{ "rules": [ { "state": "on", "rule": "\\.(htaccess|mysql_history|bash_history|DS_Store|git|idea|user\\.ini)", "name": "dirFilter1", "type": "dirFilter" }, { "state": "on", "rule": "\\.(bak|inc|old|mdb|sql|backup|java|class)$", "name": "dirFilter2", "type": "dirFilter" }, { "state": "on", "rule": "^/(vhost|bbs|host|wwwroot|www|site|root|backup|data|ftp|db|admin|website|web).*\\.(rar|sql|zip|tar\\.gz|tar)$", "name": "dirFilter3", "type": "dirFilter" }, { "state": "on", "rule": "java\\.lang", "name": "dirFilter4", "type": "dirFilter" }, { "state": "on", "rule": "/(hack|shell|spy|phpspy)\\.php$", "name": "phpExec1", "type": "phpExec" }, { "state": "on", "rule": "/(attachments|upimg|images|css|uploadfiles|html|uploads|templets|static|template|data|inc|forumdata|upload|includes|cache|avatar)/(\\\\w+).(php|jsp)", "name": "phpExec2", "type": "phpExec" }, { "state": "on", "rule": "(?:phpMyAdmin2|phpMyAdmin|phpmyadmin|dbadmin|pma|myadmin|admin|mysql)/scripts/setup%.php", "name": "phpExec3", "type": "phpExec" }, { "state": "on", "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "name": "oneWordTrojan1", "type": "oneWordTrojan" }, { "state": "on", "rule": "(?:(union(.*?)select))", "name": "sqlInject1", "type": "sqlInject" }, { "state": "on", "rule": "(phpmyadmin|jmx-console|jmxinvokerservlet)", "name": "appFilter1", "type": "appFilter" }, { "state": "on", "rule": "wp-includes/wlwmanifest.xml", "name": "appFilter2", "type": "appFilter" }, { "state": "on", "rule": "die(@md5(HelloThinkCMF))", "name": "appFilter3", "type": "appFilter" }, { "state": "on", "rule": "/boaform/admin/formLogin", "name": "appFilter4", "type": "appFilter" }, { "state": "on", "rule": "/password_change.cgi", "name": "appFilter5", "type": "appFilter" }, { "state": "on", "rule": "/service/extdirect", "name": "appFilter6", "type": "appFilter" }, { "state": "on", "rule": "/api/jsonws/invoke", "name": "appFilter7", "type": "appFilter" }, { "state": "on", "rule": "/jars/upload", "name": "appFilter8", "type": "appFilter" }, { "state": "on", "rule": "/example/tree/a/search", "name": "appFilter9", "type": "appFilter" }, { "state": "on", "rule": "/actuator/gateway/routes/hacktest", "name": "appFilter10", "type": "appFilter" }, { "state": "on", "rule": "/api/v1/method.callAnon/getPasswordPolicy", "name": "appFilter11", "type": "appFilter" }, { "state": "on", "rule": "/functionRouter", "name": "appFilter12", "type": "appFilter" }, { "state": "on", "rule": "/uploadfiles/apache.php.jpeg", "name": "appFilter14", "type": "appFilter" }, { "state": "on", "rule": "/xxx/..;/admin/", "name": "appFilter15", "type": "appFilter" }, { "state": "on", "rule": "/dvwa/js/dvwaPage.js", "name": "appFilter16", "type": "appFilter" }, { "state": "on", "rule": "/api/index.php/v1/config/application", "name": "appFilter17", "type": "appFilter" }, { "state": "on", "rule": "/WEB-INF/web.xml", "name": "appFilter18", "type": "appFilter" }, { "state": "on", "rule": "/rest/tinymce/1/macro/preview", "name": "appFilter19", "type": "appFilter" }, { "state": "on", "rule": "/pages/doenterpagevariables.action", "name": "appFilter20", "type": "appFilter" }, { "state": "on", "rule": "/service/rest/beta/repositories/go/group", "name": "appFilter21", "type": "appFilter" }, { "state": "on", "rule": "/dvwa/js/add_event_listeners.js", "name": "appFilter22", "type": "appFilter" } ] }