p0pr0ck5/gist:3d7b38c3c182604242449ff0b04c444d

## gistfile1.txt
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Recipe: Invoking rule 7f81e7adb240; [file "/etc/modsecurity/modsecurity.conf"] [line "181"] [id "12346"].
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][5] Rule 7f81e7adb240: SecAction "phase:1,log,auditlog,pass,ctl:ruleRemoveTargetById=1234123413;REQUEST_HEADERS:Cookie,id:12346"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 0 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "unconditionalMatch" with param "" against REMOTE_ADDR.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "127.0.0.1"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Ctl: ruleRemoveTargetById id=1234123413 targets=REQUEST_HEADERS:Cookie
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][2] Warning. Unconditional match in SecAction. [file "/etc/modsecurity/modsecurity.conf"] [line "181"] [id "12346"]
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Rule returned 1.
...
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Recipe: Invoking rule 7f81e7ae4860; [file "/etc/modsecurity/modsecurity.conf"] [line "177"] [id "1234123413"].
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][5] Rule 7f81e7ae4860: SecRule "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer" "@rx \\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:1234123413,tag:WEB_ATTACK/SQL_INJECTION,logdata:%{TX.0},severity:2,deny"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Expanded "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer" to "REQUEST_HEADERS:Host|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Accept|REQUEST_HEADERS:Cookie".
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "localhost"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "localhost"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "localhost"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "localhost"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "localhost"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 20 usec.
UEST_HEADERS:Host.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "localhost"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 2 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "curl/7.47.0"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "curl/7.47.0"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "curl/7.47.0"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "curl/7.47.0"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "curl/7.47.0"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 24 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:User-Agent.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "curl/7.47.0"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "*/*"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "*/*"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "* "
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "* "
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "* "
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 19 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:Accept.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "* "
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "_gac_ua-5521579-1=1.1522352332.ealalqobchmi5trkikss2giv0ikzch2viqedeaayasaaegicppd_8we"
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 57 usec.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Target REQUEST_HEADERS:Cookie will not be processed.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:Cookie skipped.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Rule returned 0.
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] No match, not chained -> mode NEXT_RULE.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Recipe: Invoking rule 7f81e7adb240; [file "/etc/modsecurity/modsecurity.conf"] [line "181"] [id "12346"].
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][5] Rule 7f81e7adb240: SecAction "phase:1,log,auditlog,pass,ctl:ruleRemoveTargetById=1234123413;REQUEST_HEADERS:Cookie,id:12346"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 0 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "unconditionalMatch" with param "" against REMOTE_ADDR.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "127.0.0.1"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Ctl: ruleRemoveTargetById id=1234123413 targets=REQUEST_HEADERS:Cookie
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][2] Warning. Unconditional match in SecAction. [file "/etc/modsecurity/modsecurity.conf"] [line "181"] [id "12346"]
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Rule returned 1.
	...
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Recipe: Invoking rule 7f81e7ae4860; [file "/etc/modsecurity/modsecurity.conf"] [line "177"] [id "1234123413"].
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][5] Rule 7f81e7ae4860: SecRule "REQUEST_HEADERS\|XML:/*\|!REQUEST_HEADERS:Referer" "@rx \\b(\\d+) ?= ?\\1\\b\|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:1234123413,tag:WEB_ATTACK/SQL_INJECTION,logdata:%{TX.0},severity:2,deny"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Expanded "REQUEST_HEADERS\|XML:/*\|!REQUEST_HEADERS:Referer" to "REQUEST_HEADERS:Host\|REQUEST_HEADERS:User-Agent\|REQUEST_HEADERS:Accept\|REQUEST_HEADERS:Cookie".
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "localhost"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "localhost"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "localhost"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "localhost"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "localhost"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 20 usec.
	UEST_HEADERS:Host.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "localhost"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 2 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "curl/7.47.0"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "curl/7.47.0"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "curl/7.47.0"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "curl/7.47.0"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "curl/7.47.0"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 24 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b\|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:User-Agent.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "curl/7.47.0"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "/"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "/"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "* "
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "* "
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "* "
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 19 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b\|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:Accept.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "* "
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "_gac_ua-5521579-1=1.1522352332.ealalqobchmi5trkikss2giv0ikzch2viqedeaayasaaegicppd_8we"
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 57 usec.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Target REQUEST_HEADERS:Cookie will not be processed.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b\|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:Cookie skipped.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Rule returned 0.
	[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] No match, not chained -> mode NEXT_RULE.