{
  "rules": [
    {
      "state": "on",
      "name": "dirFilter1",
      "rule": "\\.\\./",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "name": "dirFilter2",
      "rule": "\\:\\$",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "name": "dirFilter3",
      "rule": "\\$\\{",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "name": "dirFilter4",
      "rule": "(?:etc\\/\\W*passwd)",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "name": "dirFilter5",
      "rule": "java\\.lang",
      "type": "dirFilter"
    },
    {
      "state": "on",
      "name": "sqlInject1",
      "rule": "select.+(from|limit)",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject2",
      "rule": "(?:(union(.*?)select))",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject3",
      "rule": "having|rongjitest",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject4",
      "rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject5",
      "rule": "benchmark\\((.*)\\,(.*)\\)",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject6",
      "rule": "group\\s+by.+\\(",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject7",
      "rule": "(?:from\\W+information_schema\\W)",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject8",
      "rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject9",
      "rule": "into(\\s+)+(?:dump|out)file\\s*",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "sqlInject10",
      "rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
      "type": "sqlInject"
    },
    {
      "state": "on",
      "name": "args1",
      "rule": "xwork.MethodAccessor",
      "type": "args",
      "description": "Struts 恶意参数过滤"
    },
    {
      "state": "on",
      "name": "args2",
      "rule": "xwork\\.MethodAccessor",
      "type": "args",
      "description": "Struts 恶意参数过滤"
    },
    {
      "state": "on",
      "name": "oneWordTrojan1",
      "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
      "type": "oneWordTrojan"
    },
    {
      "state": "on",
      "name": "oneWordTrojan2",
      "rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
      "type": "oneWordTrojan"
    },
    {
      "state": "on",
      "name": "protocolFilter1",
      "rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
      "type": "protocolFilter"
    },
    {
      "state":"on",
      "name":"scannerFilter1",
      "rule":"(CustomCookie|acunetixCookie)",
      "type": "scannerFilter"
    },
    {
      "state": "on",
      "name": "xss1",
      "rule": "base64_decode\\(",
      "type": "xss"
    }
  ]
}