Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /etc/apache2/conf.d/imh-modsec/15_bad_requests.conf

ÐÐ°Ð·Ð°Ð´
# all.conf # Block access to sensitive dotfiles (.env, .git) SecRule REQUEST_URI "\/\.(?:env\|git)" \ "phase:1,log,deny,status:406,auditlog,id:14206,rev:1,severity:2,\ msg:'Blocking access to sensitive dotfiles'" # both.conf # Contains rules which are designed to block disruptive behavior such as stress # testing and security scans # Block benchmark functions in the url SecRule ARGS "benchmark\([0-9]{5,1000}\," \ "deny,log,auditlog,status:406,t:none,t:lowercase,t:htmlEntityDecode,\ t:removeWhitespace,msg:'Benchmark function call in request args',id:'13425',\ tag:'WEB_ATTACK/SQL INJECTION',severity:'4'" # Block attempts to abuse download plugins for php files in parent directories SecRule ARGS_GET "(?:\/\|)\.{2}\/.+\.php" \ "log,deny,status:406,auditlog,id:14205,rev:1,severity:2,\ msg:'Attempting to access php files from parent dir'" # Rate limit cPanel/webmail/webdisk/cpcontacts/cpcalendars subdomains: 10 requests per minute per IP # Matches hostnames like cpanel.example.com, webmail.example.com, webdisk.example.com # Excludes authenticated sessions (URIs containing /cpsessNNNN/) # Tracks globally per-IP (not per-hostname) # Initialize the IP collection for rate limiting SecAction "id:13094,phase:1,pass,nolog,initcol:ip=%{remote_addr}" # Skip rate limit counting for authenticated sessions and static assets SecRule REQUEST_URI "@rx /(cpsess[0-9]+\|cPanel_magic_revision_[0-9]+\|.well-known)/" \ "id:13095,phase:2,pass,nolog,skipAfter:END_CPANEL_RATELIMIT" # Increment counter for cpanel/webmail/webdisk/cpcontacts/cpcalendars subdomains SecRule REQUEST_HEADERS:Host "@rx ^(cpanel\|webmail\|webdisk\|cpcontacts\|cpcalendars)\." \ "id:13096,phase:2,pass,nolog,\ setvar:ip.ratelimit_cpanel=+1,\ expirevar:ip.ratelimit_cpanel=60" # Deny if over limit SecRule IP:RATELIMIT_CPANEL "@gt 10" \ "id:13097,phase:2,deny,status:429,chain,\ setenv:RATELIMITED_CPANEL,\ log,msg:'RATELIMITED CPANEL/WEBMAIL/WEBDISK %{remote_addr}'" SecRule REQUEST_HEADERS:Host "@rx ^(cpanel\|webmail\|webdisk\|cpcontacts\|cpcalendars)\." SecMarker "END_CPANEL_RATELIMIT" ErrorDocument 429 "Too Many Requests" # Block attempts to access httpoxy exploit SecRule &REQUEST_HEADERS:Proxy "@gt 0" \ "id:1000005,log,deny,status:406,msg:'httpoxy denied'"

| ver. 1.1 | | . | PHP 8.3.30 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°