Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
00_Init_Initialization.conf	3.27 KB	-rw-r--r--
01_Init_AppsInitialization.con...	1.84 KB	-rw-r--r--
02_Global_Generic.conf	23.78 KB	-rw-r--r--
03_Global_Agents.conf	5.15 KB	-rw-r--r--
04_Global_Domains.conf	3.3 KB	-rw-r--r--
05_Global_Incoming.conf	1.42 KB	-rw-r--r--
06_Global_Backdoor.conf	2.2 KB	-rw-r--r--
07_XSS_XSS.conf	36.21 KB	-rw-r--r--
08_Global_Other.conf	7.44 KB	-rw-r--r--
09_Bruteforce_Bruteforce.conf	5.98 KB	-rw-r--r--
10_HTTP_HTTP.conf	4.11 KB	-rw-r--r--
11_HTTP_HTTPDoS.conf	3.95 KB	-rw-r--r--
12_HTTP_Protocol.conf	12.1 KB	-rw-r--r--
13_HTTP_Request.conf	2.42 KB	-rw-r--r--
14_Outgoing_FilterGen.conf	5.35 KB	-rw-r--r--
15_Outgoing_FilterASP.conf	1.75 KB	-rw-r--r--
16_Outgoing_FilterPHP.conf	2.54 KB	-rw-r--r--
17_Outgoing_FilterSQL.conf	11.83 KB	-rw-r--r--
18_Outgoing_FilterOther.conf	3.57 KB	-rw-r--r--
19_Outgoing_FilterInFrame.conf	1.86 KB	-rw-r--r--
20_Outgoing_FiltersEnd.conf	2.49 KB	-rw-r--r--
21_PHP_PHPGen.conf	1.59 KB	-rw-r--r--
22_SQL_SQLi.conf	13.72 KB	-rw-r--r--
23_ROR_RORGen.conf	2.97 KB	-rw-r--r--
24_Apps_Joomla.conf	7.85 KB	-rw-r--r--
25_Apps_JComponent.conf	42.66 KB	-rw-r--r--
26_Apps_WordPress.conf	10.96 KB	-rw-r--r--
27_Apps_WPPlugin.conf	414.97 KB	-rw-r--r--
28_Apps_WHMCS.conf	967 B	-rw-r--r--
29_Apps_Drupal.conf	83.09 KB	-rw-r--r--
30_Apps_OtherApps.conf	484.08 KB	-rw-r--r--
LICENSE.txt	11.09 KB	-rw-r--r--
bl_IPs	0 B	-rw-r--r--
bl_URLs	714 B	-rw-r--r--
bl_agents	1.92 KB	-rw-r--r--
bl_domains	134.24 KB	-rw-r--r--
bl_input	3.84 KB	-rw-r--r--
bl_os_files	29.46 KB	-rw-r--r--
bl_output	2.17 KB	-rw-r--r--
bl_output_java	240 B	-rw-r--r--
bl_output_php	8.88 KB	-rw-r--r--
bl_output_sql	1.77 KB	-rw-r--r--
bl_php_functions	589 B	-rw-r--r--
bl_scanners	539 B	-rw-r--r--
bl_scanners_headers	216 B	-rw-r--r--
bl_scanners_urls	418 B	-rw-r--r--
categories.conf	262.29 KB	-rw-r--r--
cwatch_managed_domains	0 B	-rw-r--r--
cwatch_protected_domains	0 B	-rw-r--r--
rules.conf.main	975 B	-rw-r--r--
rules.dat	5 B	-rw-r--r--
userdata_bl_IPs	50 B	-rw-r--r--
userdata_bl_URLs	109 B	-rw-r--r--
userdata_bl_agents	37 B	-rw-r--r--
userdata_bl_cookies	34 B	-rw-r--r--
userdata_bl_domains	34 B	-rw-r--r--
userdata_bl_extensions	375 B	-rw-r--r--
userdata_bl_headers	98 B	-rw-r--r--
userdata_bl_referers	35 B	-rw-r--r--
userdata_login_pages	149 B	-rw-r--r--
userdata_wl_IPs	125 B	-rw-r--r--
userdata_wl_URLs	48 B	-rw-r--r--
userdata_wl_agents	37 B	-rw-r--r--
userdata_wl_content_type	193 B	-rw-r--r--
userdata_wl_domains	34 B	-rw-r--r--
userdata_wl_extensions	54 B	-rw-r--r--
userdata_wl_methods	30 B	-rw-r--r--

Code Editor : 17_Outgoing_FilterSQL.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule RESPONSE_BODY "@pmFromFile bl_output_sql" \
	"id:214650,msg:'COMODO WAF: Start track SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,pass,setvar:'tx.sql_error_match=1',nolog,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218010,chain,msg:'COMODO WAF: Microsoft Access SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@rx (?i)(?:JET Database Engine|Access Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])" \
	"setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',t:none"

SecRule TX:sql_error_match "@eq 1" \
	"id:218020,chain,msg:'COMODO WAF: Oracle SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm ora- java.sql oracle oci_ ora_" \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:ORA-[0-9][0-9][0-9][0-9]|java\.sql\.SQLException|Oracle error|Oracle.{0,399}Driver|Warning.{0,399}oci_|Warning.{0,399}ora_)" \
	"setvar:'tx.outgoing_points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218030,chain,msg:'COMODO WAF: DB2 SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:3,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm error: [ibm] db2 db2_" \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:DB2 SQL error:|\[IBM\]\[CLI Driver\]\[DB2/6000\]|CLI Driver.{0,399}DB2|DB2 SQL error|db2_\w+\()" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218040,chain,msg:'EMC SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@rx (?i)(?:\[DM_QUERY_E_SYNTAX\]|has occurred in the vicinity of:)" \
	"setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218050,chain,msg:'COMODO WAF: Firebird SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@rx (?i)(?:Dynamic SQL Error)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218060,chain,msg:'COMODO WAF: Frontbase SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,rev:1,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@contains transaction rollback." \
	"chain,t:none,t:lowercase"
SecRule MATCHED_VAR "@rx (?i)(?:Exception (condition )?\d+\. Transaction rollback\.)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218070,chain,msg:'COMODO WAF: hsqldb SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@rx (?i)(?:org\.hsqldb\.jdbc)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218080,chain,msg:'COMODO WAF: informix SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm illegal informix" \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:An illegal character has been found in the statement|com\.informix\.jdbc|Exception.{0,399}Informix)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}',t:none"

SecRule TX:sql_error_match "@eq 1" \
	"id:218090,chain,msg:'COMODO WAF: ingres SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@contains ingres" \
	"chain,t:lowercase,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:Warning.{0,399}ingres_|Ingres SQLSTATE|Ingres\W.{0,399}Driver)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218110,chain,msg:'COMODO WAF: interbase SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:1,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@rx (?i)(?:<b>Warning</b>: ibase_|Unexpected end of command in statement)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218120,chain,msg:'COMODO WAF: maxDB SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm pos maxdb" \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:SQL error.{0,399}POS([0-9]+).{0,399}|Warning.{0,399}maxdb.{0,399})" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218130,chain,msg:'COMODO WAF: mssql SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm .OleDb. [Microsoft] [Macromedia] [SqlException .SqlClient. Unclosed '80040e14' mssql_query() OLE Incorrect Sintaxis Syntax Procedure expression. ADODB.Field select mssql_ SQL" \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:System\.Data\.OleDb\.OleDbException|\[Microsoft\]\[ODBC SQL Server Driver\]|\[Macromedia\]\[SQLServer JDBC Driver\]|\[SqlException|System\.Data\.SqlClient\.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query\(\)|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .{0,399} expects parameter|Unclosed quotation mark before the character string|Syntax error .{0,399} in query expression|Data type mismatch in criteria expression\.|ADODB\.Field \(0x800A0BCD\)|the used select statements have different number of columns|OLE DB.{0,399}SQL Server|Warning.{0,399}mssql_.{0,399}|Driver.{0,399}SQL[\-\_\ ]*Server|SQL Server.{0,399}Driver|SQL Server.{0,399}[0-9a-fA-F]{8}|Exception.{0,399}\WSystem\.Data\.SqlClient\.)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218140,chain,msg:'COMODO WAF: mysql SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm MySQL count mysql_fetch_array() syntax; SQL [MySQL] Table mysql_ MySqlClient." \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:supplied argument is not a valid MySQL|Column count doesn't match value count at row|mysql_fetch_array\(\)|on MySQL result index|You have an error in your SQL syntax;|You have an error in your SQL syntax near|MySQL server version for the right syntax to use|\[MySQL\]\[ODBC|Column count doesn't match|Table '[^']+' doesn't exist|SQL syntax.{0,399}MySQL|Warning.{0,399}mysql_.{0,399}|valid MySQL result|MySqlClient\.)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218150,chain,msg:'COMODO WAF: postgres SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm PostgreSQL pg_query() pg_exec() pg_ Npgsql. PG::" \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:PostgreSQL query failed:|pg_query\(\) \[:|pg_exec\(\) \[:|PostgreSQL.{0,399}ERROR|Warning.{0,399}pg_.{0,399}|valid PostgreSQL result|Npgsql\.|PG::([a-zA-Z]*)Error|Supplied argument is not a valid PostgreSQL (?:.{0,399}?) resource|Unable to connect to PostgreSQL server)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218160,chain,msg:'COMODO WAF: sqlite SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@pm sqlite_ SQLite3:: SQLite .Exception .SQLiteException" \
	"chain,t:none"
SecRule MATCHED_VAR "@rx (?i)(?:Warning.{0,399}sqlite_.{0,399}|Warning.{0,399}SQLite3::|SQLite\/?JDBCDriver|SQLite\.Exception|System\.Data\.SQLite\.SQLiteException)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

SecRule TX:sql_error_match "@eq 1" \
	"id:218170,chain,msg:'COMODO WAF: Sybase SQL Information Leakage||%{tx.domain}|%{tx.mode}|2',phase:4,capture,block,logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,rev:2,severity:2,tag:'CWAF',tag:'FilterSQL'"
SecRule RESPONSE_BODY "@contains Sybase" \
	"chain,t:none,t:lowercase"
SecRule MATCHED_VAR "@rx (?i)(?:Sybase message:|Warning.{0,399}sybase.{0,399}|Sybase.{0,399}Server message)" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.outgoing_points=+%{tx.points_limit4}'"

${this.title}

Code Editor : 17_Outgoing_FilterSQL.conf