Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
00_Init_Initialization.conf	3.27 KB	-rw-r--r--
01_Init_AppsInitialization.con...	1.84 KB	-rw-r--r--
02_Global_Generic.conf	23.78 KB	-rw-r--r--
03_Global_Agents.conf	5.15 KB	-rw-r--r--
04_Global_Domains.conf	3.3 KB	-rw-r--r--
05_Global_Incoming.conf	1.42 KB	-rw-r--r--
06_Global_Backdoor.conf	2.2 KB	-rw-r--r--
07_XSS_XSS.conf	36.21 KB	-rw-r--r--
08_Global_Other.conf	7.44 KB	-rw-r--r--
09_Bruteforce_Bruteforce.conf	5.98 KB	-rw-r--r--
10_HTTP_HTTP.conf	4.11 KB	-rw-r--r--
11_HTTP_HTTPDoS.conf	3.95 KB	-rw-r--r--
12_HTTP_Protocol.conf	12.1 KB	-rw-r--r--
13_HTTP_Request.conf	2.42 KB	-rw-r--r--
14_Outgoing_FilterGen.conf	5.35 KB	-rw-r--r--
15_Outgoing_FilterASP.conf	1.75 KB	-rw-r--r--
16_Outgoing_FilterPHP.conf	2.54 KB	-rw-r--r--
17_Outgoing_FilterSQL.conf	11.83 KB	-rw-r--r--
18_Outgoing_FilterOther.conf	3.57 KB	-rw-r--r--
19_Outgoing_FilterInFrame.conf	1.86 KB	-rw-r--r--
20_Outgoing_FiltersEnd.conf	2.49 KB	-rw-r--r--
21_PHP_PHPGen.conf	1.59 KB	-rw-r--r--
22_SQL_SQLi.conf	13.72 KB	-rw-r--r--
23_ROR_RORGen.conf	2.97 KB	-rw-r--r--
24_Apps_Joomla.conf	7.85 KB	-rw-r--r--
25_Apps_JComponent.conf	42.66 KB	-rw-r--r--
26_Apps_WordPress.conf	10.96 KB	-rw-r--r--
27_Apps_WPPlugin.conf	414.97 KB	-rw-r--r--
28_Apps_WHMCS.conf	967 B	-rw-r--r--
29_Apps_Drupal.conf	83.09 KB	-rw-r--r--
30_Apps_OtherApps.conf	484.08 KB	-rw-r--r--
LICENSE.txt	11.09 KB	-rw-r--r--
bl_IPs	0 B	-rw-r--r--
bl_URLs	714 B	-rw-r--r--
bl_agents	1.92 KB	-rw-r--r--
bl_domains	134.24 KB	-rw-r--r--
bl_input	3.84 KB	-rw-r--r--
bl_os_files	29.46 KB	-rw-r--r--
bl_output	2.17 KB	-rw-r--r--
bl_output_java	240 B	-rw-r--r--
bl_output_php	8.88 KB	-rw-r--r--
bl_output_sql	1.77 KB	-rw-r--r--
bl_php_functions	589 B	-rw-r--r--
bl_scanners	539 B	-rw-r--r--
bl_scanners_headers	216 B	-rw-r--r--
bl_scanners_urls	418 B	-rw-r--r--
categories.conf	262.29 KB	-rw-r--r--
cwatch_managed_domains	0 B	-rw-r--r--
cwatch_protected_domains	0 B	-rw-r--r--
rules.conf.main	975 B	-rw-r--r--
rules.dat	5 B	-rw-r--r--
userdata_bl_IPs	50 B	-rw-r--r--
userdata_bl_URLs	109 B	-rw-r--r--
userdata_bl_agents	37 B	-rw-r--r--
userdata_bl_cookies	34 B	-rw-r--r--
userdata_bl_domains	34 B	-rw-r--r--
userdata_bl_extensions	375 B	-rw-r--r--
userdata_bl_headers	98 B	-rw-r--r--
userdata_bl_referers	35 B	-rw-r--r--
userdata_login_pages	149 B	-rw-r--r--
userdata_wl_IPs	125 B	-rw-r--r--
userdata_wl_URLs	48 B	-rw-r--r--
userdata_wl_agents	37 B	-rw-r--r--
userdata_wl_content_type	193 B	-rw-r--r--
userdata_wl_domains	34 B	-rw-r--r--
userdata_wl_extensions	54 B	-rw-r--r--
userdata_wl_methods	30 B	-rw-r--r--

Code Editor : 03_Global_Agents.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile userdata_wl_agents" \
	"id:210800,phase:2,pass,nolog,t:none,skip:1,rev:2,severity:2,tag:'CWAF',tag:'Agents'"

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile bl_scanners" \
	"id:210801,msg:'COMODO WAF: Request Indicates a Security Scanner Scanned the Site||%{tx.domain}|%{tx.mode}|2',phase:2,block,setvar:'tx.points=+%{tx.points_limit4}',logdata:'%{matched_var}',t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'Agents'"

SecRule REQUEST_HEADERS_NAMES|REQUEST_HEADERS "@pmFromFile bl_scanners_headers" \
	"id:210810,msg:'COMODO WAF: Request Indicates a Security Scanner Scanned the Site||%{tx.domain}|%{tx.mode}|2',phase:2,block,setvar:'tx.points=+%{tx.points_limit4}',logdata:'%{matched_var}',t:none,rev:4,severity:2,tag:'CWAF',tag:'Agents'"

SecRule REQUEST_FILENAME "@pm nessustest appscan_fingerprint" \
	"id:210820,msg:'COMODO WAF: Request Indicates a Security Scanner Scanned the Site||%{tx.domain}|%{tx.mode}|2',phase:2,block,setvar:'tx.points=+%{tx.points_limit4}',logdata:'%{matched_var}',t:none,t:lowercase,rev:2,severity:2,tag:'CWAF',tag:'Agents'"

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile userdata_wl_agents" \
	"id:210830,phase:2,pass,nolog,t:none,skipAfter:'SECMARKER_210800',rev:2,severity:2,tag:'CWAF',tag:'Agents'"

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile bl_agents" \
	"id:210831,chain,msg:'COMODO WAF: Rogue web site crawler||%{tx.domain}|%{tx.mode}|4',phase:2,capture,block,logdata:'%{TX.0}',t:none,rev:2,severity:4,tag:'CWAF',tag:'Agents'"
SecRule REQUEST_HEADERS:User-Agent "(?i:(?:^(?:microsoft url|user-Agent|www\.weblogs\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\bdatacha0s\b|; widows|\\\r|a(?: href=|d(?:sarobot|vanced email extractor)|gdm79@mail\.ru|miga-aweb/3\.4|t(?:hens|tache|(?:omic_email_hunt|spid)er)|utoemailspider)|b(?:ackdoor|lack hole|utch__2\.1\.1|wh3_user_agent)|c(?:h(?:e(?:esebot|rrypicker)|ina(?: local browse 2\.|claw))|o(?:mpatible(?: ;(?: msie|\.)|-)|n(?:cealed defense|t(?:actbot/|entsmartz)|veracrawler)|py(?:guard|rightcheck)|re-project/1.0)|rescent internet toolpak)|d(?:ig(?:imarc webreader|out4uagent)|ts agent)|e(?:ducate search vxb|mail(?:siphon|wolf|(?: extracto|reape)r|(siphon|spider)|(?:collec|harves|magne)t)|o browse|xtractorpro|(?:collecto|irgrabbe)r)|f(?:a(?:xobot|(?:ntombrows|stlwspid)er)|loodgate|oobar/|ull web bot|(?:iddle|ranklin locato)r)|g(?:ameBoy, powered by nintendo|ecko/25|rub(?: crawler|-client))|h(?:anzoweb|hjhj@yahoo|l_ftien_spider)|i(?:n(?:dy library|ternet(?: (?:exploiter sux|ninja)|-exprorer))|sc systems irc search 2\.1)|kenjin spider|larbin@unspecified|m(?:ailto:craftbot@yahoo\.com|i(?:crosoft (?:internet explorer/5\.0$|url control)|ssigua)|o(?:r(?:feus fucking scanner|zilla)|siac 1.|zilla/3\.mozilla/2\.01$)|urzillo compatible)|n(?:ameofagent|e(?:ssus|(?:uralbot/0\.|wt activeX; win3)2)|ikto|o(?: browser|kia-waptoolkit.{0,} googlebot.{0,}googlebot))|p(?:a(?:ckrat|nscient\.com)|cbrowser|e 1\.4|leasecrawl/1\.|mafind|oe-component-client|ro(?:duction bot|gram shareware 1\.0\.|webwalker)|s(?:urf|ycheclone))|rsync|s(?:\.t\.a\.l\.k\.e\.r\.|afexplorer tl|e(?:archbot admin@google.com|curity scan)|hai|itesnagger|(?:tress tes|urveybo)t)|t(?:ele(?:port pro|soft)|oata dragostea mea pentru diavola|uring machine|(?: {0,1}h {0,1}a {0,1}t {0,1}' {0,1}s g {0,1}o {0,1}t {0,1}t {0,1}a {0,1} h {0,1}u {0,1}r {0,1}|akeou|his is an exploi)t)|u(?:nder the rainbow 2\.|ser-agent:)|v(?:adixbot|oideye)|w(?:3mir|e(?:b(?: (?:by mail|downloader)|emailextract{0,1}|mole|vulnscan|(?:bandi|(?:altb|ro)o)t)|lls search ii|p Search 00)|i(?:ndows(?:-update-agent)|se(?:nut){0,1}bot)|ordpress(?: hash grabber|/4\.01))|zeus(?: .{0,}webster pro){0,1}|[a-z]surf[0-9][0-9]|(?:$botname/$botvers|(script|sql) inject)ion|(compatible ; msie|msie .{1,}; .{0,}windows xp)|(?:8484 boston projec|xmlrpc exploi)t|(sogou develop spider|sohu agent)|(?:demo bot|(?:d|e)browse)|(libwen-us|myie2|murzillo compatible|webaltbot|wisenutbot)))" \
	"capture,setvar:'tx.points=+%{tx.points_limit2}'"

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile userdata_bl_agents" \
	"id:210832,msg:'COMODO WAF: Blacklisted by userdata_bl_agents||%{tx.domain}|%{tx.mode}|4',phase:2,capture,block,logdata:'%{TX.0}',t:none,rev:2,severity:4,tag:'CWAF',tag:'Agents'"

SecMarker SECMARKER_210800
SecRule ARGS|REQUEST_FILENAME "@pmFromFile bl_scanners_urls" \
	"id:211010,msg:'COMODO WAF: Request Indicates a Security Scanner Scanned the Site||%{tx.domain}|%{tx.mode}|1',phase:2,block,setvar:'tx.points=+%{tx.points_limit4}',log,logdata:'%{matched_var}',t:none,rev:1,severity:1,tag:'CWAF',tag:'Agents'"

${this.title}

Code Editor : 03_Global_Agents.conf