D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
3
/
task
/
3
/
root
/
etc
/
apache2
/
conf.d
/
imh-modsec
/
Filename :
15_bad_requests.conf
back
Copy
# all.conf # Block access to sensitive dotfiles (.env, .git) SecRule REQUEST_URI "\/\.(?:env|git)" \ "phase:1,log,deny,status:406,auditlog,id:14206,rev:1,severity:2,\ msg:'Blocking access to sensitive dotfiles'" # both.conf # Contains rules which are designed to block disruptive behavior such as stress # testing and security scans # Block benchmark functions in the url SecRule ARGS "benchmark\([0-9]{5,1000}\," \ "deny,log,auditlog,status:406,t:none,t:lowercase,t:htmlEntityDecode,\ t:removeWhitespace,msg:'Benchmark function call in request args',id:'13425',\ tag:'WEB_ATTACK/SQL INJECTION',severity:'4'" # Block attempts to abuse download plugins for php files in parent directories SecRule ARGS_GET "(?:\/|)\.{2}\/.+\.php" \ "log,deny,status:406,auditlog,id:14205,rev:1,severity:2,\ msg:'Attempting to access php files from parent dir'" # Rate limit cPanel/webmail/webdisk/cpcontacts/cpcalendars subdomains: 10 requests per minute per IP # Matches hostnames like cpanel.example.com, webmail.example.com, webdisk.example.com # Excludes authenticated sessions (URIs containing /cpsessNNNN/) # Tracks globally per-IP (not per-hostname) # Initialize the IP collection for rate limiting SecAction "id:13094,phase:1,pass,nolog,initcol:ip=%{remote_addr}" # Skip rate limit counting for authenticated sessions and static assets SecRule REQUEST_URI "@rx /(cpsess[0-9]+|cPanel_magic_revision_[0-9]+|.well-known)/" \ "id:13095,phase:2,pass,nolog,skipAfter:END_CPANEL_RATELIMIT" # Increment counter for cpanel/webmail/webdisk/cpcontacts/cpcalendars subdomains SecRule REQUEST_HEADERS:Host "@rx ^(cpanel|webmail|webdisk|cpcontacts|cpcalendars)\." \ "id:13096,phase:2,pass,nolog,\ setvar:ip.ratelimit_cpanel=+1,\ expirevar:ip.ratelimit_cpanel=60" # Deny if over limit SecRule IP:RATELIMIT_CPANEL "@gt 10" \ "id:13097,phase:2,deny,status:429,chain,\ setenv:RATELIMITED_CPANEL,\ log,msg:'RATELIMITED CPANEL/WEBMAIL/WEBDISK %{remote_addr}'" SecRule REQUEST_HEADERS:Host "@rx ^(cpanel|webmail|webdisk|cpcontacts|cpcalendars)\." SecMarker "END_CPANEL_RATELIMIT" ErrorDocument 429 "Too Many Requests" # Block attempts to access httpoxy exploit SecRule &REQUEST_HEADERS:Proxy "@gt 0" \ "id:1000005,log,deny,status:406,msg:'httpoxy denied'"