Created
April 2, 2018 21:10
-
-
Save p0pr0ck5/3d7b38c3c182604242449ff0b04c444d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Recipe: Invoking rule 7f81e7adb240; [file "/etc/modsecurity/modsecurity.conf"] [line "181"] [id "12346"]. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][5] Rule 7f81e7adb240: SecAction "phase:1,log,auditlog,pass,ctl:ruleRemoveTargetById=1234123413;REQUEST_HEADERS:Cookie,id:12346" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 0 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "unconditionalMatch" with param "" against REMOTE_ADDR. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "127.0.0.1" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Ctl: ruleRemoveTargetById id=1234123413 targets=REQUEST_HEADERS:Cookie | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][2] Warning. Unconditional match in SecAction. [file "/etc/modsecurity/modsecurity.conf"] [line "181"] [id "12346"] | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Rule returned 1. | |
... | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Recipe: Invoking rule 7f81e7ae4860; [file "/etc/modsecurity/modsecurity.conf"] [line "177"] [id "1234123413"]. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][5] Rule 7f81e7ae4860: SecRule "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer" "@rx \\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" "phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:1234123413,tag:WEB_ATTACK/SQL_INJECTION,logdata:%{TX.0},severity:2,deny" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Expanded "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:Referer" to "REQUEST_HEADERS:Host|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Accept|REQUEST_HEADERS:Cookie". | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "localhost" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "localhost" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "localhost" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "localhost" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "localhost" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 20 usec. | |
UEST_HEADERS:Host. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "localhost" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 2 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "curl/7.47.0" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "curl/7.47.0" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "curl/7.47.0" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "curl/7.47.0" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "curl/7.47.0" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 24 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413 | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:User-Agent. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "curl/7.47.0" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "*/*" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "*/*" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "* " | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "* " | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "* " | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 19 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413 | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:Accept. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] Target value: "* " | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Operator completed in 1 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) urlDecodeUni: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) htmlEntityDecode: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) replaceComments: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) compressWhitespace: "_gac_UA-5521579-1=1.1522352332.EAlalQobChMI5trKIKSS2gIV0IKzCh2vIQeDEAAYASAAEgICPPD_8wE" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] T (0) lowercase: "_gac_ua-5521579-1=1.1522352332.ealalqobchmi5trkikss2giv0ikzch2viqedeaayasaaegicppd_8we" | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Transformation completed in 57 usec. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Found exception target list [REQUEST_HEADERS:Cookie] for rule id 1234123413 | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] fetch_target_exception: Target REQUEST_HEADERS:Cookie will not be processed. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Executing operator "rx" with param "\\b(\\d+) ?= ?\\1\\b|[\\'\"](\\w+)[\\'\"] ?= ?[\\'\"]\\2\\b" against REQUEST_HEADERS:Cookie skipped. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][4] Rule returned 0. | |
[02/Apr/2018:14:07:23 --0700] [localhost/sid#7f81e7acf850][rid#7f81e7a120a0][/][9] No match, not chained -> mode NEXT_RULE. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment