CDN V1.2
  1. WAF开关
CDN V1.2
  • WAF功能
  • 节点自动注册到后台
  • 其它接口
  • 接口更新日志
  • AI接口
  • 定制页面上传
  • API完成情况
  • UEBA参数文档
  • 防火墙配置
  • 节点、域名、缓存
  • 接口认证
  • 节点管理
    • 单节点管理
      • 节点信息(修改日期20230429)
      • 节点初始化(修改日期20230429)
      • 删除节点(修改日期20230429)
      • 更新节点(修改日期20230429)
    • 多节点管理
      • 节点列表(20230429)
      • 多节点初始化(20230429)
      • 删除多节点
      • 更新多节点(20230429)
    • 单域名管理
      • 查询域名gq
      • 查询域名列表(20230611)
      • 添加域名(20230618)
      • 删除域名
      • 查询域名(20230611)
      • 更新域名W(20230611)
      • 关联CDN节点
      • 解除CDN节点
      • 加速域名启停
    • 多域名管理
      • 健康检查开关
      • 添加多域名(20230611)
      • 删除多域名
      • 更换CDN节点(20230503)
      • 更新域名(20230611)
      • 多加速域名启停
    • 域名日志开关【2024.06更新】
      • 查询域名日志开关
      • 更新域名日志开关
  • 缓存配置
    • 缓存配置
      • 未命名接口
      • 所有缓存配置列表
      • 增加缓存配置
      • 删除缓存配置
      • 清理域名缓存(20230430更新)
      • 查询单个缓存配置
      • 更新缓存配置
      • 缓存预热(开启/关闭)(20230528)
  • 防火墙配置
    • IP黑/白名单
      • 开启关闭
      • 增加
      • 删除
      • 查询
    • URL黑/白名单
      • 开启关闭
      • 增加
      • 删除
      • 查询
    • 防CC
      • 更新(20230927更新)
      • 查询
    • 防盗链
      • 更新
      • 查询
    • 精准访问控制【2024.06更新】
      • 接口说明
      • 增加
      • 删除
      • 查询
      • 更新
      • 开关接口
    • 区域访问限制
      • 增加
      • 删除
      • 查询
    • APP专用防CC策略
      • 更新
      • 查询
    • 内容安全风控:关键字【2024.06更新】
      • 敏感词列表接口
      • 添加敏感词
      • 删除敏感词
      • 删除规则
      • 更新
      • 查询
      • 删除
    • 内容安全风控:图片
      • 查询
      • 更新
    • 安全访问控制
      • 增加
      • 修改更新
      • 删除
      • 查询
    • WAF功能
      • WAF开关
        • 开启WAF开关 gq
        • 查看WAF开启 gq
        • 查看WAF开启
        • 开启WAF开关
      • 文件包含
        • 更新 gq
        • 查询 gq
        • 更新
        • 查询
      • 会话固定攻击
        • 更新gq
        • 更新
        • 查询
      • Shellshock后门
        • 更新
        • 查询
      • 脚本/扫描器/僵尸程序检测
        • 更新
        • 查询
      • 元数据/错误泄漏
        • 更新
        • 查询
      • 防注入
        • 更新 gq
        • 查询 gq
        • 更新
        • 查询
      • 高级过滤
        • 更新
        • 查询
      • 代码注入
        • 更新 gq
        • 更新
        • 查询
    • 新WAF功能
      • WAF开关
        • 自定义waf规则编写规范文档
        • waf响应字段
        • waf规则启停
          PUT
        • waf规则启停(新)
          PUT
        • 查看新waf配置
          GET
        • 根据domainid查询waf规则开启状态
          GET
        • 查看waf规则
          GET
      • 自定义waf规则
        • 自定义waf规则查询
        • 自定义waf规则增加
        • 自定义waf规则删除
    • 防篡改
      • 防篡改更新
      • 防篡改查看
    • 批量配置接口
      • 防护规则配置
      • 黑名单删除指定IP列表(支持多域名)
      • 黑名单清空(只清空自动添加IP,支持多域名)
      • 防护规则配置-New 20240910
    • http防护【2024.05更新】
      • 文件后缀列表
      • contentType列表
      • http防护配置查询
      • http防护配置修改
    • 动态防护【2024.06更新】
      • 动态防护修改
      • 动态防护配置查看
    • 资源访问控制【2024.06更新】
      • 接口功能说明
      • 资源访问控制配置修改接口
      • 资源访问控制配置查询接口
      • 已缓存静态资源列表
      • 删除静态资源缓存
      • 自定义缓存文件
      • 静态资源缓存文件替换
    • bot防护【2024.06更新】
      • 接口说明
      • 查询botip列表
      • 添加botip
      • 查询bot配置
      • bot配置
      • bot列表查询
      • 新版bot信息查询接口
    • api防护【2024.06更新】
      • 接口说明
      • api防护配置增加
      • api防护配置查询
      • api列表
      • api防护配置删除
      • api防护配置修改
      • api防护总开关
    • url统计模块【2024.06更新】
      • 接口说明
      • 删除node_apis
      • 查询node_apis
      • 增加node_apis
      • 查询node_resources
      • 增加node_resources
      • 删除node_resources
    • api基线管理
      • 查询基线
      • 增加基线规则
      • 基线开关接口
    • httpStream
      • httpstream配置查看
      • httpstream配置修改
  • 证书管理
    • 证书
      • 增加
      • 删除
      • 查询
      • 更新
      • -自动获取
      • -自动获取
  • 统计数据
    • 流量TOP5000(见下面折线图)
      • 查询(2023年6月30日修改)
    • 请求TOP5000(见下面折线图)
      • 查询(2023年6月30日修改)
    • 记录统计
      • http抓包数据统计接口(2023年6月29日修改)
      • 模型识别数据统计接口(2023年7月19日修改)
      • 防护记录统计接口(2023年6月29日修改)
      • 记录查询接口(2023年6月29日修改)
      • 流量统计接口(2023年6月29日修改)
      • IP被访问统计接口(2023年6月29日修改)
      • 黑白名单统计(2023年6月29日修改)
    • 折线图
      • 流量TOP5000折线图废弃
      • 请求TOP5000折线图废弃
      • http抓包数据折线图(2023年7月16日修改)
      • 模型识别数据接口折线图(2023年7月16日修改)
      • 防护记录接口折线图(2023年7月16日修改)
      • 流量统计折线图(2023年7月16日修改)
      • IP被访问折线图(2023年7月16日修改)
      • 黑白名单统计折线图(2023年7月16日修改)
    • 饼图
      • 攻击查询饼状图(2023年7月19日修改)
    • 总计接口
      • 流量总计接口(2023年7月14日修改)
      • 防护记录统计(2023年7月14日修改)
      • 模型识别总计接口(2023年7月14日修改)
    • Bot管理(开发中)
      • 搜索引擎的访问记录列表
      • 按照域名查询搜索引擎的访问分布
      • 按照实例id查询搜索引擎的访问分布
      • 按照实例id查询搜索引擎的访问趋势(小时)
      • 获取指纹
  • 其它
    • (弃用)封禁IP
      • 新增封禁IP
      • 删除封禁IP
      • 查询
    • (弃用)临时黑白名单
      • 新增临时黑白名单IP
      • 删除临时黑白名单IP
      • 查询临时黑白名单
    • (弃用)全局白名单(内部使用)
      • 添加白名单(支持全量更新)
      • 查看白名单
      • 删除白名单
    • 七层封禁
      • 7层封禁
      • 7层封禁查询
      • 7层封禁删除
      • 7层白名单
      • 7层白名单查询
      • 7层白名单删除
    • 三层封禁
      • 三层封禁
      • 三层封禁查询
      • 三层封禁删除
      • 三层白名单
      • 三层白名单查询
      • 三层白名单删除
    • 全局解封接口
    • kafka配置接口(内部使用)
    • 静态页面配置定制页面上传
    • 静态页面配置删除定制页面
    • error定制页面
    • error定制页面
    • ali access key 查询接口
    • ali access key 修改接口
    • 上报异常接口
    • 全局默认配置
    • 全局默认配置
  • 健康检查
    • 健康检查
      • 获取健康检查结果
  • AI接口
    • 模型强干预接口(2023年6月25日新增)
    • 模型强干预接口(2023年6月25日新增)
    • 模型强干预接口(2023年6月25日新增)
    • 模型强干预接口(2023年6月25日新增)
    • 识别结果分析
    • 查询模型训练接口(20230621)
    • 增加模型训练接口(支持批量)(20230621)
    • 删除模型训练接口
    • 模型上下线接口(20230621)
    • 修改域名拉白最大数量 (20230621)
  • 接口认证
    • 获取认证token
  • 测试包
    • 防火墙测试
      • 黑白名单测试
      • 黑白名单域名
      • post测试阻断
      • 防盗链
      • 防cc阻断测试
      • 重定向
      • 防cc等待
      • post重定向
      • post等待
  • UEBA【2024.06更新】
    • (内部使用)内部进行debug
    • 获取默认模型详细配置信息
    • 批量修改当前域的模型详细配置信息
    • 获取当前域的模型详细配置信息
    • 修改当前域的某个模型的详细配置信息
    • 获取当前域的单个模型详细配置信息
    • 添加域
    • 获取当前所有域的信息
    • 更新多个域
    • 添加多个域
    • 【已屏蔽该接口】获取当前所有域的信息
    • 暂停多个域
    • 恢复多个域
    • 部分更新指定单个域
    • 获取指定的单个域信息
    • 暂停单个域
    • 恢复单个域
    • 删除单个域
    • 删除多个域
    • 模型日志接口
    • 为当前域添加一个模型及详细配置
    • 当前域批量添加多个模型及详细配置
    • 删除当前域的一个模型
    • 批量删除当前域的多个模型
  • 【内部用】ip库管理【2024.06更新】
    • 查询ip库
    • ip库增加
    • ip库删除
  1. WAF开关

根据domainid查询waf规则开启状态

开发中
GET
/firewall/rulestatus

query字段格式#

CodeInjection 代码注入
FileInclusion 文件包含
HTTPProxy 代理
Leakages 数据泄露
SQLInjection SQL注入
ScannerDetection 程序监测/扫描器
SessionFixation 会话固定攻击
ShellInjection shell后门
XSS xss
Customize 自定义waf规则

其他查询参数#

appname 分类
["joomla","Yeager","PivotX","WordPress","EasyHosting","Drupal","易托管","Zenphoto","Z-BlogPHP","Grawlix","CouchCMS","BigwareShop","Magmi","ProjeQtor","VtigerCRM","vBulletin","Microweber","WHMCS","Owncloud","DOKEOS","SimplePHPBplog","Coppermine","Vivvo","Tikiwiki","Zencart","TimThumb","PhpMyAdmin","TestLink","PrestaShop","PHP-Fusion","SugarCRM","Dolibarr","CMSMadeSimple","Coldfusion","Domino","WordPressPlugin","Adminsystems","Machform","WUZHI","Piwigo","SEMCMS","concrete5","EPESI","RabbitMQ","青蛙CMS","WebsiteBaker","Gnew","pfSense","FiyoCMS","GeckoCMS","MySqlLite","MantisBT","WolfCMS","refbase","osTicket","X2EngineX2CRM","DomainMod","SilverStripeCMS","ExponentCMS","SymphonyCMS","Metinfo","SubrionCMS","waimaiSuper","Serendipity","PHPMyWind","OpenEMR","cacti","ZeroCMS","GeniXCMS","TYPO3","ol-commerce","glFusion","LibreNMS","LimeSurvey","AuraCMS","ILIAS","phpLiteAdmin","FreeReprintablesArticleFR","Sefrengo","Saurus","optherapps"]
joomla 223230
Yeager  393734,393721
PivotX 393739,241320,241321,242420,244240,244490
WordPress 331216,377360
EasyHosting 391739
Drupal 377308,391235
易托管  391709
Zenphoto 393738
Z-BlogPHP 245970,246060,246110
Grawlix 393720
CouchCMS 393719
BigwareShop 364577
Magmi 344577,244160
ProjeQtor 344477
VtigerCRM 343481,220560,220230,222140,240890
vBulletin 377300,342154,376476,347474,331358,390649,390650
Microweber 337472,241590
WHMCS 378410,317368,331357,222040
Owncloud 331323,242730,242910,243330
DOKEOS 333458,220940,220941,220942
SimplePHPBplog 380107,380108,380101,380103,390486,220770
Coppermine 390205,240390,243230,245870,215050,243220,248200
Vivvo 390104,390105
Tikiwiki  390176,310087
Zencart 377323,377316,390637,390638,320757
TimThumb 380215,381214,381202
PhpMyAdmin 311293,220630,221490,240160,241470,241471,241472,241500,241501,241502,241610,242780,243110,220100,245720,247750,220090,241570,241620,241621,241720,242490,242860,247740
TestLink  311294,241830,247940
Prestashop 377320,377321,377322
PHP-Fusion 221292,221293,221294,221295,221296,221297,221298,241760,241761,243160,243161,243162,243163,243164,243165,243166,243167,243168,221190,247910,247911
SugarCRM 377303,391744,391745
Dolibarr  221360,221361
CMSMadeSimple 380105,215080,220780,220790,220791,242640,244590,245250,245670,245671,245880,246280,246960,247180,246290,246310,220960,248140
Coldfusion 310155,310156,310157,310158,310160,310161,310162,310163,310164,310165,310166,310167,310168,310171,310172,310173,310174,310175,310176,310154
Domino 310185,310186,310187,310188,310189,310190,310191,310192,310193,310194,310195,310196,310197,310198,310199,310200
WordPressPlugin 232320,220550
Adminsystems  241370,241380
Machform 220120,220122,247690,220110,220070
WUZHI 246330,246340,246350,246540,246560,246630,246860,247480,247510
Piwigo 240640,240750
SEMCMS 247830,248120,248130
concrete5 221330,241270,241271,241272,241273,241274,241275,241276,241279,241280,241290,241310,241940,241941,241942,245440,244080
EPESI 243980,243990,244000,244010,244220,244420,244430,244530
RabbitMQ 243510,243511
青蛙cms 245910,246040,246740
WebsiteBaker 241490,241491,241492,244580,241480
Gnew 243200,243203,243250,243251,243252,220980,220981,247970,247971,220990
pfSense 221610,221611,221612,221614,221620,221630,221631,221632,247730
FiyoCMS 241660,241661,241670,241671,244840,245350,247710,247711,241630,244850,244890,244990,245020,245260,245490
GeckoCMS 241050,241051,241052,241053,241054,241055,241056,241057,241058,241059,241060,241061,241070,241071
MySqlLite 242100,242101
MantisBT  240430,242250,242540,242580,242631,242670,242750,243690,244070,244100,244110,244170,244180,244190,244210,244820,247000,247130,244280,244390,247950
WolfCMS  246440,246450,246451,246510,246580
refbase  240690,240940,240941,240942,240980,240981,240982,240983,240984,240930,241740,242970
osTicket  241400,242140,242141,242142,245840,245850
X2EngineX2CRM 242940,247980,243461,243462,240001,241430
DomainMod  246090,246170,247070,247080,247190,246990
SilverStripecms  245300,245710
ExponentCMS  241850,242040,242840,243380,243530,243790,243280,243440,243450,243560,243561,242710,243270,243390,243490,243520
Symphonycms 240760,240860,240870,244370,221020,243900
Metinfo 245510,246890,247410,247420,247430,247440,245320
Subrioncms 246380,246381,246660,248000,246430
waimaiSuper 246930,246940
Serendipity 240770,241820,243570,240500,240520,240550,243600,245400,240540
PHPMyWind 247680,247820
OpenEMR 242590,242650,245160,245690,246070,246680,246700,246790,246820,246830,247760,242831,242832,247020,247770
cacti 240400,242600,242610,247250,247290,222330,222331,240280,240350,240360,240380,240670,241410,241840,242760,244740,248020,241580,241581,244960
ZeroCMS 221300,221310,240970
GeniXCMS 240230,240231,241190,241191,242120,242121,243610,243670,243680,243720,243740,243760,243810,243811,244340,245120,245940,243800,243870
TYPO3 377309,241800,242820,240960,240990,240991
Dolibarr 221360,221361,221362,221363,221364,240800,240810,241300,241301,241302,244350,244360,245420,245700,245900,246030,246031,246032,246100,246770,246800,247100,247220,211060,221350,244450,245030,245040,245540,245550,245560,245960,246550,247140,247160,247300,247310,247320,246120,247700
SEMCMS 247830,248120,248130
ol-commerce 210450,210451,210452,247960
Piwigo 240640,240750,243480,243620,244520,244720,244721,245580,245630,245660,245750,245760,245790,245800,248030,218560,240740,241000,241001,241770,241900,244570,245360,245570,245610,245770,247920,243640,243660,244130,244780,245620
glFusion  220510,220511,220512
LibreNMS 248160,248180
LimeSurvey 240060,240070,240071,240080,246880,240580,240590
AuraCMS 220590,220591,242190,242280
ILIAS 220710,220711,248040
phpLiteAdmin  240370,240371
FreeReprintablesArticleFR 240260,240261,240262,240300
Sefrengo 241010,241011,241012,241013,241020,241030,241031
Saurus 241040,241041,241042
optherapps 247460
level为对应的规则威胁程度 1低危 2中危 3高危

请求参数

Authorization
在 Header 添加参数
Authorization
,其值为在 Bearer 之后拼接 Token
示例:
Authorization: Bearer ********************
Query 参数
page
integer 
页数
必需
示例值:
1
size
integer 
每页个数
必需
示例值:
100
query
string 
规则类型
可选
示例值:
CodeInjection
id
string 
可选
根据规则id进行搜索,支持批量,使用英文逗号进行分割
示例值:
913100,913210
name
string 
可选
根据规则名称进行模糊搜索,支持批量,使用英文逗号,分割
示例值:
扫描器,HTTP
appName
string 
可选
用于查询指定应用所对应的waf规则
level
integer 
规则等级
可选
instanceId
string 
必需
domian_uuid
Header 参数
Accept
string 
必需
默认值:
application/json

示例代码

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
请求示例请求示例
Shell
JavaScript
Java
Swift
curl --location --request GET '/firewall/rulestatus?page=1&size=100&query=CodeInjection&id=913100,913210&name=扫描器,HTTP&appName=&level=&instanceId=' \
--header 'Accept;'

返回响应

🟢200成功
application/json
Body
code
integer 
必需
message
string 
必需
total
integer 
必需
data
array [object {24}] 
必需
level
integer 
必需
app_name
string 
必需
configuration_notes
string 
必需
alert_message
string 
必需
rule_class
string 
必需
version
string 
必需
action
string 
必需
additional_information
string 
必需
rule_id
integer 
必需
filename
string 
必需
transforms
string 
必需
troubleshooting
string 
必需
rule_factory_type
integer 
必需
description
string 
必需
outside_references
string 
必需
tuning_guidance_notes
string 
必需
log_types
string 
必需
severity
string 
必需
http_protocol_phase
string 
必需
false_positives
string 
必需
original_rule
string 
必需
name
string 
必需
http_status
string 
必需
similar_rules
string 
必需
示例
{
  "code": 200,
  "message": "成功",
  "total": 47,
  "data": [
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933011,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 1\" \"id:933011,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-1",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933012,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 1\" \"id:933012,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-2",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933100,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现PHP打开标签",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \"@rx (?:<\\?(?:[^x]|x[^m]|xm[^l]|xml[^\\s]|xml$|$)|<\\?php|\\[(?:/|\\x5c)?php\\])\" \\\n    \"id:933100,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,t:lowercase,\\\n    msg:'PHP Injection Attack: PHP Open Tag Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-3",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933110,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现PHP脚本文件上传",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X.Filename|REQUEST_HEADERS:X-File-Name \"@rx .*\\.ph(?:p\\d*|tml|ar|ps|t|pt)\\.*$\" \"id:933110,phase:2,block,capture,t:none,t:lowercase,msg:'PHP Injection Attack: PHP Script File Upload Found',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'application-multi',tag:'language-php',tag:'platform-multi',tag:'attack-injection-php',tag:'paranoia-level/1',tag:'OWASP_CRS',tag:'capec/1000/152/242',ver:'OWASP_CRS/4.0.0-rc2',severity:'CRITICAL',setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-4",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933120,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现配置指令",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \"@pmFromFile ./waf_rules/php-config-directives.data\" \\\n    \"id:933120,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,t:normalisePath,\\\n    msg:'PHP Injection Attack: Configuration Directive Found',\\\n    logdata:'Matched Data: %{TX.933120_TX_0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.933120_tx_0=%{tx.0}',\\\n    chain\"\n    SecRule MATCHED_VARS \"@pm =\" \\\n        \"capture,\\\n        setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n        setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-5",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933130,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现变量",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \"@pmFromFile ./waf_rules/php-variables.data\" \\\n    \"id:933130,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,t:normalisePath,t:urlDecodeUni,\\\n    msg:'PHP Injection Attack: Variables Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-6",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933140,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现I/O流",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \"@rx (?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)\" \\\n    \"id:933140,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,\\\n    msg:'PHP Injection Attack: I/O Stream Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-7",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933200,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:检测到包装器方案",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \"@rx (?:bzip2|expect|glob|ogg|(?:ph|r)ar|ssh2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?|z(?:ip|lib))://\" \\\n    \"id:933200,\\\n    phase:2,\\\n    block,\\\n    t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,t:cmdLine,\\\n    msg:'PHP Injection Attack: Wrapper scheme detected',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-8",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933150,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现高危PHP函数名",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* \"@pmFromFile ./waf_rules/php-function-names-933150.data\" \\\n    \"id:933150,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,\\\n    msg:'PHP Injection Attack: High-Risk PHP Function Name Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-9",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933160,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现高风险PHP函数调用",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* \"@rx (?i)\\b\\(?[\\\"']*(?:assert(?:_options)?|c(?:hr|reate_function)|e(?:val|x(?:ec|p))|file(?:group)?|glob|i(?:mage(?:gif|(?:jpe|pn)g|wbmp|xbm)|s_a)|md5|o(?:pendir|rd)|p(?:assthru|open|rev)|(?:read|tmp)file|un(?:pac|lin)k|s(?:tat|ubstr|ystem))(?:/(?:\\*.*\\*/|/.*)|#.*[\\s\\v]|\\\")*[\\\"']*\\)?[\\s\\v]*\\(.*\\)\" \\\n    \"id:933160,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,\\\n    msg:'PHP Injection Attack: High-Risk PHP Function Call Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-10",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933170,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:序列化对象注入",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|ARGS_NAMES|ARGS|XML:/* \"@rx [oOcC]:\\d+:\\\".+?\\\":\\d+:{.*}\" \\\n    \"id:933170,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,\\\n    msg:'PHP Injection Attack: Serialized Object Injection',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-11",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933180,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现变量函数调用",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* \"@rx \\$+(?:[a-zA-Z_\\x7f-\\xff][a-zA-Z0-9_\\x7f-\\xff]*|\\s*{.+})(?:\\s|\\[.+\\]|{.+}|/\\*.*\\*/|//.*|#.*)*\\(.*\\)\" \\\n    \"id:933180,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,\\\n    msg:'PHP Injection Attack: Variable Function Call Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-12",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933210,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现变量函数调用",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* \"@rx (?:\\((?:.+\\)(?:[\\\"'][\\-0-9A-Z_a-z]+[\\\"'])?\\(.+|[^\\)]*string[^\\)]*\\)[\\s\\v\\\"'\\--\\.0-9A-\\[\\]_a-\\{\\}]+\\([^\\)]*)|(?:\\[[0-9]+\\]|\\{[0-9]+\\}|\\$[^\\(-\\),\\.-/;\\x5c]+|[\\\"'][\\-0-9A-Z\\x5c_a-z]+[\\\"'])\\(.+)\\);\" \\\n    \"id:933210,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,t:urlDecode,t:replaceComments,t:removeWhitespace,\\\n    msg:'PHP Injection Attack: Variable Function Call Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-13",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933013,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 2\" \"id:933013,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-14",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933014,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 2\" \"id:933014,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-15",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933151,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现中等风险的PHP函数名",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* \"@pmFromFile ./waf_rules/php-function-names-933151.data\" \\\n    \"id:933151,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,\\\n    msg:'PHP Injection Attack: Medium-Risk PHP Function Name Found',\\\n    logdata:'Matched Data: %{TX.933151_TX_0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    tag:'paranoia-level/2',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.933151_tx_0=%{tx.0}',\\\n    chain\"\n    SecRule MATCHED_VARS \"@pm (\" \\\n        \"capture,\\\n        setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n        setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-16",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933015,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 3\" \"id:933015,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-17",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933016,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 3\" \"id:933016,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-18",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933131,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现变量",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \"@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI\" \\\n    \"id:933131,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,t:normalisePath,t:urlDecodeUni,\\\n    msg:'PHP Injection Attack: Variables Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    tag:'paranoia-level/3',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-19",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933161,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现低值PHP函数调用",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* \"@rx (?i)\\b(?:a(?:bs|s(?:in|sert(?:_options)?))|basename|c(?:h(?:eckdate|r(?:oot)?)|o(?:(?:mpac|(?:nsta|u)n)t|py|sh?)|r(?:eate_function|ypt)|urrent)|d(?:ate|e(?:coct|fined?)|ir)|e(?:nd|val|x(?:ec|p(?:lode)?|tract))|f(?:ile(?:(?:[acm]tim|inod|siz|typ)e|group|owner|perms)?|l(?:o(?:ck|or)|ush))|glob|h(?:ash|eader)|i(?:date|m(?:age(?:gif|(?:jpe|pn)g|wbmp|xbm)|plode)|s_a)|key|l(?:ink|og)|m(?:a(?:il|x)|d5|in)|n(?:ame|ext)|o(?:pendir|rd)|p(?:a(?:ck|ss(?:thru)?)|i|o(?:pen|w)|rev)|r(?:an(?:d|ge)|e(?:(?:adfil|nam)e|set)|ound)|s(?:(?:erializ|huffl)e|in|leep|(?:or|ta)t|ubstr|y(?:mlink|s(?:log|tem)))|t(?:an|(?:im|mpfil)e|ouch|rim)|u(?:cfirst|n(?:lin|pac)k)|virtual)(?:[\\s\\v]|/\\*.*\\*/|(?:#|//).*)*\\(.*\\)\" \\\n    \"id:933161,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,\\\n    msg:'PHP Injection Attack: Low-Value PHP Function Call Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    tag:'paranoia-level/3',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-20",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933111,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现PHP脚本文件上传",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X.Filename|REQUEST_HEADERS:X-File-Name \"@rx .*\\.(?:php\\d*|phtml)\\..*$\" \"id:933111,phase:2,block,capture,t:none,t:lowercase,msg:'PHP Injection Attack: PHP Script File Upload Found',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'application-multi',tag:'language-php',tag:'platform-multi',tag:'attack-injection-php',tag:'OWASP_CRS',tag:'capec/1000/152/242',tag:'paranoia-level/3',ver:'OWASP_CRS/4.0.0-rc2',severity:'CRITICAL',setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-21",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933190,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现PHP关闭标签",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \"@pm ?>\" \\\n    \"id:933190,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,t:urlDecodeUni,\\\n    msg:'PHP Injection Attack: PHP Closing Tag Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    tag:'paranoia-level/3',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-22",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933211,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "PHP注入攻击:发现变量函数调用",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* \"@rx (?:\\((?:.+\\)(?:[\\\"'][\\-0-9A-Z_a-z]+[\\\"'])?\\(.+|[^\\)]*string[^\\)]*\\)[\\s\\v\\\"'\\--\\.0-9A-\\[\\]_a-\\{\\}]+\\([^\\)]*)|(?:\\[[0-9]+\\]|\\{[0-9]+\\}|\\$[^\\(-\\),\\.-/;\\x5c]+|[\\\"'][\\-0-9A-Z\\x5c_a-z]+[\\\"'])\\(.+)\\)(?:;|$)?\" \\\n    \"id:933211,\\\n    phase:2,\\\n    block,\\\n    capture,\\\n    t:none,t:urlDecode,t:replaceComments,t:removeWhitespace,\\\n    msg:'PHP Injection Attack: Variable Function Call Found',\\\n    logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-php',\\\n    tag:'platform-multi',\\\n    tag:'attack-injection-php',\\\n    tag:'paranoia-level/3',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/242',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'\"",
      "name": "PHP代码执行攻击防护规则-23",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933017,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 4\" \"id:933017,phase:1,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-24",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 933018,
      "filename": "REQUEST-933-APPLICATION-ATTACK-PHP.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 4\" \"id:933018,phase:2,pass,nolog,skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP\"",
      "name": "PHP代码执行攻击防护规则-25",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944011,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 1\" \"id:944011,phase:1,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-1",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944012,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 1\" \"id:944012,phase:2,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-2",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944100,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "远程命令执行:检测到可疑的Java类",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx java\\.lang\\.(?:runtime|processbuilder)\" \\\n    \"id:944100,\\\n    phase:2,\\\n    block,\\\n    t:none,t:lowercase,\\\n    msg:'Remote Command Execution: Suspicious Java class detected',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/137/6',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/1',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-3",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944110,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "远程命令执行:Java进程生成漏洞(CVE-2017-9805)",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx (?:runtime|processbuilder)\" \\\n    \"id:944110,\\\n    phase:2,\\\n    block,\\\n    t:none,t:lowercase,\\\n    msg:'Remote Command Execution: Java process spawn (CVE-2017-9805)',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/1',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    chain\"\n    SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \"@rx (?:unmarshaller|base64data|java\\.)\" \\\n        \"setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n        setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-4",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944120,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "远程命令执行:Java序列化漏洞(CVE-2015-4852)",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)\" \\\n    \"id:944120,\\\n    phase:2,\\\n    block,\\\n    t:none,t:lowercase,\\\n    msg:'Remote Command Execution: Java serialization (CVE-2015-4852)',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/1',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    chain\"\n    SecRule MATCHED_VARS \"@rx (?:runtime|processbuilder)\" \\\n        \"setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n        setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-5",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944130,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "检测到可疑Java类",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_FILENAME|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@pmFromFile ./waf_rules/java-classes.data\" \\\n    \"id:944130,\\\n    phase:2,\\\n    block,\\\n    t:none,\\\n    msg:'Suspicious Java class detected',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/1',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-6",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944140,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "Java注入攻击:发现Java脚本文件上传",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEADERS:X.Filename|REQUEST_HEADERS:X-File-Name \"@rx .*\\.(?:jsp|jspx)\\.*$\" \"id:944140,phase:2,block,capture,t:none,t:lowercase,msg:'Java Injection Attack: Java Script File Upload Found',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',tag:'application-multi',tag:'language-java',tag:'platform-multi',tag:'attack-injection-java',tag:'paranoia-level/1',tag:'OWASP_CRS',tag:'capec/1000/152/242',ver:'OWASP_CRS/4.0.0-rc2',severity:'CRITICAL',setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-7",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944150,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "潜在的远程命令执行:Log4j / Log4shell",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/*|XML://@* \"@rx (?i)(?:\\$|&dollar;?)(?:\\{|&l(?:brace|cub);?)(?:[^\\}]{0,15}(?:\\$|&dollar;?)(?:\\{|&l(?:brace|cub);?)|jndi|ctx)\" \"id:944150,phase:2,block,t:none,t:urlDecodeUni,t:jsDecode,t:htmlEntityDecode,log,msg:'Potential Remote Command Execution: Log4j / Log4shell',tag:'application-multi',tag:'language-java',tag:'platform-multi',tag:'attack-rce',tag:'OWASP_CRS',tag:'capec/1000/152/137/6',tag:'PCI/6.5.2',tag:'paranoia-level/1',ver:'OWASP_CRS/4.0.0-rc2',severity:'CRITICAL',setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-8",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944013,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 2\" \"id:944013,phase:1,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-9",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944014,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 2\" \"id:944014,phase:2,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-10",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944151,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "潜在的远程命令执行:Log4j / Log4shell",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/*|XML://@* \"@rx (?i)(?:\\$|&dollar;?)(?:\\{|&l(?:brace|cub);?)(?:[^\\}]*(?:\\$|&dollar;?)(?:\\{|&l(?:brace|cub);?)|jndi|ctx)\" \"id:944151,phase:2,block,t:none,t:urlDecodeUni,t:jsDecode,t:htmlEntityDecode,log,msg:'Potential Remote Command Execution: Log4j / Log4shell',tag:'application-multi',tag:'language-java',tag:'platform-multi',tag:'attack-rce',tag:'OWASP_CRS',tag:'capec/1000/152/137/6',tag:'PCI/6.5.2',tag:'paranoia-level/2',ver:'OWASP_CRS/4.0.0-rc2',severity:'CRITICAL',setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-11",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944200,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "检测到魔术字节,可能在使用java序列化",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx \\xac\\xed\\x00\\x05\" \\\n    \"id:944200,\\\n    phase:2,\\\n    block,\\\n    msg:'Magic bytes Detected, probable java serialization in use',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/2',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-12",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944210,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "Magic bytes检测到Base64编码,可能在使用java序列化",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx (?:rO0ABQ|KztAAU|Cs7QAF)\" \\\n    \"id:944210,\\\n    phase:2,\\\n    block,\\\n    msg:'Magic bytes Detected Base64 Encoded, probable java serialization in use',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/2',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-13",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944240,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "远程命令执行:Java序列化漏洞(CVE-2015-4852)",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx (?:clonetransformer|forclosure|instantiatefactory|instantiatetransformer|invokertransformer|prototypeclonefactory|prototypeserializationfactory|whileclosure|getproperty|filewriter|xmldecoder)\" \\\n    \"id:944240,\\\n    phase:2,\\\n    block,\\\n    t:none,t:lowercase,\\\n    msg:'Remote Command Execution: Java serialization (CVE-2015-4852)',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/2',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-14",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944250,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "远程命令执行:检测到可疑的Java方法",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx java\\b.+(?:runtime|processbuilder)\" \\\n    \"id:944250,\\\n    phase:2,\\\n    block,\\\n    t:lowercase,\\\n    msg:'Remote Command Execution: Suspicious Java method detected',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/2',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-15",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944260,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "远程命令执行:恶意类加载负载",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx (?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)\" \\\n    \"id:944260,\\\n    phase:2,\\\n    block,\\\n    t:urlDecodeUni,\\\n    msg:'Remote Command Execution: Malicious class-loading payload',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/2',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-16",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944015,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 3\" \"id:944015,phase:1,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-17",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944016,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 3\" \"id:944016,phase:2,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-18",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944300,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "Base64编码字符串匹配可疑关键字",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \\\n    \"@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)\" \\\n    \"id:944300,\\\n    phase:2,\\\n    block,\\\n    t:none,\\\n    msg:'Base64 encoded string matched suspicious keyword',\\\n    logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',\\\n    tag:'application-multi',\\\n    tag:'language-java',\\\n    tag:'platform-multi',\\\n    tag:'attack-rce',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec/1000/152/248',\\\n    tag:'PCI/6.5.2',\\\n    tag:'paranoia-level/3',\\\n    ver:'OWASP_CRS/4.0.0-rc2',\\\n    severity:'CRITICAL',\\\n    setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\\\n    setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-19",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944017,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 4\" \"id:944017,phase:1,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-20",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 1,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944018,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule TX:DETECTION_PARANOIA_LEVEL \"@lt 4\" \"id:944018,phase:2,pass,nolog,skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA\"",
      "name": "JAVA漏洞攻击防护规则-21",
      "http_status": "",
      "similar_rules": ""
    },
    {
      "level": 3,
      "app_name": "",
      "configuration_notes": "",
      "alert_message": "",
      "rule_class": "",
      "version": "",
      "action": "",
      "additional_information": "",
      "rule_id": 944152,
      "filename": "REQUEST-944-APPLICATION-ATTACK-JAVA.conf",
      "transforms": "",
      "troubleshooting": "",
      "rule_factory_type": 1,
      "description": "潜在的远程命令执行:Log4j / Log4shell",
      "outside_references": "",
      "tuning_guidance_notes": "",
      "log_types": "",
      "severity": "",
      "http_protocol_phase": "",
      "false_positives": "",
      "original_rule": "SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/*|XML://@* \"@rx (?i)(?:\\$|&dollar;?)(?:\\{|&l(?:brace|cub);?)\" \"id:944152,phase:2,block,t:none,t:urlDecodeUni,t:jsDecode,t:htmlEntityDecode,log,msg:'Potential Remote Command Execution: Log4j / Log4shell',tag:'application-multi',tag:'language-java',tag:'platform-multi',tag:'attack-rce',tag:'OWASP_CRS',tag:'capec/1000/152/137/6',tag:'PCI/6.5.2',tag:'paranoia-level/4',ver:'OWASP_CRS/4.0.0-rc2',severity:'CRITICAL',setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'\"",
      "name": "JAVA漏洞攻击防护规则-22",
      "http_status": "",
      "similar_rules": ""
    }
  ]
}
修改于 2024-09-23 02:29:25
上一页
查看新waf配置
下一页
查看waf规则
Built with