Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
00_Init_Initialization.conf	3.27 KB	-rw-r--r--
01_Init_AppsInitialization.con...	1.84 KB	-rw-r--r--
02_Global_Generic.conf	23.78 KB	-rw-r--r--
03_Global_Agents.conf	5.15 KB	-rw-r--r--
04_Global_Domains.conf	3.3 KB	-rw-r--r--
05_Global_Incoming.conf	1.42 KB	-rw-r--r--
06_Global_Backdoor.conf	2.2 KB	-rw-r--r--
07_XSS_XSS.conf	36.21 KB	-rw-r--r--
08_Global_Other.conf	7.44 KB	-rw-r--r--
09_Bruteforce_Bruteforce.conf	5.98 KB	-rw-r--r--
10_HTTP_HTTP.conf	4.11 KB	-rw-r--r--
11_HTTP_HTTPDoS.conf	3.95 KB	-rw-r--r--
12_HTTP_Protocol.conf	12.1 KB	-rw-r--r--
13_HTTP_Request.conf	2.42 KB	-rw-r--r--
14_Outgoing_FilterGen.conf	5.35 KB	-rw-r--r--
15_Outgoing_FilterASP.conf	1.75 KB	-rw-r--r--
16_Outgoing_FilterPHP.conf	2.54 KB	-rw-r--r--
17_Outgoing_FilterSQL.conf	11.83 KB	-rw-r--r--
18_Outgoing_FilterOther.conf	3.57 KB	-rw-r--r--
19_Outgoing_FilterInFrame.conf	1.86 KB	-rw-r--r--
20_Outgoing_FiltersEnd.conf	2.49 KB	-rw-r--r--
21_PHP_PHPGen.conf	1.59 KB	-rw-r--r--
22_SQL_SQLi.conf	13.72 KB	-rw-r--r--
23_ROR_RORGen.conf	2.97 KB	-rw-r--r--
24_Apps_Joomla.conf	7.85 KB	-rw-r--r--
25_Apps_JComponent.conf	42.66 KB	-rw-r--r--
26_Apps_WordPress.conf	10.96 KB	-rw-r--r--
27_Apps_WPPlugin.conf	414.97 KB	-rw-r--r--
28_Apps_WHMCS.conf	967 B	-rw-r--r--
29_Apps_Drupal.conf	83.09 KB	-rw-r--r--
30_Apps_OtherApps.conf	484.08 KB	-rw-r--r--
LICENSE.txt	11.09 KB	-rw-r--r--
bl_IPs	0 B	-rw-r--r--
bl_URLs	714 B	-rw-r--r--
bl_agents	1.92 KB	-rw-r--r--
bl_domains	134.24 KB	-rw-r--r--
bl_input	3.84 KB	-rw-r--r--
bl_os_files	29.46 KB	-rw-r--r--
bl_output	2.17 KB	-rw-r--r--
bl_output_java	240 B	-rw-r--r--
bl_output_php	8.88 KB	-rw-r--r--
bl_output_sql	1.77 KB	-rw-r--r--
bl_php_functions	589 B	-rw-r--r--
bl_scanners	539 B	-rw-r--r--
bl_scanners_headers	216 B	-rw-r--r--
bl_scanners_urls	418 B	-rw-r--r--
categories.conf	262.29 KB	-rw-r--r--
cwatch_managed_domains	0 B	-rw-r--r--
cwatch_protected_domains	0 B	-rw-r--r--
rules.conf.main	975 B	-rw-r--r--
rules.dat	5 B	-rw-r--r--
userdata_bl_IPs	50 B	-rw-r--r--
userdata_bl_URLs	109 B	-rw-r--r--
userdata_bl_agents	37 B	-rw-r--r--
userdata_bl_cookies	34 B	-rw-r--r--
userdata_bl_domains	34 B	-rw-r--r--
userdata_bl_extensions	375 B	-rw-r--r--
userdata_bl_headers	98 B	-rw-r--r--
userdata_bl_referers	35 B	-rw-r--r--
userdata_login_pages	149 B	-rw-r--r--
userdata_wl_IPs	125 B	-rw-r--r--
userdata_wl_URLs	48 B	-rw-r--r--
userdata_wl_agents	37 B	-rw-r--r--
userdata_wl_content_type	193 B	-rw-r--r--
userdata_wl_domains	34 B	-rw-r--r--
userdata_wl_extensions	54 B	-rw-r--r--
userdata_wl_methods	30 B	-rw-r--r--

Code Editor : 14_Outgoing_FilterGen.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule TX:PROCESS_RESPONSE "!@streq on" \
	"id:214399,pass,nolog,skipAfter:'SECMARKER_214410',rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?:<h1>internal server error<\/h1>.{0,}?<h2>part of the server has crashed or it has a configuration error\.<\/h2>|Microsoft OLE DB Provider for SQL Server(?: \(0x80040e31\)<br>Timeout expired<br>|<\/font>.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired)|cannot connect to the server: timed out)" \
	"id:214490,msg:'COMODO WAF: The application is not available||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "href[\t\n\r ]{0,1}=[\t\n\r \x22\']{0,}[a-zA-Z]\:\x5c([^\x22\']{1,})" \
	"id:214510,chain,msg:'COMODO WAF: File or Directory Names Leakage||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"
SecRule TX:1 "!program files\x5cmicrosoft office\x5c(?:office|templates)" \
	"capture,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',t:none,t:lowercase"

SecRule RESPONSE_BODY "!@pm iframe" \
	"id:214520,phase:4,capture,pass,nolog,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,skipAfter:'SECMARKER_214400',rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?i)(eval\(.{0,15}unescape\()" \
	"id:214570,msg:'COMODO WAF: Potential Obfuscated Javascript in Output - Eval+Unescape||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?i)(var[^=]+=\s*unescape\s*;)" \
	"id:214580,msg:'COMODO WAF: Potential Obfuscated Javascript in Output - Unescape||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?i:%u0c0c%u0c0c|%u9090%u9090|%u4141%u4141)" \
	"id:214590,msg:'COMODO WAF: Potential Obfuscated Javascript in Output - Heap Spray||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "!@pmFromFile bl_output" \
	"id:214600,phase:4,capture,pass,nolog,t:none,t:urlDecodeUni,t:htmlEntityDecode,skipAfter:'SECMARKER_214410',rev:1,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "\b(?:Th(?:ese statistics were produced by (?:PeLAB|getstats)|is (?:analysis was produced by.{0,100}?(?:EasyStat|analog|calamaris)|report was generated by WebLog|summary was generated by.{0,100}?(?:Jware|analog|w(?:ebcruncher|wwstat))))|[Gg]enerated by.{0,100}?[Ww]ebalizer)\b" \
	"id:214640,msg:'COMODO WAF: Statistics Information Leakage||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"

SecRule RESPONSE_BODY "(?:<(?:TITLE>Index of.{0,}?<H|title>Index of.{0,}?<h)1>Index of|>\[To Parent Directory]</[Aa]><br>)" \
	"id:214680,msg:'COMODO WAF: Directory Listing||%{tx.domain}|%{tx.mode}|3',phase:4,capture,block,setvar:'tx.outgoing_points=+%{tx.points_limit3}',setvar:'tx.points=+%{tx.points_limit3}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:3,tag:'CWAF',tag:'FilterGen'"

SecRule REQUEST_FILENAME "@endsWith /" \
	"id:217500,phase:1,pass,nolog,ctl:responseBodyAccess=On,t:none,t:urlDecodeUni,t:normalizePath,rev:3,severity:2,tag:'CWAF',tag:'FilterGen'"

SecRule REQUEST_FILENAME "@endsWith /" \
	"id:217501,chain,msg:'COMODO WAF: Possible Information Disclosure by Directory Listing||%{tx.domain}|%{tx.mode}|2',phase:4,capture,deny,status:403,log,t:none,t:urlDecodeUni,t:normalizePath,rev:3,severity:2,tag:'CWAF',tag:'FilterGen'"
SecRule RESPONSE_BODY "@rx (?i:<title>Index of )" \
	"chain,t:none"
SecRule RESPONSE_BODY "@rx (?:\.(?:php|py|rb|html|js|pl|sh)<\/a><\/td>)" \
	"t:none,t:compressWhitespace"

${this.title}

Code Editor : 14_Outgoing_FilterGen.conf