p0pr0ck5/gist:d7513398d7912e678c50

## gistfile1.txt
$VAR52 = {
           'opts' => [
                       {
                         'value' => "regexp\\s*?\\(|sounds\\s+like\\s*?[\\\"'`\x{b4}\x{2019}\x{2018}]|[=\\d]+x))|([\\\"'`\x{b4}\x{2019}\x{2018}]\\s*?\\d\\s*?(?:--|#))|(?:[\\\"'`\x{b4}\x{2019}\x{2018}][\\%&<>^=]+\\d\\s*?(=|x?or|div|like|between|and))|(?:[\\\"'`\x{b4}\x{2019}\x{2018}]\\W+[\\w+-]+\\s*?=\\s*?\\d\\W+[\\\"'`\x{b4}\x{2019}\x{2018}])|(?:[\\\"'`\x{b4}\x{2019}\x{2018}]\\s*?is\\s*?\\d.+[\\\"'`\x{b4}\x{2019}\x{2018}]?\\w)|(?:[\\\"'`\x{b4}\x{2019}\x{2018}]\\|?[\\w-]{3",
                         'opt' => '|\\|\\||\\&\\&)\\s+[\\s\\w+]+(?'
                       },
                       {
                         'opt' => '}[^\\w\\s.'
                       },
                       {
                         'value' => "[\\\"'`\x{b4}\x{2019}\x{2018}]\\s*?is\\s*?[\\d.]+\\s*?\\W.*?[\\\"'`\x{b4}\x{2019}\x{2018}]))\" phase:2",
                         'opt' => "]+[\\\"'`\x{b4}\x{2019}\x{2018}])|(?"
                       },
                       {
                         'opt' => 'capture'
                       },
                       {
                         'opt' => 't',
                         'value' => 'none'
                       },
                       {
                         'value' => 'urlDecodeUni',
                         'opt' => 't'
                       },
                       {
                         'opt' => 'block'
                       },
                       {
                         'opt' => 'msg',
                         'value' => 'Detects basic SQL authentication bypass attempts 3/3'
                       },
                       {
                         'opt' => 'id',
                         'value' => '981246'
                       },
                       {
                         'value' => 'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',
                         'opt' => 'tag'
                       },
                       {
                         'value' => 'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',
                         'opt' => 'logdata'
                       },
                       {
                         'value' => '2',
                         'opt' => 'severity'
                       },
                       {
                         'opt' => 'setvar',
                         'value' => 'tx.msg=%{rule.id}-%{rule.msg}'
                       },
                       {
                         'value' => 'tx.sql_injection_score=+1',
                         'opt' => 'setvar'
                       },
                       {
                         'opt' => 'setvar',
                         'value' => 'tx.anomaly_score=+%{tx.critical_anomaly_score}'
                       },
                       {
                         'opt' => 'setvar',
                         'value' => 'tx.%{tx.msg}-OWASP_CRS/WEB_ATTACK/SQLI-%{matched_var_name}=%{tx.0}'
                       }
                     ],
           'operator' => {
                           'pattern' => '"(?i:(?:in\\s*?\\(+\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not',
                           'operator' => 'rx'
                         },
           'vars' => [
                       {
                         'variable' => 'REQUEST_COOKIES'
                       },
                       {
                         'specific' => '/__utm/',
                         'variable' => '!REQUEST_COOKIES',
                         'modifier' => '!'
                       },
                       {
                         'variable' => '!REQUEST_COOKIES',
                         'modifier' => '!',
                         'specific' => '/_pk_ref/'
                       },
                       {
                         'variable' => 'REQUEST_COOKIES_NAMES'
                       },
                       {
                         'variable' => 'ARGS_NAMES'
                       },
                       {
                         'variable' => 'ARGS'
                       },
                       {
                         'variable' => 'XML',
                         'specific' => '/*'
                       }
                     ],
           'directive' => 'SecRule'
         };
	$VAR52 = {
	'opts' => [
	{
	'value' => "regexp\\s?\\(\|sounds\\s+like\\s?[\\\"'`\x{b4}\x{2019}\x{2018}]\|[=\\d]+x))\|([\\\"'`\x{b4}\x{2019}\x{2018}]\\s?\\d\\s?(?:--\|#))\|(?:[\\\"'`\x{b4}\x{2019}\x{2018}][\\%&<>^=]+\\d\\s?(=\|x?or\|div\|like\|between\|and))\|(?:[\\\"'`\x{b4}\x{2019}\x{2018}]\\W+[\\w+-]+\\s?=\\s?\\d\\W+[\\\"'`\x{b4}\x{2019}\x{2018}])\|(?:[\\\"'`\x{b4}\x{2019}\x{2018}]\\s?is\\s*?\\d.+[\\\"'`\x{b4}\x{2019}\x{2018}]?\\w)\|(?:[\\\"'`\x{b4}\x{2019}\x{2018}]\\\|?[\\w-]{3",
	'opt' => '\|\\\|\\\|\|\\&\\&)\\s+[\\s\\w+]+(?'
	},
	{
	'opt' => '}[^\\w\\s.'
	},
	{
	'value' => "[\\\"'`\x{b4}\x{2019}\x{2018}]\\s?is\\s?[\\d.]+\\s?\\W.?[\\\"'`\x{b4}\x{2019}\x{2018}]))\" phase:2",
	'opt' => "]+[\\\"'`\x{b4}\x{2019}\x{2018}])\|(?"
	},
	{
	'opt' => 'capture'
	},
	{
	'opt' => 't',
	'value' => 'none'
	},
	{
	'value' => 'urlDecodeUni',
	'opt' => 't'
	},
	{
	'opt' => 'block'
	},
	{
	'opt' => 'msg',
	'value' => 'Detects basic SQL authentication bypass attempts 3/3'
	},
	{
	'opt' => 'id',
	'value' => '981246'
	},
	{
	'value' => 'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',
	'opt' => 'tag'
	},
	{
	'value' => 'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',
	'opt' => 'logdata'
	},
	{
	'value' => '2',
	'opt' => 'severity'
	},
	{
	'opt' => 'setvar',
	'value' => 'tx.msg=%{rule.id}-%{rule.msg}'
	},
	{
	'value' => 'tx.sql_injection_score=+1',
	'opt' => 'setvar'
	},
	{
	'opt' => 'setvar',
	'value' => 'tx.anomaly_score=+%{tx.critical_anomaly_score}'
	},
	{
	'opt' => 'setvar',
	'value' => 'tx.%{tx.msg}-OWASP_CRS/WEB_ATTACK/SQLI-%{matched_var_name}=%{tx.0}'
	}
	],
	'operator' => {
	'pattern' => '"(?i:(?:in\\s?\\(+\\s?select)\|(?:(?:n?and\|x?x?or\|div\|like\|between\|and\|not',
	'operator' => 'rx'
	},
	'vars' => [
	{
	'variable' => 'REQUEST_COOKIES'
	},
	{
	'specific' => '/__utm/',
	'variable' => '!REQUEST_COOKIES',
	'modifier' => '!'
	},
	{
	'variable' => '!REQUEST_COOKIES',
	'modifier' => '!',
	'specific' => '/_pk_ref/'
	},
	{
	'variable' => 'REQUEST_COOKIES_NAMES'
	},
	{
	'variable' => 'ARGS_NAMES'
	},
	{
	'variable' => 'ARGS'
	},
	{
	'variable' => 'XML',
	'specific' => '/*'
	}
	],
	'directive' => 'SecRule'
	};