>A-Z_a-z])|f[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?m|d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?o[^0-9A-Z_a-z]*?g|m[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?q[^0-9A-Z_a-z]*?u[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?e|e[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?a[^0-9>A-Z_a-z])|(?:l[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?k|o[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?j[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?c[^0-9A-Z_a-z]*?t|e[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?b[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?d|a[^0-9A-Z_a-z]*?(?:p[^0-9A-Z_a-z]*?p[^0-9A-Z_a-z]*?l[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?t|u[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?o|n[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?t[^0-9A-Z_a-z]*?e)|p[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m|i?[^0-9A-Z_a-z]*?f[^0-9A-Z_a-z]*?r[^0-9A-Z_a-z]*?a[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?e|b[^0-9A-Z_a-z]*?(?:a[^0-9A-Z_a-z]*?s[^0-9A-Z_a-z]*?e|o[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?y|i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?n[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?s)|i[^0-9A-Z_a-z]*?m[^0-9A-Z_a-z]*?a?[^0-9A-Z_a-z]*?g[^0-9A-Z_a-z]*?e?|v[^0-9A-Z_a-z]*?i[^0-9A-Z_a-z]*?d[^0-9A-Z_a-z]*?e[^0-9A-Z_a-z]*?o)[^0-9>A-Z_a-z])|(?:<[0-9A-Z_a-z].*[\s\x0b/]|[\"'](?:.*[\s\x0b/])?)(?:background|formaction|lowsrc|on(?:a(?:bort|ctivate|d(?:apteradded|dtrack)|fter(?:print|(?:scriptexecu|upda)te)|lerting|n(?:imation(?:cancel|end|iteration|start)|tennastatechange)|ppcommand|u(?:dio(?:end|process|start)|xclick))|b(?:e(?:fore(?:(?:(?:(?:de)?activa|scriptexecu)t|toggl)e|c(?:opy|ut)|editfocus|input|p(?:aste|rint)|u(?:nload|pdate))|gin(?:Event)?)|l(?:ocked|ur)|oun(?:ce|dary)|roadcast|usy)|c(?:a(?:(?:ch|llschang)ed|nplay(?:through)?|rdstatechange)|(?:ell|fstate)change|h(?:a(?:rging(?:time)?cha)?nge|ecking)|l(?:ick|ose)|o(?:m(?:mand(?:update)?|p(?:lete|osition(?:end|start|update)))|n(?:nect(?:ed|ing)|t(?:extmenu|rolselect))|py)|u(?:echange|t))|d(?:ata(?:(?:availabl|chang)e|error|setc(?:hanged|omplete))|blclick|e(?:activate|livery(?:error|success)|vice(?:found|light|(?:mo|orienta)tion|proximity))|i(?:aling|s(?:abled|c(?:hargingtimechange|onnect(?:ed|ing))))|o(?:m(?:a(?:ctivate|ttrmodified)|(?:characterdata|subtree)modified|focus(?:in|out)|mousescroll|node(?:inserted(?:intodocument)?|removed(?:fromdocument)?))|wnloading)|r(?:ag(?:drop|e(?:n(?:d|ter)|xit)|(?:gestur|leav)e|over|start)|op)|urationchange)|e(?:mptied|n(?:abled|d(?:ed|Event)?|ter)|rror(?:update)?|xit)|f(?:ailed|i(?:lterchange|nish)|o(?:cus(?:in|out)?|rm(?:change|input))|ullscreenchange)|g(?:amepad(?:axismove|button(?:down|up)|(?:dis)?connected)|et)|h(?:ashchange|e(?:adphoneschange|l[dp])|olding)|i(?:cc(?:cardlockerror|infochange)|n(?:coming|put|valid))|key(?:down|press|up)|l(?:evelchange|o(?:ad(?:e(?:d(?:meta)?data|nd)|start)?|secapture)|y)|m(?:ark|essage|o(?:use(?:down|enter|(?:lea|mo)ve|o(?:ut|ver)|up|wheel)|ve(?:end|start)?|z(?:a(?:fterpaint|udioavailable)|(?:beforeresiz|orientationchang|t(?:apgestur|imechang))e|(?:edgeui(?:c(?:ancel|omplet)|start)e|network(?:down|up)loa)d|fullscreen(?:change|error)|m(?:agnifygesture(?:start|update)?|ouse(?:hittest|pixelscroll))|p(?:ointerlock(?:change|error)|resstapgesture)|rotategesture(?:start|update)?|s(?:crolledareachanged|wipegesture(?:end|start|update)?))))|no(?:match|update)|o(?:(?:bsolet|(?:ff|n)lin)e|pen|verflow(?:changed)?)|p(?:a(?:ge(?:hide|show)|int|(?:st|us)e)|lay(?:ing)?|o(?:inter(?:down|enter|(?:(?:lea|mo)v|rawupdat)e|o(?:ut|ver)|up)|p(?:state|up(?:hid(?:den|ing)|show(?:ing|n))))|ro(?:gress|pertychange))|r(?:atechange|e(?:adystatechange|ceived|movetrack|peat(?:Event)?|quest|s(?:et|ize|u(?:lt|m(?:e|ing)))|trieving)|ow(?:e(?:nter|xit)|s(?:delete|inserted)))|s(?:croll(?:end)?|e(?:arch|ek(?:complete|ed|ing)|lect(?:ionchange|start)?|n(?:ding|t)|t)|how|(?:ound|peech)(?:end|start)|t(?:a(?:lled|rt|t(?:echange|uschanged))|k(?:comma|sessione)nd|op)|u(?:bmit|ccess|spend)|vg(?:abort|error|(?:un)?load|resize|scroll|zoom))|t(?:ext|ime(?:out|update)|o(?:ggle|uch(?:cancel|en(?:d|ter)|(?:lea|mo)ve|start))|ransition(?:cancel|end|run|start))|u(?:n(?:derflow|handledrejection|load)|p(?:dateready|gradeneeded)|s(?:erproximity|sdreceived))|v(?:ersion|o(?:ic|lum)e)change|w(?:a(?:it|rn)ing|ebkit(?:animation(?:end|iteration|start)|transitionend)|heel)|zoom)|ping|s(?:rc|tyle))[\x08-\n\f\r ]*?=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:jsDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:cssDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0" [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941170) Executing operator "Rx" with param "(?i)(?:\W|^)(?:javascript:(?:[\s\S]+[=\x5c\(\[\.<]|[\s\S]*?(?:\bname\b|\x5c[ux]\d))|data:(?:(?:[a-z]\w+/\w[\w+-]+\w)?[;,]|[\s\S]*?;[\s\S]*?\b(?:base64|charset=)|[\s\S]*?,[\s\S]*?<[\s\S]*?\w[\s\S]*?>))|@\W*?i\W*?m\W*?p\W*?o\W*?r\W*?t\W*?(?:/\*[\s\S]*?)?(?:[\"']|\W*?u\W*?r\W*?l[\s\S]*?\()|[^-]*?-\W*?m\W*?o\W*?z\W*?-\W*?b\W*?i\W*?n\W*?d\W*?i\W*?n\W*?g[^:]*?:\W*?u\W*?r\W*?l[\s\S]*?\(" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:jsDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:cssDecode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0" [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941180) Executing operator "Pm" with param "document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941190) Executing operator "Rx" with param "(?i:<style.*?>.*?(?:@[i\x5c]|(?:[:=]|&#x?0*(?:58|3A|61|3D);?).*?(?:[(\x5c]|&#x?0*(?:40|28|92|5C);?)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941200) Executing operator "Rx" with param "(?i:<.*[:]?vmlframe.*?[\s/+]*?src[\s/+]*=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941210) Executing operator "Rx" with param "(?i)(?:j|&#(?:0*(?:74|106)|x0*[46]A);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:v|&#(?:0*(?:86|118)|x0*[57]6);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:a|&#(?:0*(?:65|97)|x0*[46]1);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941220) Executing operator "Rx" with param "(?i)(?:v|&#(?:0*(?:118|86)|x0*[57]6);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:b|&#(?:0*(?:98|66)|x0*[46]2);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:s|&#(?:0*(?:115|83)|x0*[57]3);)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:c|&#(?:x0*[46]3|0*(?:99|67));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:r|&#(?:x0*[57]2|0*(?:114|82));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:i|&#(?:x0*[46]9|0*(?:105|73));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:p|&#(?:x0*[57]0|0*(?:112|80));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?:t|&#(?:x0*[57]4|0*(?:116|84));)(?:[\t\n\r]|&(?:#(?:0*(?:9|1[03])|x0*[AD]);?|(?:tab|newline);))*(?::|&(?:#(?:0*58|x0*3A);?|colon;))." against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941230) Executing operator "Rx" with param "(?i)<EMBED[\s/+].*?(?:src|type).*?=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941240) Executing operator "Rx" with param "<[?]?import[\s/+\S]*?implementation[\s/+]*?=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941250) Executing operator "Rx" with param "(?i:<META[\s/+].*?http-equiv[\s/+]*=[\s/+]*[\"']?(?:(?:c|&#x?0(?:67|43|99|63);?)|(?:r|&#x?0(?:82|52|114|72);?)|(?:s|&#x?0(?:83|53|115|73);?)))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941260) Executing operator "Rx" with param "(?i:<META[\s/+].?charset[\s/+]=)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941270) Executing operator "Rx" with param "(?i)<LINK[\s/+].?href[\s/+]=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941280) Executing operator "Rx" with param "(?i)<BASE[\s/+].?href[\s/+]=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941290) Executing operator "Rx" with param "(?i)<APPLET[\s/+>]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941300) Executing operator "Rx" with param "(?i)<OBJECT[\s/+].?(?:type|codetype|classid|code|data)[\s/+]=" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941310) Executing operator "Rx" with param "\xbc[^\xbe>][\xbe>]|<[^\xbe]\xbe" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941350) Executing operator "Rx" with param "+ADw-.(?:+AD4-|>)|<.+AD4-" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941360) Executing operator "Rx" with param "![!+ ][]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941370) Executing operator "Rx" with param "(?:self|document|this|top|window)\s(?:/*|[[)]).+?(?:]|*/)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941390) Executing operator "Rx" with param "(?i)\b(?:eval|set(?:timeout|interval)|new[\s\x0b]+Function|a(?:lert|tob)|btoa|prompt|confirm)[\s\x0b](" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 941400) Executing operator "Rx" with param "((?:[[^\]]][^.].)|Reflect[^.].).(?:map|sort|apply)[^.]..call^]*.*" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 941014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [9] Matched vars updated. [17195447525.996344] . [4] Rule returned 1. [17195447525.996344] . [9] Running action: log [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [9] Running action: auditlog [17195447525.996344] . [9] Saving transaction to logs [17195447525.996344] . [4] Running (non-disruptive) action: tag [17195447525.996344] . [9] Rule tag: OWASP_CRS [17195447525.996344] . [9] Running action: nolog [17195447525.996344] . [9] Running action: skipAfter [17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [4] Running (disruptive) action: pass. [17195447525.996344] . [8] Running action pass [17195447525.996344] . [9] Skipped rule id '941120' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941150' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941181' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941320' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941330' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941340' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941380' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941016' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [9] Skipped rule id '941018' due to a SecMarker: END-REQUEST-941-APPLICATION-ATTACK-XSS [17195447525.996344] . [4] (Rule: 942012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL. [17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942100) Executing operator "DetectSQLi against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:utf8toUnicode: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0" [17195447525.996344] . [9] T (0) t:removeNulls: "curl/8.6.0" [17195447525.996344] . [9] multiMatch is enabled. 1 values to be tested. [17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent) [17195447525.996344] . [9] detected SQLi: not able to find an inject on 'curl/8.6.0' [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942140) Executing operator "Rx" with param "(?i)\b(?:d(?:atabas|b_nam)e[^0-9A-Z_a-z]*\(|(?:information_schema|m(?:aster\.\.sysdatabases|s(?:db|ys(?:ac(?:cess(?:objects|storage|xml)|es)|modules2?|(?:object|querie|relationship)s))|ysql\.db)|northwind|pg_(?:catalog|toast)|tempdb)\b|s(?:chema(?:_name\b|[^0-9A-Z_a-z]*\()|(?:qlite_(?:temp_)?master|ys(?:aux|\.database_name))\b))" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942151) Executing operator "Rx" with param "(?i)\b(?:a(?:dd(?:dat|tim)e|es_(?:de|en)crypt|s(?:cii(?:str)?|in)|tan2?)|b(?:enchmark|i(?:n_to_num|t_(?:and|count|length|x?or)))|c(?:har(?:acter)?_length|iel(?:ing)?|o(?:alesce|ercibility|llation|(?:mpres)?s|n(?:cat(?:_ws)?|nection_id|v(?:ert(?:_tz)?)?)|t)|r32|ur(?:(?:dat|tim)e|rent_(?:date|setting|time(?:stamp)?|user)))|d(?:a(?:t(?:abase(?:_to_xml)?|e(?:_(?:add|format|sub)|diff))|y(?:name|of(?:month|week|year)))|count|e(?:code|grees|s_(?:de|en)crypt)|ump)|e(?:lt|n(?:c(?:ode|rypt)|ds_?with)|x(?:p(?:ort_set)?|tract(?:value)?))|f(?:i(?:el|n)d_in_set|ound_rows|rom_(?:base64|days|unixtime))|g(?:e(?:ometrycollection|t(?:_(?:format|lock)|pgusername))|(?:r(?:eates|oup_conca)|tid_subse)t)|hex(?:toraw)?|i(?:fnull|n(?:et6?_(?:aton|ntoa)|s(?:ert|tr)|terval)|s(?:_(?:(?:free|used)_lock|ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|superuser)|null))|json(?:_(?:a(?:gg|rray(?:_(?:elements(?:_text)?|length))?)|build_(?:array|object)|e(?:ac|xtract_pat)h(?:_text)?|object(?:_(?:agg|keys))?|populate_record(?:set)?|strip_nulls|t(?:o_record(?:set)?|ypeof))|b(?:_(?:array(?:_(?:elements(?:_text)?|length))?|build_(?:array|object)|object(?:_(?:agg|keys))?|e(?:ac|xtract_pat)h(?:_text)?|insert|p(?:ath_(?:(?:exists|match)(?:_tz)?|query(?:_(?:(?:array|first)(?:_tz)?|tz))?)|opulate_record(?:set)?|retty)|s(?:et(?:_lax)?|trip_nulls)|t(?:o_record(?:set)?|ypeof)))?|path)?|l(?:ast_(?:day|inser_id)|case|e(?:as|f)t|i(?:kel(?:ihood|y)|nestring)|o(?:_(?:from_bytea|put)|ad_file|ca(?:ltimestamp|te)|g(?:10|2)|wer)|pad|trim)|m(?:a(?:ke(?:_set|date)|ster_pos_wait)|d5|i(?:crosecon)?d|onthname|ulti(?:linestring|po(?:int|lygon)))|n(?:ame_const|ot_in|ullif)|o(?:ct(?:et_length)?|(?:ld_passwo)?rd)|p(?:eriod_(?:add|diff)|g_(?:client_encoding|(?:databas|read_fil)e|l(?:argeobject|s_dir)|sleep|user)|o(?:(?:lyg|siti)on|w)|rocedure_analyse)|qu(?:arter|ery_to_xml|ote)|r(?:a(?:dians|nd|wtohex)|elease_lock|ow_(?:count|to_json)|pad|trim)|s(?:chema|e(?:c_to_time|ssion_user)|ha[12]?|in|oundex|pace|q(?:lite_(?:compileoption_(?:get|used)|source_id)|rt)|t(?:arts_?with|d(?:dev_(?:po|sam)p)?|r(?:_to_date|cmp))|ub(?:(?:dat|tim)e|str(?:ing(?:_index)?)?)|ys(?:date|tem_user))|t(?:ime(?:_(?:format|to_sec)|diff|stamp(?:add|diff)?)|o(?:_(?:base64|jsonb?)|n?char|(?:day|second)s)|r(?:im|uncate))|u(?:case|n(?:compress(?:ed_length)?|hex|i(?:str|x_timestamp)|likely)|(?:pdatexm|se_json_nul)l|tc_(?:date|time(?:stamp)?)|uid(?:_short)?)|var(?:_(?:po|sam)p|iance)|we(?:ek(?:day|ofyear)|ight_string)|xmltype|yearweek)[^0-9A-Z_a-z]*\(" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942160) Executing operator "Rx" with param "(?i:sleep\(\s*?\d*?\s*?\)|benchmark\(.*?\,.*?\))" against REQUEST_BASENAME|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [9] T (0) t:urlDecodeUni: "noble-ojs-3-theme" [17195447525.996344] . [9] Target value: "noble-ojs-3-theme" (Variable: REQUEST_BASENAME) [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942170) Executing operator "Rx" with param "(?i)(?:select|;)[\s\x0b]+(?:benchmark|if|sleep)[\s\x0b]*?\([\s\x0b]*?\(?[\s\x0b]*?[0-9A-Z_a-z]+" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942190) Executing operator "Rx" with param "(?i)[\"'|\b(?:(?:(?:c(?:onnection_id|urrent_user)|database|schema|user)[\s\x0b]?|select.?[0-9A-Z_a-z]?user)(|exec(?:ute)?[\s\x0b]+master.|from[^0-9A-Z_a-z]+information_schema[^0-9A-Z_a-z]|into[\s\x0b+]+(?:dump|out)file[\s\x0b]?"']|union(?:[\s\x0b]select[\s\x0b]@|[\s\x0b\(0-9A-Z_a-z]*?select))|[\s\x0b]*?exec(?:ute)?.*?[^0-9A-Z_a-z]xp_cmdshell|[^0-9A-Z_a-z]iif[\s\x0b]*?\(" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942220) Executing operator "Rx" with param "^(?i:-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|2.2250738585072011e-308|1e309)$" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942230) Executing operator "Rx" with param "(?i)[\s\x0b\(\)]case[\s\x0b]+when.*?then|\)[\s\x0b]*?like[\s\x0b]*?\(|select.*?having[\s\x0b]*?[^\s\x0b]+[\s\x0b]*?[^\s\x0b0-9A-Z_a-z]|if[\s\x0b]?\([0-9A-Z_a-z]+[\s\x0b]*?[<->~]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942240) Executing operator "Rx" with param "(?i)alter[\s\x0b]*?[0-9A-Z_a-z]+.*?char(?:acter)?[\s\x0b]+set[\s\x0b]+[0-9A-Z_a-z]+|[\"'" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 942250) Executing operator "Rx" with param "(?i:merge.?using\s?(|execute\s?immediate\s?["']|match\s*?[\w(),+-]+\s*?against\s*?\()" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942270) Executing operator "Rx" with param "(?i)union.*?select.*?from" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942280) Executing operator "Rx" with param "(?i)select[\s\x0b]*?pg_sleep|waitfor[\s\x0b]*?delay[\s\x0b]?[\"']+[\s\x0b]?[0-9]|;[\s\x0b]?shutdown[\s\x0b]?(?:[#;{]|/*|--)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 942290) Executing operator "Rx" with param "(?i)[?$(?:n(?:e|in?|o[rt])|e(?:q|xists|lemMatch)|l(?:te?|ike)|mod|a(?:ll|nd)|(?:s(?:iz|lic)|wher)e|t(?:ype|ext)|x?or|div|between|regex|jsonSchema)]?" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 942320) Executing operator "Rx" with param "(?i)create[\s\x0b]+(?:function|procedure)[\s\x0b]?[0-9A-Z_a-z]+[\s\x0b]?([\s\x0b]?)[\s\x0b]?-|d(?:eclare[^0-9A-Z_a-z]+[#@][\s\x0b]?[0-9A-Z_a-z]+|iv[\s\x0b]?([+-][\s\x0b.0-9]+,[+-][\s\x0b.0-9]+))|exec[\s\x0b]?([\s\x0b]?@|(?:lo(?:impor|ge)t|procedure[\s\x0b]+analyse)[\s\x0b]?(|;[\s\x0b]?(?:declare|open)[\s\x0b]+[-0-9A-Z_a-z]+|::(?:b(?:igint|ool)|double[\s\x0b]+precision|int(?:eger)?|numeric|oid|real|(?:tex|smallin)t)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 942350) Executing operator "Rx" with param "(?i)create[\s\x0b]+function[\s\x0b].+[\s\x0b]returns|;[\s\x0b]?(?:alter|(?:(?:cre|trunc|upd)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)\b[\s\x0b]?[([]?[0-9A-Z_a-z]{2,}" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 942360) Executing operator "Rx" with param "(?i)\b(?:(?:alter|(?:(?:cre|trunc|upd)at|renam)e|de(?:lete|sc)|(?:inser|selec)t|load)[\s\x0b]+(?:char|group_concat|load_file)\b[\s\x0b](?|end[\s\x0b]?);)|[\s\x0b(]load_file[\s\x0b]?(|["'][\s\x0b]+regexp[^0-9A-Z_a-z]|[\"'0-9A-Z_-z][\s\x0b]+as\b[\s\x0b]*[\"'0-9A-Z_-z]+[\s\x0b]*\bfrom|^[^A-Z_a-z]+[\s\x0b]*?(?:(?:(?:(?:cre|trunc)at|renam)e|d(?:e(?:lete|sc)|rop)|(?:inser|selec)t|load)[\s\x0b]+[0-9A-Z_a-z]+|u(?:pdate[\s\x0b]+[0-9A-Z_a-z]+|nion[\s\x0b]*(?:all|(?:sele|distin)ct)\b)|alter[\s\x0b]*(?:a(?:(?:ggregat|pplication[\s\x0b]*rol)e|s(?:sembl|ymmetric[\s\x0b]*ke)y|u(?:dit|thorization)|vailability[\s\x0b]*group)|b(?:roker[\s\x0b]*priority|ufferpool)|c(?:ertificate|luster|o(?:l(?:latio|um)|nversio)n|r(?:edential|yptographic[\s\x0b]*provider))|d(?:atabase|efault|i(?:mension|skgroup)|omain)|e(?:(?:ndpoi|ve)nt|xte(?:nsion|rnal))|f(?:lashback|oreign|u(?:lltext|nction))|hi(?:erarchy|stogram)|group|in(?:dex(?:type)?|memory|stance)|java|l(?:a(?:ngua|r)ge|ibrary|o(?:ckdown|g(?:file[\s\x0b]*group|in)))|m(?:a(?:s(?:k|ter[\s\x0b]*key)|terialized)|e(?:ssage[\s\x0b]*type|thod)|odule)|(?:nicknam|queu)e|o(?:perator|utline)|p(?:a(?:ckage|rtition)|ermission|ro(?:cedur|fil)e)|r(?:e(?:mot|sourc)e|o(?:l(?:e|lback)|ute))|s(?:chema|e(?:arch|curity|rv(?:er|ice)|quence|ssion)|y(?:mmetric[\s\x0b]*key|nonym)|togroup)|t(?:able(?:space)?|ext|hreshold|r(?:igger|usted)|ype)|us(?:age|er)|view|w(?:ork(?:load)?|rapper)|x(?:ml[\s\x0b]*schema|srobject))\b)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942500) Executing operator "Rx" with param "(?i)/\*[\s\x0b]*?[!\+](?:[\s\x0b\(\)\-0-9=A-Z_a-z]+)?\*/" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942540) Executing operator "Rx" with param "^(?:[^']*'|[^\"]*\"|[^])[\s\x0b]*;" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942560) Executing operator "Rx" with param "(?i)1\.e[\(\),]" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*. [17195447525.996344] . [4] Rule returned 0. [17195447525.996344] . [9] Matched vars cleaned. [17195447525.996344] . [4] (Rule: 942550) Executing operator "Rx" with param "[\"'][[{].[]}]["'].*(::.*jsonb?)?.*(?:(?:@|->?)>|<@|\?[&\|]?|#>>?|[<>]|<-)|(?:(?:@|->?)>|<@|\?[&\|]?|#>>?|[<>]|<-)[\"'][[{].[]}]["'`]|json_extract.(.)" against REQUEST_FILENAME|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:lowercase: "/noble-ojs-3-theme"
[17195447525.996344] . [9] T (0) t:removeWhitespace: "/noble-ojs-3-theme"
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 942014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '942120' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942130' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942131' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942150' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942180' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942200' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942210' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942260' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942300' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942310' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942330' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942340' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942361' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942362' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942370' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942380' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942390' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942400' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942410' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942470' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942480' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942430' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942441' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942442' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942440' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942450' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942510' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942520' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942521' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942522' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942016' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942251' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942490' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942431' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942460' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942511' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942530' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942018' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [9] Skipped rule id '942432' due to a SecMarker: END-REQUEST-942-APPLICATION-ATTACK-SQLI
[17195447525.996344] . [4] (Rule: 943012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 943100) Executing operator "Rx" with param "(?i:.cookie\b.?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-cookie\b)" against REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 943110) Executing operator "Rx" with param "^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 943120) Executing operator "Rx" with param "^(?:jsessionid|aspsessionid|asp.net_sessionid|phpsession|phpsessid|weblogicsession|session_id|session-id|cfid|cftoken|cfsid|jservsession|jwsession)$" against ARGS_NAMES.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 943014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '943016' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[17195447525.996344] . [9] Skipped rule id '943018' due to a SecMarker: END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
[17195447525.996344] . [4] (Rule: 944012) Executing operator "Lt" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944100) Executing operator "Rx" with param "java.lang.(?:runtime|processbuilder)" against ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/|XML://@.
[17195447525.996344] . [9] T (0) t:lowercase: ""
[17195447525.996344] . [9] Target value: "" (Variable: REQUEST_BODY)
[17195447525.996344] . [9] T (0) t:lowercase: "openjournaltheme.com"
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:lowercase: "curl/8.6.0"
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:lowercase: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944110) Executing operator "Rx" with param "(?:runtime|processbuilder)" against ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/|XML://@.
[17195447525.996344] . [9] T (0) t:lowercase: ""
[17195447525.996344] . [9] Target value: "" (Variable: REQUEST_BODY)
[17195447525.996344] . [9] T (0) t:lowercase: "openjournaltheme.com"
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:lowercase: "curl/8.6.0"
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:lowercase: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944120) Executing operator "Rx" with param "(?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)" against ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/|XML://@.
[17195447525.996344] . [9] T (0) t:lowercase: ""
[17195447525.996344] . [9] Target value: "" (Variable: REQUEST_BODY)
[17195447525.996344] . [9] T (0) t:lowercase: "openjournaltheme.com"
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:lowercase: "curl/8.6.0"
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:lowercase: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944130) Executing operator "PmFromFile" with param "java-classes.data" against ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS|XML:/|XML://@.
[17195447525.996344] . [9] Target value: "" (Variable: REQUEST_BODY)
[17195447525.996344] . [9] Target value: "/noble-ojs-3-theme" (Variable: REQUEST_FILENAME)
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml+xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944140) Executing operator "Rx" with param "..(?:jsp|jspx).$" against FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X.Filename|REQUEST_HEADERS:X-File-Name.
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944150) Executing operator "Rx" with param "(?i)(?:$|$?)(?:{|&l(?:brace|cub);?)(?:[^\}]{0,15}(?:$|$?)(?:{|&l(?:brace|cub);?)|jndi|ctx)" against REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/|XML://@*.
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "GET /noble-ojs-3-theme HTTP/1.1"
[17195447525.996344] . [9] T (0) t:jsDecode: "GET /noble-ojs-3-theme HTTP/1.1"
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "GET /noble-ojs-3-theme HTTP/1.1"
[17195447525.996344] . [9] Target value: "GET /noble-ojs-3-theme HTTP/1.1" (Variable: REQUEST_LINE)
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "openjournaltheme.com"
[17195447525.996344] . [9] T (0) t:jsDecode: "openjournaltheme.com"
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "openjournaltheme.com"
[17195447525.996344] . [9] Target value: "openjournaltheme.com" (Variable: REQUEST_HEADERS:Host)
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "curl/8.6.0"
[17195447525.996344] . [9] T (0) t:jsDecode: "curl/8.6.0"
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "curl/8.6.0"
[17195447525.996344] . [9] Target value: "curl/8.6.0" (Variable: REQUEST_HEADERS:User-Agent)
[17195447525.996344] . [9] T (0) t:urlDecodeUni: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] T (0) t:jsDecode: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] T (0) t:htmlEntityDecode: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8"
[17195447525.996344] . [9] Target value: "text/htmlapplication/xhtml xmlapplication/xml;q=0.9/q=0.8" (Variable: REQUEST_HEADERS:Accept)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 944014) Executing operator "Lt" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '944151' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944200' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944210' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944240' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944250' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944260' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944016' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944300' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944018' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [9] Skipped rule id '944152' due to a SecMarker: END-REQUEST-944-APPLICATION-ATTACK-JAVA
[17195447525.996344] . [4] (Rule: 949059) Executing unconditional rule...
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_inbound_anomaly_score with value: 0
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 949159) Executing unconditional rule...
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_inbound_anomaly_score with value: 0
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 949060) Executing operator "Ge" with param "1" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_inbound_anomaly_score with value: 7
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 949160) Executing operator "Ge" with param "1" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_inbound_anomaly_score with value: 7
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 949061) Executing operator "Ge" with param "2" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949161) Executing operator "Ge" with param "2" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949062) Executing operator "Ge" with param "3" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949162) Executing operator "Ge" with param "3" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949063) Executing operator "Ge" with param "4" against TX:BLOCKING_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:BLOCKING_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949163) Executing operator "Ge" with param "4" against TX:DETECTION_PARANOIA_LEVEL.
[17195447525.996344] . [9] Target value: "1" (Variable: TX:DETECTION_PARANOIA_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 949110) Executing operator "Ge" with param "5" Was: "" against TX:BLOCKING_INBOUND_ANOMALY_SCORE.
[17195447525.996344] . [9] Target value: "7" (Variable: TX:BLOCKING_INBOUND_ANOMALY_SCORE)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [9] Running action: log
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [9] Running action: auditlog
[17195447525.996344] . [9] Saving transaction to logs
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: anomaly-evaluation
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Saving msg: Inbound Anomaly Score Exceeded (Total Score: 7)
[17195447525.996344] . [4] Running (disruptive) action: deny.
[17195447525.996344] . [8] Running action deny
[17195447525.996344] . [8] Skipping this phase as this request was already intercepted.
[17195447525.996344] . [4] Starting phase LOGGING. (SecRules 5)
[17195447525.996344] . [9] This phase consists of 42 rule(s).
[17195447525.996344] . [4] (Rule: 980099) Executing unconditional rule...
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_anomaly_score with value: 7
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:blocking_anomaly_score with value: 7
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_anomaly_score with value: 7
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:detection_anomaly_score with value: 7
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:anomaly_score with value: 7
[17195447525.996344] . [4] Running [independent] (non-disruptive) action: setvar
[17195447525.996344] . [8] Saving variable: TX:anomaly_score with value: 7
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: noauditlog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [4] (Rule: 980041) Executing operator "Eq" with param "0" against TX:REPORTING_LEVEL.
[17195447525.996344] . [9] Target value: "4" (Variable: TX:REPORTING_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 980042) Executing operator "Ge" with param "5" against TX:REPORTING_LEVEL.
[17195447525.996344] . [9] Target value: "4" (Variable: TX:REPORTING_LEVEL)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 980043) Executing operator "Eq" with param "0" against TX:DETECTION_ANOMALY_SCORE.
[17195447525.996344] . [9] Target value: "7" (Variable: TX:DETECTION_ANOMALY_SCORE)
[17195447525.996344] . [4] Rule returned 0.
[17195447525.996344] . [9] Matched vars cleaned.
[17195447525.996344] . [4] (Rule: 980044) Executing operator "Ge" with param "5" Was: "" against TX:BLOCKING_INBOUND_ANOMALY_SCORE.
[17195447525.996344] . [9] Target value: "7" (Variable: TX:BLOCKING_INBOUND_ANOMALY_SCORE)
[17195447525.996344] . [9] Matched vars updated.
[17195447525.996344] . [4] Rule returned 1.
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Running action: nolog
[17195447525.996344] . [9] Running action: skipAfter
[17195447525.996344] . [5] Setting skipAfter for: LOG-REPORTING
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [9] Skipped rule id '980045' due to a SecMarker: LOG-REPORTING
[17195447525.996344] . [9] Skipped rule id '980046' due to a SecMarker: LOG-REPORTING
[17195447525.996344] . [9] Skipped rule id '980047' due to a SecMarker: LOG-REPORTING
[17195447525.996344] . [9] Skipped rule id '980048' due to a SecMarker: LOG-REPORTING
[17195447525.996344] . [9] Skipped rule id '980049' due to a SecMarker: LOG-REPORTING
[17195447525.996344] . [9] Skipped rule id '980050' due to a SecMarker: LOG-REPORTING
[17195447525.996344] . [9] Skipped rule id '980051' due to a SecMarker: LOG-REPORTING
[17195447525.996344] . [4] (Rule: 980170) Executing unconditional rule...
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: reporting
[17195447525.996344] . [4] Running (non-disruptive) action: tag
[17195447525.996344] . [9] Rule tag: OWASP_CRS
[17195447525.996344] . [9] Saving msg: Anomaly Scores:
[17195447525.996344] . [9] Running action: noauditlog
[17195447525.996344] . [4] Running (disruptive) action: pass.
[17195447525.996344] . [8] Running action pass
[17195447525.996344] . [8] Checking if this request is suitable to be saved as an audit log.
[17195447525.996344] . [8] Checking if this request is relevant to be part of the audit logs.
[17195447525.996344] . [5] Saving this request as part of the audit logs.
[17195447525.996344] . [8] Request was relevant to be saved. Parts: 6006