/
etc
/
apache2
/
conf.d
/
modsec2
/
File Upload :
llllll
Current File: //etc/apache2/conf.d/modsec2/00_asl_rbl.conf
# http://www.atomicorp.com/ # Atomicorp (Gotroot.com) ModSecurity rules # RBL rules # # Created by Prometheus Global (http://www.prometheus-group.com) # Copyright 2005-2009 by Prometheus Global, all rights reserved. # Redistribution is strictly prohibited in any form, including whole or in part. # Distribution of this work or derivative of this work in any form is # prohibited unless prior written permission is obtained from the # copyright holder. # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF # THE POSSIBILITY OF SUCH DAMAGE. # #---ASL-CONFIG-FILE--- SecRule REMOTE_ADDR "@pmFromFile /etc/asl/whitelist" phase:2,pass,t:lowercase,nolog,skipAfter:END_RBL #XBL SBL #SecRule IP:PREVIOUS_SBLXBL_RBL_CHECK "@eq 1" "phase:1,t:none,pass,nolog,skipAfter:END_SBLXBL_RBL_LOOKUP" #SecRule REMOTE_ADDR "@rbl sbl-xbl.spamhaus.org" "phase:1,t:none,deny,log,auditlog,msg:'RBL Match for known SPAM Source on sbl-xbl.spamhaus.org RBL. See this URL for details http://www.spamhaus.org/lookup.lasso',severity:'2',setvar:ip.sblxbl=1,expirevar:ip.sblxbl=86400,setvar:ip.previous_sblxbl_rbl_check=1,expirevar:ip.previous_sblxbl_rbl_check=86400,skipAfter:END_SBLXBL_RBL_CHECK,id:350000,rev:1" # #SecAction "phase:1.t:none,nolog,pass,setvar:ip.previous_sblxbl_rbl_check=1,expirevar:ip.previous_sblxbl_rbl_check=86400" #SecMarker END_SBLXBL_RBL_LOOKUP # #SecRule IP:SBLXBL "@eq 1" "phase:1,t:none,deny,nolog,auditlog,msg:'Atomicorp.com - FREE UNSUPPORTED DELAYED FEED - WAF Rules: Request from Known SPAM Source on sbl-xbl.spamhaus.org RBL. See this URL for details http://www.spamhaus.org/lookup.lasso (Previous RBL Match)',severity:'2',id:350001,rev:1" # SecRule REMOTE_ADDR "@rbl xbl.spamhaus.org" \ "deny, log, id:350000,rev:2,msg:'Global RBL Match: IP is on the xbl.spamhaus.org Blacklist',severity:'3'" #SecMarker END_SBLXBL_RBL_CHECK #Block TOR exit nodes #SecRule REMOTE_ADDR "!@pmFromFile /etc/asl/whitelist" \ #"chain,deny, log, id:350001,rev:2,msg:'Tor Exit Node RBL Match: IP is on the torexit.dan.me.uk Blacklist',severity:'1'" #SecRule REMOTE_ADDR "@rbl torexit.dan.me.uk" # ##Block open proxies #SecRule REMOTE_ADDR "!@pmFromFile /etc/asl/whitelist" \ #"chain,deny, log, id:350002,rev:2,msg:'Open Proxy RBL Match: IP is on the http.dnsbl.sorbs.net Blacklist',severity:'1'" #SecRule REMOTE_ADDR "@rbl http.dnsbl.sorbs.net" # ##Block open socks proxies #SecRule REMOTE_ADDR "!@pmFromFile /etc/asl/whitelist" \ #"chain,deny, log, id:350003,rev:2,msg:'Open SOCKS proxy RBL Match: IP is on the socks.dnsbl.sorbs.net Blacklist',severity:'1'" #SecRule REMOTE_ADDR "@rbl socks.dnsbl.sorbs.net" # ##Block other open http proxies #SecRule REMOTE_ADDR "!@pmFromFile /etc/asl/whitelist" \ #"chain,deny, log, id:350004,rev:2,msg:'Misc Open Proxy RBL Match: IP is on the misc.dnsbl.sorbs.net Blacklist',severity:'1'" #SecRule REMOTE_ADDR "@rbl misc.dnsbl.sorbs.net" # #Special targeted RBL rules for blogs #Configured as a subset of the mail rules - so RBLs are on for the whole system #Wordpress #SecRule REQUEST_METHOD “^post$” “chain,id:300061,rev:1,severity:2,msg:’Spam: WordPress Comment From user on RBL: list.dsbl.org’” #SecRule REQUEST_URI “wp-(comments-post|trackback)\.php$” “chain,t:normalisePath” #SecRule REMOTE_ADDR “@rbl list.dsbl.org” chain #SecRule REMOTE_ADDR "!@pmFromFile /etc/asl/whitelist" ## #SecRule REQUEST_METHOD “^post$” “chain,id:300062,rev:1,severity:2,msg:’Spam: WordPress Comment From user on RBL: bl.spamcop.net’” #SecRule REQUEST_URI “wp-(?:comments-post|trackback)\.php$” “chain,t:normalisePath” #SecRule REMOTE_ADDR “@rbl bl.spamcop.net" chain #SecRule REMOTE_ADDR "!@pmFromFile /etc/asl/whitelist" ## #SecRule REQUEST_METHOD “^post$” “chain,id:300063,rev:1,severity:2,msg:’Spam: WordPress Comment From user on RBL: sbl-xbl.spamhaus.org’” #SecRule REQUEST_URI “wp-(?:comments-post|trackback)\.php$” “chain,t:normalisePath” #SecRule REMOTE_ADDR “@rbl sbl-xbl.spamhaus.org” chain ###SecRule REMOTE_ADDR "!@pmFromFile /etc/asl/whitelist" SecMarker END_RBL
Copyright ©2k19 -
Hexid
|
Tex7ure