==========================================================
 DO NOT USE THESE RULES DIRECTLY!

 USING THESE RULES DIRECTLY MAY RESULT IN A LARGE
 NUMBER OF FALSE POSITIVES. PLEASE USE THEM ONLY AS
 GUIDELINES OR FOR EDUCATION PURPOSES.
----------------------------------------------------------

 To create an up-to-date set of rules, follow
 these steps:

 1. Download the latest set of rules from:

    http://www.snort.org/pub-bin/downloads.cgi

 2. Unpack the archive:

    $ tar zxvf snortrules-pr-2.4.tar.gz

 3. Convert the web rules:

    $ cat README.first > snortmodsec-rules.txt
    $ ./snort2modsec.pl rules/web-* >> snortmodsec-rules.txt

==========================================================

# (sid 1328) WEB-ATTACKS /bin/ps command attempt
SecFilterSelective THE_REQUEST "/bin/ps" "log,pass,id:sid1328,rev:6,msg:'WEB-ATTACKS /bin/ps command attempt'"

# (sid 1329) WEB-ATTACKS ps command attempt
SecFilterSelective THE_REQUEST "ps\x20" "log,pass,id:sid1329,rev:6,msg:'WEB-ATTACKS ps command attempt'"

# (sid 1330) WEB-ATTACKS wget command attempt
SecFilter "wget\x20" "log,pass,id:sid1330,rev:6,msg:'WEB-ATTACKS wget command attempt'"

# (sid 1331) WEB-ATTACKS uname -a command attempt
SecFilter "uname\x20-a" "log,pass,id:sid1331,rev:5,msg:'WEB-ATTACKS uname -a command attempt'"

# (sid 1332) WEB-ATTACKS /usr/bin/id command attempt
SecFilter "/usr/bin/id" "log,pass,id:sid1332,rev:5,msg:'WEB-ATTACKS /usr/bin/id command attempt'"

# (sid 1334) WEB-ATTACKS echo command attempt
SecFilter "/bin/echo" "log,pass,id:sid1334,rev:5,msg:'WEB-ATTACKS echo command attempt'"

# (sid 1335) WEB-ATTACKS kill command attempt
SecFilter "/bin/kill" "log,pass,id:sid1335,rev:5,msg:'WEB-ATTACKS kill command attempt'"

# (sid 1336) WEB-ATTACKS chmod command attempt
SecFilter "/bin/chmod" "log,pass,id:sid1336,rev:5,msg:'WEB-ATTACKS chmod command attempt'"

# (sid 1337) WEB-ATTACKS chgrp command attempt
SecFilter "/chgrp" "log,pass,id:sid1337,rev:6,msg:'WEB-ATTACKS chgrp command attempt'"

# (sid 1338) WEB-ATTACKS chown command attempt
SecFilter "/chown" "log,pass,id:sid1338,rev:6,msg:'WEB-ATTACKS chown command attempt'"

# (sid 1339) WEB-ATTACKS chsh command attempt
SecFilter "/usr/bin/chsh" "log,pass,id:sid1339,rev:5,msg:'WEB-ATTACKS chsh command attempt'"

# (sid 1340) WEB-ATTACKS tftp command attempt
SecFilter "tftp\x20" "log,pass,id:sid1340,rev:5,msg:'WEB-ATTACKS tftp command attempt'"

# (sid 1341) WEB-ATTACKS /usr/bin/gcc command attempt
SecFilter "/usr/bin/gcc" "log,pass,id:sid1341,rev:5,msg:'WEB-ATTACKS /usr/bin/gcc command attempt'"

# (sid 1342) WEB-ATTACKS gcc command attempt
SecFilter "gcc\x20-o" "log,pass,id:sid1342,rev:5,msg:'WEB-ATTACKS gcc command attempt'"

# (sid 1343) WEB-ATTACKS /usr/bin/cc command attempt
SecFilter "/usr/bin/cc" "log,pass,id:sid1343,rev:5,msg:'WEB-ATTACKS /usr/bin/cc command attempt'"

# (sid 1344) WEB-ATTACKS cc command attempt
SecFilter "cc\x20" "log,pass,id:sid1344,rev:5,msg:'WEB-ATTACKS cc command attempt'"

# (sid 1345) WEB-ATTACKS /usr/bin/cpp command attempt
SecFilter "/usr/bin/cpp" "log,pass,id:sid1345,rev:5,msg:'WEB-ATTACKS /usr/bin/cpp command attempt'"

# (sid 1346) WEB-ATTACKS cpp command attempt
SecFilter "cpp\x20" "log,pass,id:sid1346,rev:5,msg:'WEB-ATTACKS cpp command attempt'"

# (sid 1347) WEB-ATTACKS /usr/bin/g++ command attempt
SecFilter "/usr/bin/g\+\+" "log,pass,id:sid1347,rev:5,msg:'WEB-ATTACKS /usr/bin/g++ command attempt'"

# (sid 1348) WEB-ATTACKS g++ command attempt
SecFilter "g\+\+\x20" "log,pass,id:sid1348,rev:5,msg:'WEB-ATTACKS g++ command attempt'"

# (sid 1349) WEB-ATTACKS bin/python access attempt
SecFilter "bin/python" "log,pass,id:sid1349,rev:5,msg:'WEB-ATTACKS bin/python access attempt'"

# (sid 1350) WEB-ATTACKS python access attempt
SecFilter "python\x20" "log,pass,id:sid1350,rev:5,msg:'WEB-ATTACKS python access attempt'"

# (sid 1351) WEB-ATTACKS bin/tclsh execution attempt
SecFilter "bin/tclsh" "log,pass,id:sid1351,rev:5,msg:'WEB-ATTACKS bin/tclsh execution attempt'"

# (sid 1352) WEB-ATTACKS tclsh execution attempt
SecFilter "tclsh8\x20" "log,pass,id:sid1352,rev:5,msg:'WEB-ATTACKS tclsh execution attempt'"

# (sid 1353) WEB-ATTACKS bin/nasm command attempt
SecFilter "bin/nasm" "log,pass,id:sid1353,rev:5,msg:'WEB-ATTACKS bin/nasm command attempt'"

# (sid 1354) WEB-ATTACKS nasm command attempt
SecFilter "nasm\x20" "log,pass,id:sid1354,rev:5,msg:'WEB-ATTACKS nasm command attempt'"

# (sid 1355) WEB-ATTACKS /usr/bin/perl execution attempt
SecFilter "/usr/bin/perl" "log,pass,id:sid1355,rev:5,msg:'WEB-ATTACKS /usr/bin/perl execution attempt'"

# (sid 1356) WEB-ATTACKS perl execution attempt
SecFilter "perl\x20" "log,pass,id:sid1356,rev:5,msg:'WEB-ATTACKS perl execution attempt'"

# (sid 1357) WEB-ATTACKS nt admin addition attempt
SecFilter "net localgroup administrators /add" "log,pass,id:sid1357,rev:5,msg:'WEB-ATTACKS nt admin addition attempt'"

# (sid 1358) WEB-ATTACKS traceroute command attempt
SecFilter "traceroute\x20" "log,pass,id:sid1358,rev:5,msg:'WEB-ATTACKS traceroute command attempt'"

# (sid 1359) WEB-ATTACKS ping command attempt
SecFilter "/bin/ping" "log,pass,id:sid1359,rev:5,msg:'WEB-ATTACKS ping command attempt'"

# (sid 1360) WEB-ATTACKS netcat command attempt
SecFilter "nc\x20" "log,pass,id:sid1360,rev:5,msg:'WEB-ATTACKS netcat command attempt'"

# (sid 1361) WEB-ATTACKS nmap command attempt
SecFilter "nmap\x20" "log,pass,id:sid1361,rev:5,msg:'WEB-ATTACKS nmap command attempt'"

# (sid 1362) WEB-ATTACKS xterm command attempt
SecFilter "/usr/X11R6/bin/xterm" "log,pass,id:sid1362,rev:5,msg:'WEB-ATTACKS xterm command attempt'"

# (sid 1363) WEB-ATTACKS X application to remote host attempt
SecFilter "\x20-display\x20" "log,pass,id:sid1363,rev:5,msg:'WEB-ATTACKS X application to remote host attempt'"

# (sid 1364) WEB-ATTACKS lsof command attempt
SecFilter "lsof\x20" "log,pass,id:sid1364,rev:5,msg:'WEB-ATTACKS lsof command attempt'"

# (sid 1365) WEB-ATTACKS rm command attempt
SecFilter "rm\x20" "log,pass,id:sid1365,rev:5,msg:'WEB-ATTACKS rm command attempt'"

# (sid 1366) WEB-ATTACKS mail command attempt
SecFilter "/bin/mail" "log,pass,id:sid1366,rev:5,msg:'WEB-ATTACKS mail command attempt'"

# (sid 1367) WEB-ATTACKS mail command attempt
SecFilter "mail\x20" "log,pass,id:sid1367,rev:5,msg:'WEB-ATTACKS mail command attempt'"

# (sid 1369) WEB-ATTACKS /bin/ls command attempt
SecFilterSelective THE_REQUEST "/bin/ls" "log,pass,id:sid1369,rev:5,msg:'WEB-ATTACKS /bin/ls command attempt'"

# (sid 1370) WEB-ATTACKS /etc/inetd.conf access
SecFilter "/etc/inetd\.conf" "log,pass,id:sid1370,rev:5,msg:'WEB-ATTACKS /etc/inetd.conf access'"

# (sid 1371) WEB-ATTACKS /etc/motd access
SecFilter "/etc/motd" "log,pass,id:sid1371,rev:5,msg:'WEB-ATTACKS /etc/motd access'"

# (sid 1372) WEB-ATTACKS /etc/shadow access
SecFilter "/etc/shadow" "log,pass,id:sid1372,rev:5,msg:'WEB-ATTACKS /etc/shadow access'"

# (sid 1373) WEB-ATTACKS conf/httpd.conf attempt
SecFilter "conf/httpd\.conf" "log,pass,id:sid1373,rev:6,msg:'WEB-ATTACKS conf/httpd.conf attempt'"

# (sid 803) WEB-CGI HyperSeek hsx.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/hsx\.cgi" "id:sid803,rev:11,msg:'WEB-CGI HyperSeek hsx.cgi directory traversal attempt',chain"
SecFilter "\x00" "log,pass"

# (sid 1607) WEB-CGI HyperSeek hsx.cgi access
SecFilterSelective THE_REQUEST "/hsx\.cgi" "log,pass,id:sid1607,rev:7,msg:'WEB-CGI HyperSeek hsx.cgi access'"

# (sid 804) WEB-CGI SWSoft ASPSeek Overflow attempt
SecFilterSelective THE_REQUEST "/s\.cgi" "id:sid804,rev:9,msg:'WEB-CGI SWSoft ASPSeek Overflow attempt',chain"
SecFilter "tmpl=" "log,pass"

# (sid 805) WEB-CGI webspeed access
SecFilterSelective THE_REQUEST "/wsisa\.dll/WService=" "id:sid805,rev:10,msg:'WEB-CGI webspeed access',chain"
SecFilter "WSMadmin" "log,pass"

# (sid 806) WEB-CGI yabb directory traversal attempt
SecFilterSelective THE_REQUEST "/YaBB" "id:sid806,rev:11,msg:'WEB-CGI yabb directory traversal attempt',chain"
SecFilter "\.\./" "log,pass"

# (sid 1637) WEB-CGI yabb access
SecFilterSelective THE_REQUEST "/YaBB" "log,pass,id:sid1637,rev:7,msg:'WEB-CGI yabb access'"

# (sid 807) WEB-CGI /wwwboard/passwd.txt access
SecFilterSelective THE_REQUEST "/wwwboard/passwd\.txt" "log,pass,id:sid807,rev:11,msg:'WEB-CGI /wwwboard/passwd.txt access'"

# (sid 808) WEB-CGI webdriver access
SecFilterSelective THE_REQUEST "/webdriver" "log,pass,id:sid808,rev:8,msg:'WEB-CGI webdriver access'"

# (sid 810) WEB-CGI whois_raw.cgi access
SecFilterSelective THE_REQUEST "/whois_raw\.cgi" "log,pass,id:sid810,rev:11,msg:'WEB-CGI whois_raw.cgi access'"

# (sid 811) WEB-CGI websitepro path access
SecFilter " /HTTP/1\." "log,pass,id:sid811,rev:9,msg:'WEB-CGI websitepro path access'"

# (sid 812) WEB-CGI webplus version access
SecFilterSelective THE_REQUEST "/webplus\?about" "log,pass,id:sid812,rev:9,msg:'WEB-CGI webplus version access'"

# (sid 813) WEB-CGI webplus directory traversal
SecFilterSelective THE_REQUEST "/webplus\?script" "id:sid813,rev:9,msg:'WEB-CGI webplus directory traversal',chain"
SecFilter "\.\./" "log,pass"

# (sid 815) WEB-CGI websendmail access
SecFilterSelective THE_REQUEST "/websendmail" "log,pass,id:sid815,rev:9,msg:'WEB-CGI websendmail access'"

# (sid 1571) WEB-CGI dcforum.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/dcforum\.cgi" "id:sid1571,rev:8,msg:'WEB-CGI dcforum.cgi directory traversal attempt',chain"
SecFilter "forum=\.\./\.\." "log,pass"

# (sid 818) WEB-CGI dcforum.cgi access
SecFilterSelective THE_REQUEST "/dcforum\.cgi" "log,pass,id:sid818,rev:10,msg:'WEB-CGI dcforum.cgi access'"

# (sid 817) WEB-CGI dcboard.cgi invalid user addition attempt
SecFilterSelective THE_REQUEST "/dcboard\.cgi" "id:sid817,rev:10,msg:'WEB-CGI dcboard.cgi invalid user addition attempt',chain"
SecFilter "\x7cadmin" "log,pass"

# (sid 1410) WEB-CGI dcboard.cgi access
SecFilterSelective THE_REQUEST "/dcboard\.cgi" "log,pass,id:sid1410,rev:9,msg:'WEB-CGI dcboard.cgi access'"

# (sid 819) WEB-CGI mmstdod.cgi access
SecFilterSelective THE_REQUEST "/mmstdod\.cgi" "log,pass,id:sid819,rev:10,msg:'WEB-CGI mmstdod.cgi access'"

# (sid 820) WEB-CGI anaconda directory transversal attempt
SecFilterSelective THE_REQUEST "/apexec\.pl" "id:sid820,rev:9,msg:'WEB-CGI anaconda directory transversal attempt',chain"
SecFilter "template=\.\./" "log,pass"

# (sid 821) WEB-CGI imagemap.exe overflow attempt
SecFilterSelective THE_REQUEST "/imagemap\.exe\?" "log,pass,id:sid821,rev:12,msg:'WEB-CGI imagemap.exe overflow attempt'"

# (sid 1700) WEB-CGI imagemap.exe access
SecFilterSelective THE_REQUEST "/imagemap\.exe" "log,pass,id:sid1700,rev:8,msg:'WEB-CGI imagemap.exe access'"

# (sid 823) WEB-CGI cvsweb.cgi access
SecFilterSelective THE_REQUEST "/cvsweb\.cgi" "log,pass,id:sid823,rev:8,msg:'WEB-CGI cvsweb.cgi access'"

# (sid 824) WEB-CGI php.cgi access
SecFilterSelective THE_REQUEST "/php\.cgi" "log,pass,id:sid824,rev:13,msg:'WEB-CGI php.cgi access'"

# (sid 825) WEB-CGI glimpse access
SecFilterSelective THE_REQUEST "/glimpse" "log,pass,id:sid825,rev:9,msg:'WEB-CGI glimpse access'"

# (sid 1608) WEB-CGI htmlscript attempt
SecFilterSelective THE_REQUEST "/htmlscript\?\.\./\.\." "log,pass,id:sid1608,rev:7,msg:'WEB-CGI htmlscript attempt'"

# (sid 826) WEB-CGI htmlscript access
SecFilterSelective THE_REQUEST "/htmlscript" "log,pass,id:sid826,rev:9,msg:'WEB-CGI htmlscript access'"

# (sid 827) WEB-CGI info2www access
SecFilterSelective THE_REQUEST "/info2www" "log,pass,id:sid827,rev:9,msg:'WEB-CGI info2www access'"

# (sid 828) WEB-CGI maillist.pl access
SecFilterSelective THE_REQUEST "/maillist\.pl" "log,pass,id:sid828,rev:5,msg:'WEB-CGI maillist.pl access'"

# (sid 829) WEB-CGI nph-test-cgi access
SecFilterSelective THE_REQUEST "/nph-test-cgi" "log,pass,id:sid829,rev:9,msg:'WEB-CGI nph-test-cgi access'"

# (sid 1451) WEB-CGI NPH-publish access
SecFilterSelective THE_REQUEST "/nph-maillist\.pl" "log,pass,id:sid1451,rev:6,msg:'WEB-CGI NPH-publish access'"

# (sid 830) WEB-CGI NPH-publish access
SecFilterSelective THE_REQUEST "/nph-publish" "log,pass,id:sid830,rev:9,msg:'WEB-CGI NPH-publish access'"

# (sid 833) WEB-CGI rguest.exe access
SecFilterSelective THE_REQUEST "/rguest\.exe" "log,pass,id:sid833,rev:8,msg:'WEB-CGI rguest.exe access'"

# (sid 834) WEB-CGI rwwwshell.pl access
SecFilterSelective THE_REQUEST "/rwwwshell\.pl" "log,pass,id:sid834,rev:7,msg:'WEB-CGI rwwwshell.pl access'"

# (sid 1644) WEB-CGI test-cgi attempt
SecFilterSelective THE_REQUEST "/test-cgi/*\?*" "log,pass,id:sid1644,rev:8,msg:'WEB-CGI test-cgi attempt'"

# (sid 835) WEB-CGI test-cgi access
SecFilterSelective THE_REQUEST "/test-cgi" "log,pass,id:sid835,rev:9,msg:'WEB-CGI test-cgi access'"

# (sid 1645) WEB-CGI testcgi access
SecFilterSelective THE_REQUEST "/testcgi" "log,pass,id:sid1645,rev:6,msg:'WEB-CGI testcgi access'"

# (sid 1646) WEB-CGI test.cgi access
SecFilterSelective THE_REQUEST "/test\.cgi" "log,pass,id:sid1646,rev:5,msg:'WEB-CGI test.cgi access'"

# (sid 836) WEB-CGI textcounter.pl access
SecFilterSelective THE_REQUEST "/textcounter\.pl" "log,pass,id:sid836,rev:10,msg:'WEB-CGI textcounter.pl access'"

# (sid 837) WEB-CGI uploader.exe access
SecFilterSelective THE_REQUEST "/uploader\.exe" "log,pass,id:sid837,rev:10,msg:'WEB-CGI uploader.exe access'"

# (sid 838) WEB-CGI webgais access
SecFilterSelective THE_REQUEST "/webgais" "log,pass,id:sid838,rev:9,msg:'WEB-CGI webgais access'"

# (sid 839) WEB-CGI finger access
SecFilterSelective THE_REQUEST "/finger" "log,pass,id:sid839,rev:7,msg:'WEB-CGI finger access'"

# (sid 840) WEB-CGI perlshop.cgi access
SecFilterSelective THE_REQUEST "/perlshop\.cgi" "log,pass,id:sid840,rev:7,msg:'WEB-CGI perlshop.cgi access'"

# (sid 841) WEB-CGI pfdisplay.cgi access
SecFilterSelective THE_REQUEST "/pfdispaly\.cgi" "log,pass,id:sid841,rev:9,msg:'WEB-CGI pfdisplay.cgi access'"

# (sid 842) WEB-CGI aglimpse access
SecFilterSelective THE_REQUEST "/aglimpse" "log,pass,id:sid842,rev:7,msg:'WEB-CGI aglimpse access'"

# (sid 843) WEB-CGI anform2 access
SecFilterSelective THE_REQUEST "/AnForm2" "log,pass,id:sid843,rev:9,msg:'WEB-CGI anform2 access'"

# (sid 844) WEB-CGI args.bat access
SecFilterSelective THE_REQUEST "/args\.bat" "log,pass,id:sid844,rev:9,msg:'WEB-CGI args.bat access'"

# (sid 1452) WEB-CGI args.cmd access
SecFilterSelective THE_REQUEST "/args\.cmd" "log,pass,id:sid1452,rev:7,msg:'WEB-CGI args.cmd access'"

# (sid 845) WEB-CGI AT-admin.cgi access
SecFilterSelective THE_REQUEST "/AT-admin\.cgi" "log,pass,id:sid845,rev:7,msg:'WEB-CGI AT-admin.cgi access'"

# (sid 1453) WEB-CGI AT-generated.cgi access
SecFilterSelective THE_REQUEST "/AT-generated\.cgi" "log,pass,id:sid1453,rev:5,msg:'WEB-CGI AT-generated.cgi access'"

# (sid 846) WEB-CGI bnbform.cgi access
SecFilterSelective THE_REQUEST "/bnbform\.cgi" "log,pass,id:sid846,rev:8,msg:'WEB-CGI bnbform.cgi access'"

# (sid 847) WEB-CGI campas access
SecFilterSelective THE_REQUEST "/campas" "log,pass,id:sid847,rev:10,msg:'WEB-CGI campas access'"

# (sid 848) WEB-CGI view-source directory traversal
SecFilterSelective THE_REQUEST "/view-source" "id:sid848,rev:9,msg:'WEB-CGI view-source directory traversal',chain"
SecFilter "\.\./" "log,pass"

# (sid 849) WEB-CGI view-source access
SecFilterSelective THE_REQUEST "/view-source" "log,pass,id:sid849,rev:8,msg:'WEB-CGI view-source access'"

# (sid 850) WEB-CGI wais.pl access
SecFilterSelective THE_REQUEST "/wais\.pl" "log,pass,id:sid850,rev:5,msg:'WEB-CGI wais.pl access'"

# (sid 1454) WEB-CGI wwwwais access
SecFilterSelective THE_REQUEST "/wwwwais" "log,pass,id:sid1454,rev:6,msg:'WEB-CGI wwwwais access'"

# (sid 851) WEB-CGI files.pl access
SecFilterSelective THE_REQUEST "/files\.pl" "log,pass,id:sid851,rev:7,msg:'WEB-CGI files.pl access'"

# (sid 852) WEB-CGI wguest.exe access
SecFilterSelective THE_REQUEST "/wguest\.exe" "log,pass,id:sid852,rev:8,msg:'WEB-CGI wguest.exe access'"

# (sid 853) WEB-CGI wrap access
SecFilterSelective THE_REQUEST "/wrap" "log,pass,id:sid853,rev:9,msg:'WEB-CGI wrap access'"

# (sid 854) WEB-CGI classifieds.cgi access
SecFilterSelective THE_REQUEST "/classifieds\.cgi" "log,pass,id:sid854,rev:7,msg:'WEB-CGI classifieds.cgi access'"

# (sid 856) WEB-CGI environ.cgi access
SecFilterSelective THE_REQUEST "/environ\.cgi" "log,pass,id:sid856,rev:5,msg:'WEB-CGI environ.cgi access'"

# (sid 857) WEB-CGI faxsurvey access
SecFilterSelective THE_REQUEST "/faxsurvey" "log,pass,id:sid857,rev:10,msg:'WEB-CGI faxsurvey access'"

# (sid 858) WEB-CGI filemail access
SecFilterSelective THE_REQUEST "/filemail\.pl" "log,pass,id:sid858,rev:7,msg:'WEB-CGI filemail access'"

# (sid 859) WEB-CGI man.sh access
SecFilterSelective THE_REQUEST "/man\.sh" "log,pass,id:sid859,rev:9,msg:'WEB-CGI man.sh access'"

# (sid 860) WEB-CGI snork.bat access
SecFilterSelective THE_REQUEST "/snork\.bat" "log,pass,id:sid860,rev:8,msg:'WEB-CGI snork.bat access'"

# (sid 861) WEB-CGI w3-msql access
SecFilterSelective THE_REQUEST "/w3-msql/" "log,pass,id:sid861,rev:12,msg:'WEB-CGI w3-msql access'"

# (sid 863) WEB-CGI day5datacopier.cgi access
SecFilterSelective THE_REQUEST "/day5datacopier\.cgi" "log,pass,id:sid863,rev:7,msg:'WEB-CGI day5datacopier.cgi access'"

# (sid 864) WEB-CGI day5datanotifier.cgi access
SecFilterSelective THE_REQUEST "/day5datanotifier\.cgi" "log,pass,id:sid864,rev:7,msg:'WEB-CGI day5datanotifier.cgi access'"

# (sid 866) WEB-CGI post-query access
SecFilterSelective THE_REQUEST "/post-query" "log,pass,id:sid866,rev:8,msg:'WEB-CGI post-query access'"

# (sid 867) WEB-CGI visadmin.exe access
SecFilterSelective THE_REQUEST "/visadmin\.exe" "log,pass,id:sid867,rev:9,msg:'WEB-CGI visadmin.exe access'"

# (sid 869) WEB-CGI dumpenv.pl access
SecFilterSelective THE_REQUEST "/dumpenv\.pl" "log,pass,id:sid869,rev:8,msg:'WEB-CGI dumpenv.pl access'"

# (sid 1537) WEB-CGI calendar_admin.pl access
SecFilterSelective THE_REQUEST "/calendar_admin\.pl" "log,pass,id:sid1537,rev:6,msg:'WEB-CGI calendar_admin.pl access'"

# (sid 1701) WEB-CGI calendar-admin.pl access
SecFilterSelective THE_REQUEST "/calendar-admin\.pl" "log,pass,id:sid1701,rev:4,msg:'WEB-CGI calendar-admin.pl access'"

# (sid 1455) WEB-CGI calendar.pl access
SecFilterSelective THE_REQUEST "calendar" "log,pass,id:sid1455,rev:7,msg:'WEB-CGI calendar.pl access'"

# (sid 882) WEB-CGI calendar access
SecFilterSelective THE_REQUEST "/calendar" "log,pass,id:sid882,rev:5,msg:'WEB-CGI calendar access'"

# (sid 1457) WEB-CGI user_update_admin.pl access
SecFilterSelective THE_REQUEST "/user_update_admin\.pl" "log,pass,id:sid1457,rev:6,msg:'WEB-CGI user_update_admin.pl access'"

# (sid 1458) WEB-CGI user_update_passwd.pl access
SecFilterSelective THE_REQUEST "/user_update_passwd\.pl" "log,pass,id:sid1458,rev:6,msg:'WEB-CGI user_update_passwd.pl access'"

# (sid 870) WEB-CGI snorkerz.cmd access
SecFilterSelective THE_REQUEST "/snorkerz\.cmd" "log,pass,id:sid870,rev:5,msg:'WEB-CGI snorkerz.cmd access'"

# (sid 871) WEB-CGI survey.cgi access
SecFilterSelective THE_REQUEST "/survey\.cgi" "log,pass,id:sid871,rev:7,msg:'WEB-CGI survey.cgi access'"

# (sid 873) WEB-CGI scriptalias access
SecFilterSelective THE_REQUEST "///" "log,pass,id:sid873,rev:8,msg:'WEB-CGI scriptalias access'"

# (sid 875) WEB-CGI win-c-sample.exe access
SecFilterSelective THE_REQUEST "/win-c-sample\.exe" "log,pass,id:sid875,rev:9,msg:'WEB-CGI win-c-sample.exe access'"

# (sid 878) WEB-CGI w3tvars.pm access
SecFilterSelective THE_REQUEST "/w3tvars\.pm" "log,pass,id:sid878,rev:6,msg:'WEB-CGI w3tvars.pm access'"

# (sid 879) WEB-CGI admin.pl access
SecFilterSelective THE_REQUEST "/admin\.pl" "log,pass,id:sid879,rev:7,msg:'WEB-CGI admin.pl access'"

# (sid 880) WEB-CGI LWGate access
SecFilterSelective THE_REQUEST "/LWGate" "log,pass,id:sid880,rev:8,msg:'WEB-CGI LWGate access'"

# (sid 881) WEB-CGI archie access
SecFilterSelective THE_REQUEST "/archie" "log,pass,id:sid881,rev:5,msg:'WEB-CGI archie access'"

# (sid 883) WEB-CGI flexform access
SecFilterSelective THE_REQUEST "/flexform" "log,pass,id:sid883,rev:5,msg:'WEB-CGI flexform access'"

# (sid 1610) WEB-CGI formmail arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/formmail" "id:sid1610,rev:11,msg:'WEB-CGI formmail arbitrary command execution attempt',chain"
SecFilter "\x0a" "log,pass"

# (sid 884) WEB-CGI formmail access
SecFilterSelective THE_REQUEST "/formmail" "log,pass,id:sid884,rev:14,msg:'WEB-CGI formmail access'"

# (sid 1762) WEB-CGI phf arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/phf" "id:sid1762,rev:5,msg:'WEB-CGI phf arbitrary command execution attempt',chain"
SecFilter "\x0a" "log,pass"

# (sid 886) WEB-CGI phf access
SecFilterSelective THE_REQUEST "/phf" "log,pass,id:sid886,rev:11,msg:'WEB-CGI phf access'"

# (sid 887) WEB-CGI www-sql access
SecFilterSelective THE_REQUEST "/www-sql" "log,pass,id:sid887,rev:6,msg:'WEB-CGI www-sql access'"

# (sid 888) WEB-CGI wwwadmin.pl access
SecFilterSelective THE_REQUEST "/wwwadmin\.pl" "log,pass,id:sid888,rev:5,msg:'WEB-CGI wwwadmin.pl access'"

# (sid 889) WEB-CGI ppdscgi.exe access
SecFilterSelective THE_REQUEST "/ppdscgi\.exe" "log,pass,id:sid889,rev:10,msg:'WEB-CGI ppdscgi.exe access'"

# (sid 890) WEB-CGI sendform.cgi access
SecFilterSelective THE_REQUEST "/sendform\.cgi" "log,pass,id:sid890,rev:10,msg:'WEB-CGI sendform.cgi access'"

# (sid 891) WEB-CGI upload.pl access
SecFilterSelective THE_REQUEST "/upload\.pl" "log,pass,id:sid891,rev:5,msg:'WEB-CGI upload.pl access'"

# (sid 892) WEB-CGI AnyForm2 access
SecFilterSelective THE_REQUEST "/AnyForm2" "log,pass,id:sid892,rev:10,msg:'WEB-CGI AnyForm2 access'"

# (sid 893) WEB-CGI MachineInfo access
SecFilterSelective THE_REQUEST "/MachineInfo" "log,pass,id:sid893,rev:7,msg:'WEB-CGI MachineInfo access'"

# (sid 1531) WEB-CGI bb-hist.sh attempt
SecFilterSelective THE_REQUEST "/bb-hist\.sh\?HISTFILE=\.\./\.\." "log,pass,id:sid1531,rev:6,msg:'WEB-CGI bb-hist.sh attempt'"

# (sid 894) WEB-CGI bb-hist.sh access
SecFilterSelective THE_REQUEST "/bb-hist\.sh" "log,pass,id:sid894,rev:8,msg:'WEB-CGI bb-hist.sh access'"

# (sid 1459) WEB-CGI bb-histlog.sh access
SecFilterSelective THE_REQUEST "/bb-histlog\.sh" "log,pass,id:sid1459,rev:7,msg:'WEB-CGI bb-histlog.sh access'"

# (sid 1460) WEB-CGI bb-histsvc.sh access
SecFilterSelective THE_REQUEST "/bb-histsvc\.sh" "log,pass,id:sid1460,rev:5,msg:'WEB-CGI bb-histsvc.sh access'"

# (sid 1532) WEB-CGI bb-hostscv.sh attempt
SecFilterSelective THE_REQUEST "/bb-hostsvc\.sh\?HOSTSVC\?\.\./\.\." "log,pass,id:sid1532,rev:7,msg:'WEB-CGI bb-hostscv.sh attempt'"

# (sid 1533) WEB-CGI bb-hostscv.sh access
SecFilterSelective THE_REQUEST "/bb-hostsvc\.sh" "log,pass,id:sid1533,rev:7,msg:'WEB-CGI bb-hostscv.sh access'"

# (sid 1461) WEB-CGI bb-rep.sh access
SecFilterSelective THE_REQUEST "/bb-rep\.sh" "log,pass,id:sid1461,rev:5,msg:'WEB-CGI bb-rep.sh access'"

# (sid 1462) WEB-CGI bb-replog.sh access
SecFilterSelective THE_REQUEST "/bb-replog\.sh" "log,pass,id:sid1462,rev:5,msg:'WEB-CGI bb-replog.sh access'"

# (sid 895) WEB-CGI redirect access
SecFilterSelective THE_REQUEST "/redirect" "log,pass,id:sid895,rev:7,msg:'WEB-CGI redirect access'"

# (sid 1397) WEB-CGI wayboard attempt
SecFilterSelective THE_REQUEST "/way-board/way-board\.cgi" "id:sid1397,rev:6,msg:'WEB-CGI wayboard attempt',chain"
SecFilter "\.\./\.\." "log,pass"

# (sid 896) WEB-CGI way-board access
SecFilterSelective THE_REQUEST "/way-board" "log,pass,id:sid896,rev:11,msg:'WEB-CGI way-board access'"

# (sid 1222) WEB-CGI pals-cgi arbitrary file access attempt
SecFilterSelective THE_REQUEST "/pals-cgi" "id:sid1222,rev:9,msg:'WEB-CGI pals-cgi arbitrary file access attempt',chain"
SecFilter "documentName=" "log,pass"

# (sid 897) WEB-CGI pals-cgi access
SecFilterSelective THE_REQUEST "/pals-cgi" "log,pass,id:sid897,rev:10,msg:'WEB-CGI pals-cgi access'"

# (sid 1572) WEB-CGI commerce.cgi arbitrary file access attempt
SecFilterSelective THE_REQUEST "/commerce\.cgi" "id:sid1572,rev:7,msg:'WEB-CGI commerce.cgi arbitrary file access attempt',chain"
SecFilter "/\.\./" "log,pass"

# (sid 898) WEB-CGI commerce.cgi access
SecFilterSelective THE_REQUEST "/commerce\.cgi" "log,pass,id:sid898,rev:9,msg:'WEB-CGI commerce.cgi access'"

# (sid 899) WEB-CGI Amaya templates sendtemp.pl directory traversal attempt
SecFilterSelective THE_REQUEST "/sendtemp\.pl" "id:sid899,rev:8,msg:'WEB-CGI Amaya templates sendtemp.pl directory traversal attempt',chain"
SecFilter "templ=" "log,pass"

# (sid 1702) WEB-CGI Amaya templates sendtemp.pl access
SecFilterSelective THE_REQUEST "/sendtemp\.pl" "log,pass,id:sid1702,rev:5,msg:'WEB-CGI Amaya templates sendtemp.pl access'"

# (sid 900) WEB-CGI webspirs.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/webspirs\.cgi" "id:sid900,rev:11,msg:'WEB-CGI webspirs.cgi directory traversal attempt',chain"
SecFilter "\.\./\.\./" "log,pass"

# (sid 901) WEB-CGI webspirs.cgi access
SecFilterSelective THE_REQUEST "/webspirs\.cgi" "log,pass,id:sid901,rev:10,msg:'WEB-CGI webspirs.cgi access'"

# (sid 902) WEB-CGI tstisapi.dll access
SecFilterSelective THE_REQUEST "tstisapi\.dll" "log,pass,id:sid902,rev:9,msg:'WEB-CGI tstisapi.dll access'"

# (sid 1308) WEB-CGI sendmessage.cgi access
SecFilterSelective THE_REQUEST "/sendmessage\.cgi" "log,pass,id:sid1308,rev:8,msg:'WEB-CGI sendmessage.cgi access'"

# (sid 1392) WEB-CGI lastlines.cgi access
SecFilterSelective THE_REQUEST "/lastlines\.cgi" "log,pass,id:sid1392,rev:10,msg:'WEB-CGI lastlines.cgi access'"

# (sid 1395) WEB-CGI zml.cgi attempt
SecFilterSelective THE_REQUEST "/zml\.cgi" "id:sid1395,rev:8,msg:'WEB-CGI zml.cgi attempt',chain"
SecFilter "file=\.\./" "log,pass"

# (sid 1396) WEB-CGI zml.cgi access
SecFilterSelective THE_REQUEST "/zml\.cgi" "log,pass,id:sid1396,rev:8,msg:'WEB-CGI zml.cgi access'"

# (sid 1405) WEB-CGI AHG search.cgi access
SecFilterSelective THE_REQUEST "/publisher/search\.cgi" "id:sid1405,rev:5,msg:'WEB-CGI AHG search.cgi access',chain"
SecFilter "template=" "log,pass"

# (sid 1534) WEB-CGI agora.cgi attempt
SecFilterSelective THE_REQUEST "/store/agora\.cgi\?cart_id=<SCRIPT>" "log,pass,id:sid1534,rev:8,msg:'WEB-CGI agora.cgi attempt'"

# (sid 1406) WEB-CGI agora.cgi access
SecFilterSelective THE_REQUEST "/store/agora\.cgi" "log,pass,id:sid1406,rev:11,msg:'WEB-CGI agora.cgi access'"

# (sid 1648) WEB-CGI perl.exe command attempt
SecFilterSelective THE_REQUEST "/perl\.exe\?" "log,pass,id:sid1648,rev:7,msg:'WEB-CGI perl.exe command attempt'"

# (sid 832) WEB-CGI perl.exe access
SecFilterSelective THE_REQUEST "/perl\.exe" "log,pass,id:sid832,rev:11,msg:'WEB-CGI perl.exe access'"

# (sid 1649) WEB-CGI perl command attempt
SecFilterSelective THE_REQUEST "/perl\?" "log,pass,id:sid1649,rev:7,msg:'WEB-CGI perl command attempt'"

# (sid 1703) WEB-CGI auktion.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/auktion\.cgi" "id:sid1703,rev:7,msg:'WEB-CGI auktion.cgi directory traversal attempt',chain"
SecFilter "menue=\.\./\.\./" "log,pass"

# (sid 1465) WEB-CGI auktion.cgi access
SecFilterSelective THE_REQUEST "/auktion\.cgi" "log,pass,id:sid1465,rev:8,msg:'WEB-CGI auktion.cgi access'"

# (sid 1573) WEB-CGI cgiforum.pl attempt
SecFilterSelective THE_REQUEST "/cgiforum\.pl\?thesection=\.\./\.\." "log,pass,id:sid1573,rev:6,msg:'WEB-CGI cgiforum.pl attempt'"

# (sid 1466) WEB-CGI cgiforum.pl access
SecFilterSelective THE_REQUEST "/cgiforum\.pl" "log,pass,id:sid1466,rev:8,msg:'WEB-CGI cgiforum.pl access'"

# (sid 1574) WEB-CGI directorypro.cgi attempt
SecFilterSelective THE_REQUEST "/directorypro\.cgi" "id:sid1574,rev:7,msg:'WEB-CGI directorypro.cgi attempt',chain"
SecFilter "\.\./\.\." "log,pass"

# (sid 1467) WEB-CGI directorypro.cgi access
SecFilterSelective THE_REQUEST "/directorypro\.cgi" "log,pass,id:sid1467,rev:7,msg:'WEB-CGI directorypro.cgi access'"

# (sid 1468) WEB-CGI Web Shopper shopper.cgi attempt
SecFilterSelective THE_REQUEST "/shopper\.cgi" "id:sid1468,rev:7,msg:'WEB-CGI Web Shopper shopper.cgi attempt',chain"
SecFilter "newpage=\.\./" "log,pass"

# (sid 1469) WEB-CGI Web Shopper shopper.cgi access
SecFilterSelective THE_REQUEST "/shopper\.cgi" "log,pass,id:sid1469,rev:5,msg:'WEB-CGI Web Shopper shopper.cgi access'"

# (sid 1470) WEB-CGI listrec.pl access
SecFilterSelective THE_REQUEST "/listrec\.pl" "log,pass,id:sid1470,rev:7,msg:'WEB-CGI listrec.pl access'"

# (sid 1471) WEB-CGI mailnews.cgi access
SecFilterSelective THE_REQUEST "/mailnews\.cgi" "log,pass,id:sid1471,rev:8,msg:'WEB-CGI mailnews.cgi access'"

# (sid 1472) WEB-CGI book.cgi access
SecFilterSelective THE_REQUEST "/book\.cgi" "log,pass,id:sid1472,rev:9,msg:'WEB-CGI book.cgi access'"

# (sid 1473) WEB-CGI newsdesk.cgi access
SecFilterSelective THE_REQUEST "/newsdesk\.cgi" "log,pass,id:sid1473,rev:7,msg:'WEB-CGI newsdesk.cgi access'"

# (sid 1704) WEB-CGI cal_make.pl directory traversal attempt
SecFilterSelective THE_REQUEST "/cal_make\.pl" "id:sid1704,rev:7,msg:'WEB-CGI cal_make.pl directory traversal attempt',chain"
SecFilter "p0=\.\./\.\./" "log,pass"

# (sid 1474) WEB-CGI cal_make.pl access
SecFilterSelective THE_REQUEST "/cal_make\.pl" "log,pass,id:sid1474,rev:9,msg:'WEB-CGI cal_make.pl access'"

# (sid 1475) WEB-CGI mailit.pl access
SecFilterSelective THE_REQUEST "/mailit\.pl" "log,pass,id:sid1475,rev:6,msg:'WEB-CGI mailit.pl access'"

# (sid 1476) WEB-CGI sdbsearch.cgi access
SecFilterSelective THE_REQUEST "/sdbsearch\.cgi" "log,pass,id:sid1476,rev:9,msg:'WEB-CGI sdbsearch.cgi access'"

# (sid 1478) WEB-CGI swc access
SecFilterSelective THE_REQUEST "/swc" "log,pass,id:sid1478,rev:5,msg:'WEB-CGI swc access'"

# (sid 1479) WEB-CGI ttawebtop.cgi arbitrary file attempt
SecFilterSelective THE_REQUEST "/ttawebtop\.cgi" "id:sid1479,rev:8,msg:'WEB-CGI ttawebtop.cgi arbitrary file attempt',chain"
SecFilter "pg=\.\./" "log,pass"

# (sid 1480) WEB-CGI ttawebtop.cgi access
SecFilterSelective THE_REQUEST "/ttawebtop\.cgi" "log,pass,id:sid1480,rev:9,msg:'WEB-CGI ttawebtop.cgi access'"

# (sid 1481) WEB-CGI upload.cgi access
SecFilterSelective THE_REQUEST "/upload\.cgi" "log,pass,id:sid1481,rev:4,msg:'WEB-CGI upload.cgi access'"

# (sid 1482) WEB-CGI view_source access
SecFilterSelective THE_REQUEST "/view_source" "log,pass,id:sid1482,rev:7,msg:'WEB-CGI view_source access'"

# (sid 1730) WEB-CGI ustorekeeper.pl directory traversal attempt
SecFilterSelective THE_REQUEST "/ustorekeeper\.pl" "id:sid1730,rev:8,msg:'WEB-CGI ustorekeeper.pl directory traversal attempt',chain"
SecFilter "file=\.\./\.\./" "log,pass"

# (sid 1483) WEB-CGI ustorekeeper.pl access
SecFilterSelective THE_REQUEST "/ustorekeeper\.pl" "log,pass,id:sid1483,rev:10,msg:'WEB-CGI ustorekeeper.pl access'"

# (sid 1606) WEB-CGI icat access
SecFilterSelective THE_REQUEST "/icat" "log,pass,id:sid1606,rev:6,msg:'WEB-CGI icat access'"

# (sid 1617) WEB-CGI Bugzilla doeditvotes.cgi access
SecFilterSelective THE_REQUEST "/doeditvotes\.cgi" "log,pass,id:sid1617,rev:8,msg:'WEB-CGI Bugzilla doeditvotes.cgi access'"

# (sid 1600) WEB-CGI htsearch arbitrary configuration file attempt
SecFilterSelective THE_REQUEST "/htsearch\?-c" "log,pass,id:sid1600,rev:6,msg:'WEB-CGI htsearch arbitrary configuration file attempt'"

# (sid 1601) WEB-CGI htsearch arbitrary file read attempt
SecFilterSelective THE_REQUEST "/htsearch\?exclude=`" "log,pass,id:sid1601,rev:9,msg:'WEB-CGI htsearch arbitrary file read attempt'"

# (sid 1602) WEB-CGI htsearch access
SecFilterSelective THE_REQUEST "/htsearch" "log,pass,id:sid1602,rev:9,msg:'WEB-CGI htsearch access'"

# (sid 1501) WEB-CGI a1stats a1disp3.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/a1disp3\.cgi\?/\.\./\.\./" "log,pass,id:sid1501,rev:8,msg:'WEB-CGI a1stats a1disp3.cgi directory traversal attempt'"

# (sid 1502) WEB-CGI a1stats a1disp3.cgi access
SecFilterSelective THE_REQUEST "/a1disp3\.cgi" "log,pass,id:sid1502,rev:8,msg:'WEB-CGI a1stats a1disp3.cgi access'"

# (sid 1731) WEB-CGI a1stats access
SecFilterSelective THE_REQUEST "/a1stats/" "log,pass,id:sid1731,rev:7,msg:'WEB-CGI a1stats access'"

# (sid 1503) WEB-CGI admentor admin.asp access
SecFilterSelective THE_REQUEST "/admentor/admin/admin\.asp" "log,pass,id:sid1503,rev:8,msg:'WEB-CGI admentor admin.asp access'"

# (sid 1505) WEB-CGI alchemy http server PRN arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/PRN/\.\./\.\./" "log,pass,id:sid1505,rev:7,msg:'WEB-CGI alchemy http server PRN arbitrary command execution attempt'"

# (sid 1506) WEB-CGI alchemy http server NUL arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/NUL/\.\./\.\./" "log,pass,id:sid1506,rev:7,msg:'WEB-CGI alchemy http server NUL arbitrary command execution attempt'"

# (sid 1508) WEB-CGI alibaba.pl access
SecFilterSelective THE_REQUEST "/alibaba\.pl" "log,pass,id:sid1508,rev:8,msg:'WEB-CGI alibaba.pl access'"

# (sid 1509) WEB-CGI AltaVista Intranet Search directory traversal attempt
SecFilterSelective THE_REQUEST "/query\?mss=\.\." "log,pass,id:sid1509,rev:9,msg:'WEB-CGI AltaVista Intranet Search directory traversal attempt'"

# (sid 1511) WEB-CGI test.bat access
SecFilterSelective THE_REQUEST "/test\.bat" "log,pass,id:sid1511,rev:9,msg:'WEB-CGI test.bat access'"

# (sid 1513) WEB-CGI input.bat access
SecFilterSelective THE_REQUEST "/input\.bat" "log,pass,id:sid1513,rev:9,msg:'WEB-CGI input.bat access'"

# (sid 1515) WEB-CGI input2.bat access
SecFilterSelective THE_REQUEST "/input2\.bat" "log,pass,id:sid1515,rev:9,msg:'WEB-CGI input2.bat access'"

# (sid 1517) WEB-CGI envout.bat access
SecFilterSelective THE_REQUEST "/envout\.bat" "log,pass,id:sid1517,rev:9,msg:'WEB-CGI envout.bat access'"

# (sid 1705) WEB-CGI echo.bat arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/echo\.bat" "id:sid1705,rev:7,msg:'WEB-CGI echo.bat arbitrary command execution attempt',chain"
SecFilter "&" "log,pass"

# (sid 1706) WEB-CGI echo.bat access
SecFilterSelective THE_REQUEST "/echo\.bat" "log,pass,id:sid1706,rev:7,msg:'WEB-CGI echo.bat access'"

# (sid 1707) WEB-CGI hello.bat arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/hello\.bat" "id:sid1707,rev:7,msg:'WEB-CGI hello.bat arbitrary command execution attempt',chain"
SecFilter "&" "log,pass"

# (sid 1708) WEB-CGI hello.bat access
SecFilterSelective THE_REQUEST "/hello\.bat" "log,pass,id:sid1708,rev:7,msg:'WEB-CGI hello.bat access'"

# (sid 1650) WEB-CGI tst.bat access
SecFilterSelective THE_REQUEST "/tst\.bat" "log,pass,id:sid1650,rev:7,msg:'WEB-CGI tst.bat access'"

# (sid 1539) WEB-CGI /cgi-bin/ls access
SecFilterSelective THE_REQUEST "/cgi-bin/ls" "log,pass,id:sid1539,rev:6,msg:'WEB-CGI /cgi-bin/ls access'"

# (sid 1542) WEB-CGI cgimail access
SecFilterSelective THE_REQUEST "/cgimail" "log,pass,id:sid1542,rev:8,msg:'WEB-CGI cgimail access'"

# (sid 1543) WEB-CGI cgiwrap access
SecFilterSelective THE_REQUEST "/cgiwrap" "log,pass,id:sid1543,rev:12,msg:'WEB-CGI cgiwrap access'"

# (sid 1547) WEB-CGI csSearch.cgi arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/csSearch\.cgi" "id:sid1547,rev:11,msg:'WEB-CGI csSearch.cgi arbitrary command execution attempt',chain"
SecFilter "`" "log,pass"

# (sid 1548) WEB-CGI csSearch.cgi access
SecFilterSelective THE_REQUEST "/csSearch\.cgi" "log,pass,id:sid1548,rev:9,msg:'WEB-CGI csSearch.cgi access'"

# (sid 1553) WEB-CGI /cart/cart.cgi access
SecFilterSelective THE_REQUEST "/cart/cart\.cgi" "log,pass,id:sid1553,rev:7,msg:'WEB-CGI /cart/cart.cgi access'"

# (sid 1554) WEB-CGI dbman db.cgi access
SecFilterSelective THE_REQUEST "/dbman/db\.cgi" "log,pass,id:sid1554,rev:9,msg:'WEB-CGI dbman db.cgi access'"

# (sid 1555) WEB-CGI DCShop access
SecFilterSelective THE_REQUEST "/dcshop" "log,pass,id:sid1555,rev:7,msg:'WEB-CGI DCShop access'"

# (sid 1556) WEB-CGI DCShop orders.txt access
SecFilterSelective THE_REQUEST "/orders/orders\.txt" "log,pass,id:sid1556,rev:7,msg:'WEB-CGI DCShop orders.txt access'"

# (sid 1557) WEB-CGI DCShop auth_user_file.txt access
SecFilterSelective THE_REQUEST "/auth_data/auth_user_file\.txt" "log,pass,id:sid1557,rev:7,msg:'WEB-CGI DCShop auth_user_file.txt access'"

# (sid 1566) WEB-CGI eshop.pl access
SecFilterSelective THE_REQUEST "/eshop\.pl" "log,pass,id:sid1566,rev:7,msg:'WEB-CGI eshop.pl access'"

# (sid 1569) WEB-CGI loadpage.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/loadpage\.cgi" "id:sid1569,rev:8,msg:'WEB-CGI loadpage.cgi directory traversal attempt',chain"
SecFilter "file=\.\./" "log,pass"

# (sid 1570) WEB-CGI loadpage.cgi access
SecFilterSelective THE_REQUEST "/loadpage\.cgi" "log,pass,id:sid1570,rev:7,msg:'WEB-CGI loadpage.cgi access'"

# (sid 1591) WEB-CGI faqmanager.cgi access
SecFilterSelective THE_REQUEST "/faqmanager\.cgi" "log,pass,id:sid1591,rev:6,msg:'WEB-CGI faqmanager.cgi access'"

# (sid 1592) WEB-CGI /fcgi-bin/echo.exe access
SecFilterSelective THE_REQUEST "/fcgi-bin/echo\.exe" "log,pass,id:sid1592,rev:6,msg:'WEB-CGI /fcgi-bin/echo.exe access'"

# (sid 1628) WEB-CGI FormHandler.cgi directory traversal attempt attempt
SecFilterSelective THE_REQUEST "/FormHandler\.cgi" "id:sid1628,rev:10,msg:'WEB-CGI FormHandler.cgi directory traversal attempt attempt',chain"
SecFilter "/\.\./" "log,pass"

# (sid 1593) WEB-CGI FormHandler.cgi external site redirection attempt
SecFilterSelective THE_REQUEST "/FormHandler\.cgi" "id:sid1593,rev:10,msg:'WEB-CGI FormHandler.cgi external site redirection attempt',chain"
SecFilter "redirect=http" "log,pass"

# (sid 1594) WEB-CGI FormHandler.cgi access
SecFilterSelective THE_REQUEST "/FormHandler\.cgi" "log,pass,id:sid1594,rev:10,msg:'WEB-CGI FormHandler.cgi access'"

# (sid 1597) WEB-CGI guestbook.cgi access
SecFilterSelective THE_REQUEST "/guestbook\.cgi" "log,pass,id:sid1597,rev:7,msg:'WEB-CGI guestbook.cgi access'"

# (sid 1598) WEB-CGI Home Free search.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/search\.cgi" "id:sid1598,rev:7,msg:'WEB-CGI Home Free search.cgi directory traversal attempt',chain"
SecFilter "letter=\.\./\.\." "log,pass"

# (sid 1599) WEB-CGI search.cgi access
SecFilterSelective THE_REQUEST "/search\.cgi" "log,pass,id:sid1599,rev:7,msg:'WEB-CGI search.cgi access'"

# (sid 1651) WEB-CGI environ.pl access
SecFilterSelective THE_REQUEST "/environ\.pl" "log,pass,id:sid1651,rev:5,msg:'WEB-CGI environ.pl access'"

# (sid 1653) WEB-CGI campus access
SecFilterSelective THE_REQUEST "/campus" "log,pass,id:sid1653,rev:7,msg:'WEB-CGI campus access'"

# (sid 1654) WEB-CGI cart32.exe access
SecFilterSelective THE_REQUEST "/cart32\.exe" "log,pass,id:sid1654,rev:6,msg:'WEB-CGI cart32.exe access'"

# (sid 1655) WEB-CGI pfdispaly.cgi arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/pfdispaly\.cgi\?'" "log,pass,id:sid1655,rev:6,msg:'WEB-CGI pfdispaly.cgi arbitrary command execution attempt'"

# (sid 1656) WEB-CGI pfdispaly.cgi access
SecFilterSelective THE_REQUEST "/pfdispaly\.cgi" "log,pass,id:sid1656,rev:6,msg:'WEB-CGI pfdispaly.cgi access'"

# (sid 1657) WEB-CGI pagelog.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/pagelog\.cgi" "id:sid1657,rev:6,msg:'WEB-CGI pagelog.cgi directory traversal attempt',chain"
SecFilter "name=\.\./" "log,pass"

# (sid 1658) WEB-CGI pagelog.cgi access
SecFilterSelective THE_REQUEST "/pagelog\.cgi" "log,pass,id:sid1658,rev:7,msg:'WEB-CGI pagelog.cgi access'"

# (sid 1709) WEB-CGI ad.cgi access
SecFilterSelective THE_REQUEST "/ad\.cgi" "log,pass,id:sid1709,rev:6,msg:'WEB-CGI ad.cgi access'"

# (sid 1710) WEB-CGI bbs_forum.cgi access
SecFilterSelective THE_REQUEST "/bbs_forum\.cgi" "log,pass,id:sid1710,rev:6,msg:'WEB-CGI bbs_forum.cgi access'"

# (sid 1711) WEB-CGI bsguest.cgi access
SecFilterSelective THE_REQUEST "/bsguest\.cgi" "log,pass,id:sid1711,rev:6,msg:'WEB-CGI bsguest.cgi access'"

# (sid 1712) WEB-CGI bslist.cgi access
SecFilterSelective THE_REQUEST "/bslist\.cgi" "log,pass,id:sid1712,rev:6,msg:'WEB-CGI bslist.cgi access'"

# (sid 1713) WEB-CGI cgforum.cgi access
SecFilterSelective THE_REQUEST "/cgforum\.cgi" "log,pass,id:sid1713,rev:6,msg:'WEB-CGI cgforum.cgi access'"

# (sid 1714) WEB-CGI newdesk access
SecFilterSelective THE_REQUEST "/newdesk" "log,pass,id:sid1714,rev:4,msg:'WEB-CGI newdesk access'"

# (sid 1715) WEB-CGI register.cgi access
SecFilterSelective THE_REQUEST "/register\.cgi" "log,pass,id:sid1715,rev:6,msg:'WEB-CGI register.cgi access'"

# (sid 1716) WEB-CGI gbook.cgi access
SecFilterSelective THE_REQUEST "/gbook\.cgi" "log,pass,id:sid1716,rev:6,msg:'WEB-CGI gbook.cgi access'"

# (sid 1717) WEB-CGI simplestguest.cgi access
SecFilterSelective THE_REQUEST "/simplestguest\.cgi" "log,pass,id:sid1717,rev:6,msg:'WEB-CGI simplestguest.cgi access'"

# (sid 1718) WEB-CGI statsconfig.pl access
SecFilterSelective THE_REQUEST "/statsconfig\.pl" "log,pass,id:sid1718,rev:7,msg:'WEB-CGI statsconfig.pl access'"

# (sid 1719) WEB-CGI talkback.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/talkbalk\.cgi" "id:sid1719,rev:6,msg:'WEB-CGI talkback.cgi directory traversal attempt',chain"
SecFilter "article=\.\./\.\./" "log,pass"

# (sid 1720) WEB-CGI talkback.cgi access
SecFilterSelective THE_REQUEST "/talkbalk\.cgi" "log,pass,id:sid1720,rev:6,msg:'WEB-CGI talkback.cgi access'"

# (sid 1721) WEB-CGI adcycle access
SecFilterSelective THE_REQUEST "/adcycle" "log,pass,id:sid1721,rev:6,msg:'WEB-CGI adcycle access'"

# (sid 1722) WEB-CGI MachineInfo access
SecFilterSelective THE_REQUEST "/MachineInfo" "log,pass,id:sid1722,rev:6,msg:'WEB-CGI MachineInfo access'"

# (sid 1723) WEB-CGI emumail.cgi NULL attempt
SecFilterSelective THE_REQUEST "/emumail\.cgi" "id:sid1723,rev:7,msg:'WEB-CGI emumail.cgi NULL attempt',chain"
SecFilter "\x00" "log,pass"

# (sid 1724) WEB-CGI emumail.cgi access
SecFilterSelective THE_REQUEST "/emumail\.cgi" "log,pass,id:sid1724,rev:6,msg:'WEB-CGI emumail.cgi access'"

# (sid 1642) WEB-CGI document.d2w access
SecFilterSelective THE_REQUEST "/document\.d2w" "log,pass,id:sid1642,rev:7,msg:'WEB-CGI document.d2w access'"

# (sid 1643) WEB-CGI db2www access
SecFilterSelective THE_REQUEST "/db2www" "log,pass,id:sid1643,rev:6,msg:'WEB-CGI db2www access'"

# (sid 1668) WEB-CGI /cgi-bin/ access
SecFilterSelective THE_REQUEST "/cgi-bin/" "id:sid1668,rev:6,msg:'WEB-CGI /cgi-bin/ access',chain"
SecFilter "/cgi-bin/ HTTP" "log,pass"

# (sid 1669) WEB-CGI /cgi-dos/ access
SecFilterSelective THE_REQUEST "/cgi-dos/" "id:sid1669,rev:5,msg:'WEB-CGI /cgi-dos/ access',chain"
SecFilter "/cgi-dos/ HTTP" "log,pass"

# (sid 1051) WEB-CGI technote main.cgi file directory traversal attempt
SecFilterSelective THE_REQUEST "/technote/main\.cgi" "id:sid1051,rev:11,msg:'WEB-CGI technote main.cgi file directory traversal attempt',chain"
SecFilter "\.\./\.\./" "log,pass"

# (sid 1052) WEB-CGI technote print.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/technote/print\.cgi" "id:sid1052,rev:10,msg:'WEB-CGI technote print.cgi directory traversal attempt',chain"
SecFilter "\x00" "log,pass"

# (sid 1088) WEB-CGI eXtropia webstore directory traversal
SecFilterSelective THE_REQUEST "/web_store\.cgi" "id:sid1088,rev:11,msg:'WEB-CGI eXtropia webstore directory traversal',chain"
SecFilter "page=\.\./" "log,pass"

# (sid 1611) WEB-CGI eXtropia webstore access
SecFilterSelective THE_REQUEST "/web_store\.cgi" "log,pass,id:sid1611,rev:7,msg:'WEB-CGI eXtropia webstore access'"

# (sid 1089) WEB-CGI shopping cart directory traversal
SecFilterSelective THE_REQUEST "/shop\.cgi" "id:sid1089,rev:9,msg:'WEB-CGI shopping cart directory traversal',chain"
SecFilter "page=\.\./" "log,pass"

# (sid 1090) WEB-CGI Allaire Pro Web Shell attempt
SecFilterSelective THE_REQUEST "/authenticate\.cgi\?PASSWORD" "id:sid1090,rev:7,msg:'WEB-CGI Allaire Pro Web Shell attempt',chain"
SecFilter "config\.ini" "log,pass"

# (sid 1092) WEB-CGI Armada Style Master Index directory traversal
SecFilterSelective THE_REQUEST "/search\.cgi\?keys" "id:sid1092,rev:12,msg:'WEB-CGI Armada Style Master Index directory traversal',chain"
SecFilter "catigory=\.\./" "log,pass"

# (sid 1093) WEB-CGI cached_feed.cgi moreover shopping cart directory traversal
SecFilterSelective THE_REQUEST "/cached_feed\.cgi" "id:sid1093,rev:10,msg:'WEB-CGI cached_feed.cgi moreover shopping cart directory traversal',chain"
SecFilter "\.\./" "log,pass"

# (sid 2051) WEB-CGI cached_feed.cgi moreover shopping cart access
SecFilterSelective THE_REQUEST "/cached_feed\.cgi" "log,pass,id:sid2051,rev:3,msg:'WEB-CGI cached_feed.cgi moreover shopping cart access'"

# (sid 1097) WEB-CGI Talentsoft Web+ exploit attempt
SecFilterSelective THE_REQUEST "/webplus\.cgi\?Script=/webplus/webping/webping\.wml" "log,pass,id:sid1097,rev:6,msg:'WEB-CGI Talentsoft Web+ exploit attempt'"

# (sid 1106) WEB-CGI Poll-it access
SecFilterSelective THE_REQUEST "/pollit/Poll_It_SSI_v2\.0\.cgi" "log,pass,id:sid1106,rev:11,msg:'WEB-CGI Poll-it access'"

# (sid 1149) WEB-CGI count.cgi access
SecFilterSelective THE_REQUEST "/count\.cgi" "log,pass,id:sid1149,rev:12,msg:'WEB-CGI count.cgi access'"

# (sid 1163) WEB-CGI webdist.cgi access
SecFilterSelective THE_REQUEST "/webdist\.cgi" "log,pass,id:sid1163,rev:11,msg:'WEB-CGI webdist.cgi access'"

# (sid 1172) WEB-CGI bigconf.cgi access
SecFilterSelective THE_REQUEST "/bigconf\.cgi" "log,pass,id:sid1172,rev:10,msg:'WEB-CGI bigconf.cgi access'"

# (sid 1174) WEB-CGI /cgi-bin/jj access
SecFilterSelective THE_REQUEST "/cgi-bin/jj" "log,pass,id:sid1174,rev:10,msg:'WEB-CGI /cgi-bin/jj access'"

# (sid 1185) WEB-CGI bizdbsearch attempt
SecFilterSelective THE_REQUEST "/bizdb1-search\.cgi" "id:sid1185,rev:12,msg:'WEB-CGI bizdbsearch attempt',chain"
SecFilter "mail" "log,pass"

# (sid 1535) WEB-CGI bizdbsearch access
SecFilterSelective THE_REQUEST "/bizdb1-search\.cgi" "log,pass,id:sid1535,rev:9,msg:'WEB-CGI bizdbsearch access'"

# (sid 1194) WEB-CGI sojourn.cgi File attempt
SecFilterSelective THE_REQUEST "/sojourn\.cgi\?cat=" "id:sid1194,rev:10,msg:'WEB-CGI sojourn.cgi File attempt',chain"
SecFilter "\x00" "log,pass"

# (sid 1195) WEB-CGI sojourn.cgi access
SecFilterSelective THE_REQUEST "/sojourn\.cgi" "log,pass,id:sid1195,rev:10,msg:'WEB-CGI sojourn.cgi access'"

# (sid 1196) WEB-CGI SGI InfoSearch fname attempt
SecFilterSelective THE_REQUEST "/infosrch\.cgi\?" "id:sid1196,rev:10,msg:'WEB-CGI SGI InfoSearch fname attempt',chain"
SecFilter "fname=" "log,pass"

# (sid 1727) WEB-CGI SGI InfoSearch fname access
SecFilterSelective THE_REQUEST "/infosrch\.cgi" "log,pass,id:sid1727,rev:7,msg:'WEB-CGI SGI InfoSearch fname access'"

# (sid 1204) WEB-CGI ax-admin.cgi access
SecFilterSelective THE_REQUEST "/ax-admin\.cgi" "log,pass,id:sid1204,rev:6,msg:'WEB-CGI ax-admin.cgi access'"

# (sid 1205) WEB-CGI axs.cgi access
SecFilterSelective THE_REQUEST "/axs\.cgi" "log,pass,id:sid1205,rev:6,msg:'WEB-CGI axs.cgi access'"

# (sid 1206) WEB-CGI cachemgr.cgi access
SecFilterSelective THE_REQUEST "/cachemgr\.cgi" "log,pass,id:sid1206,rev:10,msg:'WEB-CGI cachemgr.cgi access'"

# (sid 1208) WEB-CGI responder.cgi access
SecFilterSelective THE_REQUEST "/responder\.cgi" "log,pass,id:sid1208,rev:8,msg:'WEB-CGI responder.cgi access'"

# (sid 1211) WEB-CGI web-map.cgi access
SecFilterSelective THE_REQUEST "/web-map\.cgi" "log,pass,id:sid1211,rev:6,msg:'WEB-CGI web-map.cgi access'"

# (sid 1215) WEB-CGI ministats admin access
SecFilterSelective THE_REQUEST "/ministats/admin\.cgi" "log,pass,id:sid1215,rev:6,msg:'WEB-CGI ministats admin access'"

# (sid 1219) WEB-CGI dfire.cgi access
SecFilterSelective THE_REQUEST "/dfire\.cgi" "log,pass,id:sid1219,rev:11,msg:'WEB-CGI dfire.cgi access'"

# (sid 1305) WEB-CGI txt2html.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/txt2html\.cgi" "id:sid1305,rev:6,msg:'WEB-CGI txt2html.cgi directory traversal attempt',chain"
SecFilter "/\.\./\.\./\.\./\.\./" "log,pass"

# (sid 1304) WEB-CGI txt2html.cgi access
SecFilterSelective THE_REQUEST "/txt2html\.cgi" "log,pass,id:sid1304,rev:7,msg:'WEB-CGI txt2html.cgi access'"

# (sid 1488) WEB-CGI store.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/store\.cgi" "id:sid1488,rev:8,msg:'WEB-CGI store.cgi directory traversal attempt',chain"
SecFilter "\.\./" "log,pass"

# (sid 1307) WEB-CGI store.cgi access
SecFilterSelective THE_REQUEST "/store\.cgi" "log,pass,id:sid1307,rev:9,msg:'WEB-CGI store.cgi access'"

# (sid 1494) WEB-CGI SIX webboard generate.cgi attempt
SecFilterSelective THE_REQUEST "/generate\.cgi" "id:sid1494,rev:8,msg:'WEB-CGI SIX webboard generate.cgi attempt',chain"
SecFilter "content=\.\./" "log,pass"

# (sid 1495) WEB-CGI SIX webboard generate.cgi access
SecFilterSelective THE_REQUEST "/generate\.cgi" "log,pass,id:sid1495,rev:6,msg:'WEB-CGI SIX webboard generate.cgi access'"

# (sid 1496) WEB-CGI spin_client.cgi access
SecFilterSelective THE_REQUEST "/spin_client\.cgi" "log,pass,id:sid1496,rev:7,msg:'WEB-CGI spin_client.cgi access'"

# (sid 1787) WEB-CGI csPassword.cgi access
SecFilterSelective THE_REQUEST "/csPassword\.cgi" "log,pass,id:sid1787,rev:7,msg:'WEB-CGI csPassword.cgi access'"

# (sid 1788) WEB-CGI csPassword password.cgi.tmp access
SecFilterSelective THE_REQUEST "/password\.cgi\.tmp" "log,pass,id:sid1788,rev:3,msg:'WEB-CGI csPassword password.cgi.tmp access'"

# (sid 1763) WEB-CGI Nortel Contivity cgiproc DOS attempt
SecFilterSelective THE_REQUEST "/cgiproc\?Nocfile=" "log,pass,id:sid1763,rev:6,msg:'WEB-CGI Nortel Contivity cgiproc DOS attempt'"

# (sid 1765) WEB-CGI Nortel Contivity cgiproc access
SecFilterSelective THE_REQUEST "/cgiproc" "log,pass,id:sid1765,rev:6,msg:'WEB-CGI Nortel Contivity cgiproc access'"

# (sid 1805) WEB-CGI Oracle reports CGI access
SecFilterSelective THE_REQUEST "/rwcgi60" "id:sid1805,rev:4,msg:'WEB-CGI Oracle reports CGI access',chain"
SecFilter "setauth=" "log,pass"

# (sid 1824) WEB-CGI alienform.cgi access
SecFilterSelective THE_REQUEST "/alienform\.cgi" "log,pass,id:sid1824,rev:6,msg:'WEB-CGI alienform.cgi access'"

# (sid 1825) WEB-CGI AlienForm af.cgi access
SecFilterSelective THE_REQUEST "/af\.cgi" "log,pass,id:sid1825,rev:6,msg:'WEB-CGI AlienForm af.cgi access'"

# (sid 1870) WEB-CGI siteUserMod.cgi access
SecFilterSelective THE_REQUEST "/\.cobalt/siteUserMod/siteUserMod\.cgi" "log,pass,id:sid1870,rev:5,msg:'WEB-CGI siteUserMod.cgi access'"

# (sid 1875) WEB-CGI cgicso access
SecFilterSelective THE_REQUEST "/cgicso" "log,pass,id:sid1875,rev:4,msg:'WEB-CGI cgicso access'"

# (sid 1876) WEB-CGI nph-publish.cgi access
SecFilterSelective THE_REQUEST "/nph-publish\.cgi" "log,pass,id:sid1876,rev:4,msg:'WEB-CGI nph-publish.cgi access'"

# (sid 1877) WEB-CGI printenv access
SecFilterSelective THE_REQUEST "/printenv" "log,pass,id:sid1877,rev:7,msg:'WEB-CGI printenv access'"

# (sid 1878) WEB-CGI sdbsearch.cgi access
SecFilterSelective THE_REQUEST "/sdbsearch\.cgi" "log,pass,id:sid1878,rev:5,msg:'WEB-CGI sdbsearch.cgi access'"

# (sid 1931) WEB-CGI rpc-nlog.pl access
SecFilterSelective THE_REQUEST "/rpc-nlog\.pl" "log,pass,id:sid1931,rev:4,msg:'WEB-CGI rpc-nlog.pl access'"

# (sid 1932) WEB-CGI rpc-smb.pl access
SecFilterSelective THE_REQUEST "/rpc-smb\.pl" "log,pass,id:sid1932,rev:3,msg:'WEB-CGI rpc-smb.pl access'"

# (sid 1933) WEB-CGI cart.cgi access
SecFilterSelective THE_REQUEST "/cart\.cgi" "log,pass,id:sid1933,rev:5,msg:'WEB-CGI cart.cgi access'"

# (sid 1994) WEB-CGI vpasswd.cgi access
SecFilterSelective THE_REQUEST "/vpasswd\.cgi" "log,pass,id:sid1994,rev:3,msg:'WEB-CGI vpasswd.cgi access'"

# (sid 1995) WEB-CGI alya.cgi access
SecFilterSelective THE_REQUEST "/alya\.cgi" "log,pass,id:sid1995,rev:2,msg:'WEB-CGI alya.cgi access'"

# (sid 1996) WEB-CGI viralator.cgi access
SecFilterSelective THE_REQUEST "/viralator\.cgi" "log,pass,id:sid1996,rev:5,msg:'WEB-CGI viralator.cgi access'"

# (sid 2001) WEB-CGI smartsearch.cgi access
SecFilterSelective THE_REQUEST "/smartsearch\.cgi" "log,pass,id:sid2001,rev:3,msg:'WEB-CGI smartsearch.cgi access'"

# (sid 1862) WEB-CGI mrtg.cgi directory traversal attempt
SecFilterSelective THE_REQUEST "/mrtg\.cgi" "id:sid1862,rev:7,msg:'WEB-CGI mrtg.cgi directory traversal attempt',chain"
SecFilter "cfg=/\.\./" "log,pass"

# (sid 2052) WEB-CGI overflow.cgi access
SecFilterSelective THE_REQUEST "/overflow\.cgi" "log,pass,id:sid2052,rev:5,msg:'WEB-CGI overflow.cgi access'"

# (sid 1850) WEB-CGI way-board.cgi access
SecFilterSelective THE_REQUEST "/way-board\.cgi" "log,pass,id:sid1850,rev:3,msg:'WEB-CGI way-board.cgi access'"

# (sid 2053) WEB-CGI process_bug.cgi access
SecFilterSelective THE_REQUEST "/process_bug\.cgi" "log,pass,id:sid2053,rev:4,msg:'WEB-CGI process_bug.cgi access'"

# (sid 2055) WEB-CGI enter_bug.cgi access
SecFilterSelective THE_REQUEST "/enter_bug\.cgi" "log,pass,id:sid2055,rev:3,msg:'WEB-CGI enter_bug.cgi access'"

# (sid 2085) WEB-CGI parse_xml.cgi access
SecFilterSelective THE_REQUEST "/parse_xml\.cgi" "log,pass,id:sid2085,rev:4,msg:'WEB-CGI parse_xml.cgi access'"

# (sid 2115) WEB-CGI album.pl access
SecFilter "/album\.pl" "log,pass,id:sid2115,rev:4,msg:'WEB-CGI album.pl access'"

# (sid 2116) WEB-CGI chipcfg.cgi access
SecFilterSelective THE_REQUEST "/chipcfg\.cgi" "log,pass,id:sid2116,rev:5,msg:'WEB-CGI chipcfg.cgi access'"

# (sid 2127) WEB-CGI ikonboard.cgi access
SecFilterSelective THE_REQUEST "/ikonboard\.cgi" "log,pass,id:sid2127,rev:1,msg:'WEB-CGI ikonboard.cgi access'"

# (sid 2128) WEB-CGI swsrv.cgi access
SecFilterSelective THE_REQUEST "/swsrv\.cgi" "log,pass,id:sid2128,rev:6,msg:'WEB-CGI swsrv.cgi access'"

# (sid 2194) WEB-CGI CSMailto.cgi access
SecFilterSelective THE_REQUEST "/CSMailto\.cgi" "log,pass,id:sid2194,rev:6,msg:'WEB-CGI CSMailto.cgi access'"

# (sid 2195) WEB-CGI alert.cgi access
SecFilterSelective THE_REQUEST "/alert\.cgi" "log,pass,id:sid2195,rev:6,msg:'WEB-CGI alert.cgi access'"

# (sid 2196) WEB-CGI catgy.cgi access
SecFilterSelective THE_REQUEST "/alert\.cgi" "log,pass,id:sid2196,rev:6,msg:'WEB-CGI catgy.cgi access'"

# (sid 2197) WEB-CGI cvsview2.cgi access
SecFilterSelective THE_REQUEST "/cvsview2\.cgi" "log,pass,id:sid2197,rev:7,msg:'WEB-CGI cvsview2.cgi access'"

# (sid 2198) WEB-CGI cvslog.cgi access
SecFilterSelective THE_REQUEST "/cvslog\.cgi" "log,pass,id:sid2198,rev:6,msg:'WEB-CGI cvslog.cgi access'"

# (sid 2199) WEB-CGI multidiff.cgi access
SecFilterSelective THE_REQUEST "/multidiff\.cgi" "log,pass,id:sid2199,rev:6,msg:'WEB-CGI multidiff.cgi access'"

# (sid 2200) WEB-CGI dnewsweb.cgi access
SecFilterSelective THE_REQUEST "/dnewsweb\.cgi" "log,pass,id:sid2200,rev:6,msg:'WEB-CGI dnewsweb.cgi access'"

# (sid 2201) WEB-CGI download.cgi access
SecFilterSelective THE_REQUEST "/download\.cgi" "log,pass,id:sid2201,rev:5,msg:'WEB-CGI download.cgi access'"

# (sid 2202) WEB-CGI edit_action.cgi access
SecFilterSelective THE_REQUEST "/edit_action\.cgi" "log,pass,id:sid2202,rev:6,msg:'WEB-CGI edit_action.cgi access'"

# (sid 2203) WEB-CGI everythingform.cgi access
SecFilterSelective THE_REQUEST "/everythingform\.cgi" "log,pass,id:sid2203,rev:6,msg:'WEB-CGI everythingform.cgi access'"

# (sid 2204) WEB-CGI ezadmin.cgi access
SecFilterSelective THE_REQUEST "/ezadmin\.cgi" "log,pass,id:sid2204,rev:6,msg:'WEB-CGI ezadmin.cgi access'"

# (sid 2205) WEB-CGI ezboard.cgi access
SecFilterSelective THE_REQUEST "/ezboard\.cgi" "log,pass,id:sid2205,rev:6,msg:'WEB-CGI ezboard.cgi access'"

# (sid 2206) WEB-CGI ezman.cgi access
SecFilterSelective THE_REQUEST "/ezman\.cgi" "log,pass,id:sid2206,rev:6,msg:'WEB-CGI ezman.cgi access'"

# (sid 2207) WEB-CGI fileseek.cgi access
SecFilterSelective THE_REQUEST "/fileseek\.cgi" "log,pass,id:sid2207,rev:6,msg:'WEB-CGI fileseek.cgi access'"

# (sid 2208) WEB-CGI fom.cgi access
SecFilterSelective THE_REQUEST "/fom\.cgi" "log,pass,id:sid2208,rev:5,msg:'WEB-CGI fom.cgi access'"

# (sid 2209) WEB-CGI getdoc.cgi access
SecFilterSelective THE_REQUEST "/getdoc\.cgi" "log,pass,id:sid2209,rev:7,msg:'WEB-CGI getdoc.cgi access'"

# (sid 2210) WEB-CGI global.cgi access
SecFilterSelective THE_REQUEST "/global\.cgi" "log,pass,id:sid2210,rev:5,msg:'WEB-CGI global.cgi access'"

# (sid 2211) WEB-CGI guestserver.cgi access
SecFilterSelective THE_REQUEST "/guestserver\.cgi" "log,pass,id:sid2211,rev:5,msg:'WEB-CGI guestserver.cgi access'"

# (sid 2212) WEB-CGI imageFolio.cgi access
SecFilterSelective THE_REQUEST "/imageFolio\.cgi" "log,pass,id:sid2212,rev:6,msg:'WEB-CGI imageFolio.cgi access'"

# (sid 2213) WEB-CGI mailfile.cgi access
SecFilterSelective THE_REQUEST "/mailfile\.cgi" "log,pass,id:sid2213,rev:6,msg:'WEB-CGI mailfile.cgi access'"

# (sid 2214) WEB-CGI mailview.cgi access
SecFilterSelective THE_REQUEST "/mailview\.cgi" "log,pass,id:sid2214,rev:6,msg:'WEB-CGI mailview.cgi access'"

# (sid 2215) WEB-CGI nsManager.cgi access
SecFilterSelective THE_REQUEST "/nsManager\.cgi" "log,pass,id:sid2215,rev:6,msg:'WEB-CGI nsManager.cgi access'"

# (sid 2216) WEB-CGI readmail.cgi access
SecFilterSelective THE_REQUEST "/readmail\.cgi" "log,pass,id:sid2216,rev:6,msg:'WEB-CGI readmail.cgi access'"

# (sid 2217) WEB-CGI printmail.cgi access
SecFilterSelective THE_REQUEST "/printmail\.cgi" "log,pass,id:sid2217,rev:6,msg:'WEB-CGI printmail.cgi access'"

# (sid 2218) WEB-CGI service.cgi access
SecFilterSelective THE_REQUEST "/service\.cgi" "log,pass,id:sid2218,rev:6,msg:'WEB-CGI service.cgi access'"

# (sid 2219) WEB-CGI setpasswd.cgi access
SecFilterSelective THE_REQUEST "/setpasswd\.cgi" "log,pass,id:sid2219,rev:6,msg:'WEB-CGI setpasswd.cgi access'"

# (sid 2220) WEB-CGI simplestmail.cgi access
SecFilterSelective THE_REQUEST "/simplestmail\.cgi" "log,pass,id:sid2220,rev:6,msg:'WEB-CGI simplestmail.cgi access'"

# (sid 2221) WEB-CGI ws_mail.cgi access
SecFilterSelective THE_REQUEST "/ws_mail\.cgi" "log,pass,id:sid2221,rev:6,msg:'WEB-CGI ws_mail.cgi access'"

# (sid 2222) WEB-CGI nph-exploitscanget.cgi access
SecFilterSelective THE_REQUEST "/nph-exploitscanget\.cgi" "log,pass,id:sid2222,rev:6,msg:'WEB-CGI nph-exploitscanget.cgi access'"

# (sid 2223) WEB-CGI csNews.cgi access
SecFilterSelective THE_REQUEST "/csNews\.cgi" "log,pass,id:sid2223,rev:5,msg:'WEB-CGI csNews.cgi access'"

# (sid 2224) WEB-CGI psunami.cgi access
SecFilterSelective THE_REQUEST "/psunami\.cgi" "log,pass,id:sid2224,rev:1,msg:'WEB-CGI psunami.cgi access'"

# (sid 2225) WEB-CGI gozila.cgi access
SecFilterSelective THE_REQUEST "/gozila\.cgi" "log,pass,id:sid2225,rev:3,msg:'WEB-CGI gozila.cgi access'"

# (sid 2323) WEB-CGI quickstore.cgi access
SecFilterSelective THE_REQUEST "/quickstore\.cgi" "log,pass,id:sid2323,rev:2,msg:'WEB-CGI quickstore.cgi access'"

# (sid 2387) WEB-CGI view_broadcast.cgi access
SecFilterSelective THE_REQUEST "/view_broadcast\.cgi" "log,pass,id:sid2387,rev:4,msg:'WEB-CGI view_broadcast.cgi access'"

# (sid 2396) WEB-CGI CCBill whereami.cgi arbitrary command execution attempt
SecFilterSelective THE_REQUEST "/whereami\.cgi\?g=" "log,pass,id:sid2396,rev:4,msg:'WEB-CGI CCBill whereami.cgi arbitrary command execution attempt'"

# (sid 2397) WEB-CGI CCBill whereami.cgi access
SecFilterSelective THE_REQUEST "/whereami\.cgi" "log,pass,id:sid2397,rev:4,msg:'WEB-CGI CCBill whereami.cgi access'"

# (sid 2434) WEB-CGI MDaemon form2raw.cgi access
SecFilter "/form2raw\.cgi" "log,pass,id:sid2434,rev:3,msg:'WEB-CGI MDaemon form2raw.cgi access'"

# (sid 2567) WEB-CGI Emumail init.emu access
SecFilterSelective THE_REQUEST "/init\.emu" "log,pass,id:sid2567,rev:3,msg:'WEB-CGI Emumail init.emu access'"

# (sid 2568) WEB-CGI Emumail emumail.fcgi access
SecFilterSelective THE_REQUEST "/emumail\.fcgi" "log,pass,id:sid2568,rev:3,msg:'WEB-CGI Emumail emumail.fcgi access'"

# (sid 2670) WEB-CGI pgpmail.pl access
SecFilterSelective THE_REQUEST "/pgpmail\.pl" "log,pass,id:sid2670,rev:2,msg:'WEB-CGI pgpmail.pl access'"

# (sid 2668) WEB-CGI processit access
SecFilterSelective THE_REQUEST "/processit\.pl" "log,pass,id:sid2668,rev:2,msg:'WEB-CGI processit access'"

# (sid 2663) WEB-CGI WhatsUpGold instancename overflow attempt
SecFilterSelective THE_REQUEST "/_maincfgret\.cgi" "log,pass,id:sid2663,rev:2,msg:'WEB-CGI WhatsUpGold instancename overflow attempt'"

# (sid 2669) WEB-CGI ibillpm.pl access
SecFilterSelective THE_REQUEST "/ibillpm\.pl" "log,pass,id:sid2669,rev:2,msg:'WEB-CGI ibillpm.pl access'"

# (sid 3062) WEB-CGI NetScreen SA 5000 delhomepage.cgi access
SecFilterSelective THE_REQUEST "/delhomepage\.cgi" "log,pass,id:sid3062,rev:1,msg:'WEB-CGI NetScreen SA 5000 delhomepage.cgi access'"

# (sid 3131) WEB-CGI mailman directory traversal attempt
SecFilterSelective THE_REQUEST "\.\.\./" "log,pass,id:sid3131,rev:2,msg:'WEB-CGI mailman directory traversal attempt'"

# (sid 3464) WEB-CGI awstats.pl command execution attempt
SecFilterSelective THE_REQUEST "logfile=" "log,pass,id:sid3464,rev:1,msg:'WEB-CGI awstats.pl command execution attempt'"

# (sid 3468) WEB-CGI math_sum.mscgi access
SecFilterSelective THE_REQUEST "/math_sum\.mscgi" "log,pass,id:sid3468,rev:1,msg:'WEB-CGI math_sum.mscgi access'"

# (sid 3465) WEB-CGI RiSearch show.pl proxy attempt
SecFilterSelective THE_REQUEST "/show\.pl" "id:sid3465,rev:2,msg:'WEB-CGI RiSearch show.pl proxy attempt',chain"
SecFilter "url=" "log,pass"

# (sid 3463) WEB-CGI awstats access
SecFilterSelective THE_REQUEST "/awstats\.pl" "log,pass,id:sid3463,rev:1,msg:'WEB-CGI awstats access'"

# (sid 3638) WEB-CGI SoftCart.exe CGI buffer overflow attempt
SecFilterSelective THE_REQUEST "/SoftCart\.exe" "log,pass,id:sid3638,rev:2,msg:'WEB-CGI SoftCart.exe CGI buffer overflow attempt'"

# (sid 3674) WEB-CGI db4web_c directory traversal attempt
SecFilterSelective THE_REQUEST "/db4web_c" "log,pass,id:sid3674,rev:1,msg:'WEB-CGI db4web_c directory traversal attempt'"

# (sid 3690) WEB-CGI Nucleus CMS action.php itemid SQL injection
SecFilterSelective THE_REQUEST "action\.php" "id:sid3690,rev:1,msg:'WEB-CGI Nucleus CMS action.php itemid SQL injection',chain"
SecFilter "itemid=" "log,pass"

# (sid 3813) WEB-CGI awstats.pl configdir command execution attempt
SecFilterSelective THE_REQUEST "configdir=" "log,pass,id:sid3813,rev:1,msg:'WEB-CGI awstats.pl configdir command execution attempt'"

# (sid 1233) WEB-CLIENT Outlook EML access
SecFilterSelective THE_REQUEST "\.eml" "log,pass,id:sid1233,rev:11,msg:'WEB-CLIENT Outlook EML access'"

# (sid 2435) WEB-CLIENT Microsoft emf metafile access
SecFilterSelective THE_REQUEST "\.emf" "log,pass,id:sid2435,rev:5,msg:'WEB-CLIENT Microsoft emf metafile access'"

# (sid 2436) WEB-CLIENT Microsoft wmf metafile access
SecFilterSelective THE_REQUEST "\.wmf" "log,pass,id:sid2436,rev:5,msg:'WEB-CLIENT Microsoft wmf metafile access'"

# (sid 1284) WEB-CLIENT readme.eml download attempt
SecFilterSelective THE_REQUEST "/readme\.eml" "log,pass,id:sid1284,rev:10,msg:'WEB-CLIENT readme.eml download attempt'"

# (sid 2485) WEB-CLIENT Norton antivirus sysmspam.dll load attempt
SecFilter "0534CF61-83C5-4765-B19B-45F7A4E135D0" "log,pass,id:sid2485,rev:5,msg:'WEB-CLIENT Norton antivirus sysmspam.dll load attempt'"

# (sid 2673) WEB-CLIENT libpng tRNS overflow attempt
SecFilter "tRNS" "log,pass,id:sid2673,rev:4,msg:'WEB-CLIENT libpng tRNS overflow attempt'"

# (sid 2671) WEB-CLIENT bitmap BitmapOffset integer overflow attempt
SecFilter "image/bmp" "log,pass,id:sid2671,rev:4,msg:'WEB-CLIENT bitmap BitmapOffset integer overflow attempt'"

# (sid 3079) WEB-CLIENT Microsoft ANI file parsing overflow
SecFilter "anih" "log,pass,id:sid3079,rev:3,msg:'WEB-CLIENT Microsoft ANI file parsing overflow'"

# (sid 3088) WEB-CLIENT winamp .cda file name overflow attempt
SecFilter "\.cda" "log,pass,id:sid3088,rev:1,msg:'WEB-CLIENT winamp .cda file name overflow attempt'"

# (sid 3132) WEB-CLIENT PNG large image width download attempt
SecFilter "IHDR" "log,pass,id:sid3132,rev:3,msg:'WEB-CLIENT PNG large image width download attempt'"

# (sid 3134) WEB-CLIENT PNG large colour depth download attempt
SecFilter "IHDR" "log,pass,id:sid3134,rev:3,msg:'WEB-CLIENT PNG large colour depth download attempt'"

# (sid 3133) WEB-CLIENT PNG large image height download attempt
SecFilter "IHDR" "log,pass,id:sid3133,rev:4,msg:'WEB-CLIENT PNG large image height download attempt'"

# (sid 3149) WEB-CLIENT object type overflow attempt
SecFilter "<OBJECT" "log,pass,id:sid3149,rev:3,msg:'WEB-CLIENT object type overflow attempt'"

# (sid 3148) WEB-CLIENT winhelp clsid attempt
SecFilter "adb880a6-d8ff-11cf-9377-00aa003b7a11" "log,pass,id:sid3148,rev:4,msg:'WEB-CLIENT winhelp clsid attempt'"

# (sid 3470) WEB-CLIENT RealPlayer VIDORV30 header length buffer overflow
SecFilter "VIDORV30" "log,pass,id:sid3470,rev:1,msg:'WEB-CLIENT RealPlayer VIDORV30 header length buffer overflow'"

# (sid 3471) WEB-CLIENT iTunes playlist URL overflow attempt
SecFilter "\[playlist\]" "log,pass,id:sid3471,rev:2,msg:'WEB-CLIENT iTunes playlist URL overflow attempt'"

# (sid 3535) WEB-CLIENT GIF transfer
SecFilter "image/" "log,pass,id:sid3535,rev:1,msg:'WEB-CLIENT GIF transfer'"

# (sid 3549) WEB-CLIENT HTML DOM invalid element creation attempt
SecFilter "create" "log,pass,id:sid3549,rev:5,msg:'WEB-CLIENT HTML DOM invalid element creation attempt'"

# (sid 3553) WEB-CLIENT HTML DOM null element insertion attempt
SecFilter "NULL" "log,pass,id:sid3553,rev:2,msg:'WEB-CLIENT HTML DOM null element insertion attempt'"

# (sid 3551) WEB-CLIENT .hta download attempt
SecFilterSelective THE_REQUEST "\.hta" "log,pass,id:sid3551,rev:1,msg:'WEB-CLIENT .hta download attempt'"

# (sid 3633) WEB-CLIENT bitmap transfer
SecFilter "image/bmp" "log,pass,id:sid3633,rev:1,msg:'WEB-CLIENT bitmap transfer'"

# (sid 3634) WEB-CLIENT Mozilla bitmap width integer overflow multipacket attempt
SecFilter "BM" "log,pass,id:sid3634,rev:2,msg:'WEB-CLIENT Mozilla bitmap width integer overflow multipacket attempt'"

# (sid 3632) WEB-CLIENT Mozilla bitmap width integer overflow attempt
SecFilter "BM" "log,pass,id:sid3632,rev:2,msg:'WEB-CLIENT Mozilla bitmap width integer overflow attempt'"

# (sid 3679) WEB-CLIENT Firefox IFRAME src javascript code execution
SecFilter "IFRAME" "log,pass,id:sid3679,rev:1,msg:'WEB-CLIENT Firefox IFRAME src javascript code execution'"

# (sid 3686) WEB-CLIENT Internet Explorer Content Advisor attempted overflow
SecFilter "PICS-version" "log,pass,id:sid3686,rev:1,msg:'WEB-CLIENT Internet Explorer Content Advisor attempted overflow'"

# (sid 3685) WEB-CLIENT bitmap BitmapOffset multipacket integer overflow attempt
SecFilter "BM" "log,pass,id:sid3685,rev:1,msg:'WEB-CLIENT bitmap BitmapOffset multipacket integer overflow attempt'"

# (sid 3684) WEB-CLIENT Bitmap Transfer
SecFilter "image/bmp" "log,pass,id:sid3684,rev:1,msg:'WEB-CLIENT Bitmap Transfer'"

# (sid 3689) WEB-CLIENT Internet Explorer tRNS overflow attempt
SecFilter "tRNS" "log,pass,id:sid3689,rev:2,msg:'WEB-CLIENT Internet Explorer tRNS overflow attempt'"

# (sid 3814) WEB-CLIENT IE javaprxy.dll COM access
SecFilter "03D9F3F2-B0E3-11D2-B081-006008039BF0" "log,pass,id:sid3814,rev:1,msg:'WEB-CLIENT IE javaprxy.dll COM access'"

# (sid 3820) WEB-CLIENT multipacket CHM file transfer attempt
SecFilter "ITSF" "log,pass,id:sid3820,rev:1,msg:'WEB-CLIENT multipacket CHM file transfer attempt'"

# (sid 3819) WEB-CLIENT multipacket CHM file transfer start
SecFilter "text/plain" "log,pass,id:sid3819,rev:1,msg:'WEB-CLIENT multipacket CHM file transfer start'"

# (sid 3821) WEB-CLIENT CHM file transfer attempt
SecFilter "text/plain" "log,pass,id:sid3821,rev:1,msg:'WEB-CLIENT CHM file transfer attempt'"

# (sid 903) WEB-COLDFUSION cfcache.map access
SecFilterSelective THE_REQUEST "/cfcache\.map" "log,pass,id:sid903,rev:7,msg:'WEB-COLDFUSION cfcache.map access'"

# (sid 904) WEB-COLDFUSION exampleapp application.cfm
SecFilterSelective THE_REQUEST "/cfdocs/exampleapp/email/application\.cfm" "log,pass,id:sid904,rev:7,msg:'WEB-COLDFUSION exampleapp application.cfm'"

# (sid 905) WEB-COLDFUSION application.cfm access
SecFilterSelective THE_REQUEST "/cfdocs/exampleapp/publish/admin/application\.cfm" "log,pass,id:sid905,rev:7,msg:'WEB-COLDFUSION application.cfm access'"

# (sid 906) WEB-COLDFUSION getfile.cfm access
SecFilterSelective THE_REQUEST "/cfdocs/exampleapp/email/getfile\.cfm" "log,pass,id:sid906,rev:7,msg:'WEB-COLDFUSION getfile.cfm access'"

# (sid 907) WEB-COLDFUSION addcontent.cfm access
SecFilterSelective THE_REQUEST "/cfdocs/exampleapp/publish/admin/addcontent\.cfm" "log,pass,id:sid907,rev:5,msg:'WEB-COLDFUSION addcontent.cfm access'"

# (sid 908) WEB-COLDFUSION administrator access
SecFilterSelective THE_REQUEST "/cfide/administrator/index\.cfm" "log,pass,id:sid908,rev:8,msg:'WEB-COLDFUSION administrator access'"

# (sid 910) WEB-COLDFUSION fileexists.cfm access
SecFilterSelective THE_REQUEST "/cfdocs/snippets/fileexists\.cfm" "log,pass,id:sid910,rev:5,msg:'WEB-COLDFUSION fileexists.cfm access'"

# (sid 911) WEB-COLDFUSION exprcalc access
SecFilterSelective THE_REQUEST "/cfdocs/expeval/exprcalc\.cfm" "log,pass,id:sid911,rev:7,msg:'WEB-COLDFUSION exprcalc access'"

# (sid 912) WEB-COLDFUSION parks access
SecFilterSelective THE_REQUEST "/cfdocs/examples/parks/detail\.cfm" "log,pass,id:sid912,rev:5,msg:'WEB-COLDFUSION parks access'"

# (sid 913) WEB-COLDFUSION cfappman access
SecFilterSelective THE_REQUEST "/cfappman/index\.cfm" "log,pass,id:sid913,rev:5,msg:'WEB-COLDFUSION cfappman access'"

# (sid 914) WEB-COLDFUSION beaninfo access
SecFilterSelective THE_REQUEST "/cfdocs/examples/cvbeans/beaninfo\.cfm" "log,pass,id:sid914,rev:5,msg:'WEB-COLDFUSION beaninfo access'"

# (sid 915) WEB-COLDFUSION evaluate.cfm access
SecFilterSelective THE_REQUEST "/cfdocs/snippets/evaluate\.cfm" "log,pass,id:sid915,rev:5,msg:'WEB-COLDFUSION evaluate.cfm access'"

# (sid 918) WEB-COLDFUSION expeval access
SecFilterSelective THE_REQUEST "/cfdocs/expeval/" "log,pass,id:sid918,rev:6,msg:'WEB-COLDFUSION expeval access'"

# (sid 922) WEB-COLDFUSION displayfile access
SecFilterSelective THE_REQUEST "/cfdocs/expeval/displayopenedfile\.cfm" "log,pass,id:sid922,rev:6,msg:'WEB-COLDFUSION displayfile access'"

# (sid 925) WEB-COLDFUSION mainframeset access
SecFilterSelective THE_REQUEST "/cfdocs/examples/mainframeset\.cfm" "log,pass,id:sid925,rev:5,msg:'WEB-COLDFUSION mainframeset access'"

# (sid 928) WEB-COLDFUSION exampleapp access
SecFilterSelective THE_REQUEST "/cfdocs/exampleapp/" "log,pass,id:sid928,rev:5,msg:'WEB-COLDFUSION exampleapp access'"

# (sid 930) WEB-COLDFUSION snippets attempt
SecFilterSelective THE_REQUEST "/cfdocs/snippets/" "log,pass,id:sid930,rev:5,msg:'WEB-COLDFUSION snippets attempt'"

# (sid 931) WEB-COLDFUSION cfmlsyntaxcheck.cfm access
SecFilterSelective THE_REQUEST "/cfdocs/cfmlsyntaxcheck\.cfm" "log,pass,id:sid931,rev:6,msg:'WEB-COLDFUSION cfmlsyntaxcheck.cfm access'"

# (sid 932) WEB-COLDFUSION application.cfm access
SecFilterSelective THE_REQUEST "/application\.cfm" "log,pass,id:sid932,rev:7,msg:'WEB-COLDFUSION application.cfm access'"

# (sid 933) WEB-COLDFUSION onrequestend.cfm access
SecFilterSelective THE_REQUEST "/onrequestend\.cfm" "log,pass,id:sid933,rev:7,msg:'WEB-COLDFUSION onrequestend.cfm access'"

# (sid 935) WEB-COLDFUSION startstop DOS access
SecFilterSelective THE_REQUEST "/cfide/administrator/startstop\.html" "log,pass,id:sid935,rev:6,msg:'WEB-COLDFUSION startstop DOS access'"

# (sid 936) WEB-COLDFUSION gettempdirectory.cfm access 
SecFilterSelective THE_REQUEST "/cfdocs/snippets/gettempdirectory\.cfm" "log,pass,id:sid936,rev:5,msg:'WEB-COLDFUSION gettempdirectory.cfm access '"

# (sid 1659) WEB-COLDFUSION sendmail.cfm access
SecFilterSelective THE_REQUEST "/sendmail\.cfm" "log,pass,id:sid1659,rev:3,msg:'WEB-COLDFUSION sendmail.cfm access'"

# (sid 1540) WEB-COLDFUSION ?Mode=debug attempt
SecFilterSelective THE_REQUEST "Mode=debug" "log,pass,id:sid1540,rev:7,msg:'WEB-COLDFUSION ?Mode=debug attempt'"

# (sid 1248) WEB-FRONTPAGE rad fp30reg.dll access
SecFilterSelective THE_REQUEST "/fp30reg\.dll" "log,pass,id:sid1248,rev:13,msg:'WEB-FRONTPAGE rad fp30reg.dll access'"

# (sid 1249) WEB-FRONTPAGE frontpage rad fp4areg.dll access
SecFilterSelective THE_REQUEST "/fp4areg\.dll" "log,pass,id:sid1249,rev:10,msg:'WEB-FRONTPAGE frontpage rad fp4areg.dll access'"

# (sid 937) WEB-FRONTPAGE _vti_rpc access
SecFilterSelective THE_REQUEST "/_vti_rpc" "log,pass,id:sid937,rev:10,msg:'WEB-FRONTPAGE _vti_rpc access'"

# (sid 939) WEB-FRONTPAGE posting
SecFilterSelective THE_REQUEST "/author\.dll" "id:sid939,rev:11,msg:'WEB-FRONTPAGE posting',chain"
SecFilter "POST" "log,pass"

# (sid 940) WEB-FRONTPAGE shtml.dll access
SecFilterSelective THE_REQUEST "/_vti_bin/shtml\.dll" "log,pass,id:sid940,rev:15,msg:'WEB-FRONTPAGE shtml.dll access'"

# (sid 941) WEB-FRONTPAGE contents.htm access
SecFilterSelective THE_REQUEST "/admcgi/contents\.htm" "log,pass,id:sid941,rev:6,msg:'WEB-FRONTPAGE contents.htm access'"

# (sid 942) WEB-FRONTPAGE orders.htm access
SecFilterSelective THE_REQUEST "/_private/orders\.htm" "log,pass,id:sid942,rev:6,msg:'WEB-FRONTPAGE orders.htm access'"

# (sid 943) WEB-FRONTPAGE fpsrvadm.exe access
SecFilterSelective THE_REQUEST "/fpsrvadm\.exe" "log,pass,id:sid943,rev:6,msg:'WEB-FRONTPAGE fpsrvadm.exe access'"

# (sid 944) WEB-FRONTPAGE fpremadm.exe access
SecFilterSelective THE_REQUEST "/fpremadm\.exe" "log,pass,id:sid944,rev:6,msg:'WEB-FRONTPAGE fpremadm.exe access'"

# (sid 945) WEB-FRONTPAGE fpadmin.htm access
SecFilterSelective THE_REQUEST "/admisapi/fpadmin\.htm" "log,pass,id:sid945,rev:6,msg:'WEB-FRONTPAGE fpadmin.htm access'"

# (sid 946) WEB-FRONTPAGE fpadmcgi.exe access
SecFilterSelective THE_REQUEST "/scripts/Fpadmcgi\.exe" "log,pass,id:sid946,rev:6,msg:'WEB-FRONTPAGE fpadmcgi.exe access'"

# (sid 947) WEB-FRONTPAGE orders.txt access
SecFilterSelective THE_REQUEST "/_private/orders\.txt" "log,pass,id:sid947,rev:6,msg:'WEB-FRONTPAGE orders.txt access'"

# (sid 948) WEB-FRONTPAGE form_results access
SecFilterSelective THE_REQUEST "/_private/form_results\.txt" "log,pass,id:sid948,rev:8,msg:'WEB-FRONTPAGE form_results access'"

# (sid 949) WEB-FRONTPAGE registrations.htm access
SecFilterSelective THE_REQUEST "/_private/registrations\.htm" "log,pass,id:sid949,rev:6,msg:'WEB-FRONTPAGE registrations.htm access'"

# (sid 950) WEB-FRONTPAGE cfgwiz.exe access
SecFilterSelective THE_REQUEST "/cfgwiz\.exe" "log,pass,id:sid950,rev:7,msg:'WEB-FRONTPAGE cfgwiz.exe access'"

# (sid 951) WEB-FRONTPAGE authors.pwd access
SecFilterSelective THE_REQUEST "/authors\.pwd" "log,pass,id:sid951,rev:10,msg:'WEB-FRONTPAGE authors.pwd access'"

# (sid 952) WEB-FRONTPAGE author.exe access
SecFilterSelective THE_REQUEST "/_vti_bin/_vti_aut/author\.exe" "log,pass,id:sid952,rev:6,msg:'WEB-FRONTPAGE author.exe access'"

# (sid 953) WEB-FRONTPAGE administrators.pwd access
SecFilterSelective THE_REQUEST "/administrators\.pwd" "log,pass,id:sid953,rev:7,msg:'WEB-FRONTPAGE administrators.pwd access'"

# (sid 954) WEB-FRONTPAGE form_results.htm access
SecFilterSelective THE_REQUEST "/_private/form_results\.htm" "log,pass,id:sid954,rev:8,msg:'WEB-FRONTPAGE form_results.htm access'"

# (sid 955) WEB-FRONTPAGE access.cnf access
SecFilterSelective THE_REQUEST "/_vti_pvt/access\.cnf" "log,pass,id:sid955,rev:10,msg:'WEB-FRONTPAGE access.cnf access'"

# (sid 956) WEB-FRONTPAGE register.txt access
SecFilterSelective THE_REQUEST "/_private/register\.txt" "log,pass,id:sid956,rev:6,msg:'WEB-FRONTPAGE register.txt access'"

# (sid 957) WEB-FRONTPAGE registrations.txt access
SecFilterSelective THE_REQUEST "/_private/registrations\.txt" "log,pass,id:sid957,rev:6,msg:'WEB-FRONTPAGE registrations.txt access'"

# (sid 958) WEB-FRONTPAGE service.cnf access
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.cnf" "log,pass,id:sid958,rev:9,msg:'WEB-FRONTPAGE service.cnf access'"

# (sid 959) WEB-FRONTPAGE service.pwd
SecFilterSelective THE_REQUEST "/service\.pwd" "log,pass,id:sid959,rev:6,msg:'WEB-FRONTPAGE service.pwd'"

# (sid 960) WEB-FRONTPAGE service.stp access
SecFilterSelective THE_REQUEST "/_vti_pvt/service\.stp" "log,pass,id:sid960,rev:6,msg:'WEB-FRONTPAGE service.stp access'"

# (sid 961) WEB-FRONTPAGE services.cnf access
SecFilterSelective THE_REQUEST "/_vti_pvt/services\.cnf" "log,pass,id:sid961,rev:9,msg:'WEB-FRONTPAGE services.cnf access'"

# (sid 962) WEB-FRONTPAGE shtml.exe access
SecFilterSelective THE_REQUEST "/_vti_bin/shtml\.exe" "log,pass,id:sid962,rev:13,msg:'WEB-FRONTPAGE shtml.exe access'"

# (sid 963) WEB-FRONTPAGE svcacl.cnf access
SecFilterSelective THE_REQUEST "/_vti_pvt/svcacl\.cnf" "log,pass,id:sid963,rev:9,msg:'WEB-FRONTPAGE svcacl.cnf access'"

# (sid 964) WEB-FRONTPAGE users.pwd access
SecFilterSelective THE_REQUEST "/users\.pwd" "log,pass,id:sid964,rev:6,msg:'WEB-FRONTPAGE users.pwd access'"

# (sid 965) WEB-FRONTPAGE writeto.cnf access
SecFilterSelective THE_REQUEST "/_vti_pvt/writeto\.cnf" "log,pass,id:sid965,rev:9,msg:'WEB-FRONTPAGE writeto.cnf access'"

# (sid 966) WEB-FRONTPAGE .... request
SecFilterSelective THE_REQUEST "\.\.\.\./" "log,pass,id:sid966,rev:11,msg:'WEB-FRONTPAGE .... request'"

# (sid 967) WEB-FRONTPAGE dvwssr.dll access
SecFilterSelective THE_REQUEST "/dvwssr\.dll" "log,pass,id:sid967,rev:11,msg:'WEB-FRONTPAGE dvwssr.dll access'"

# (sid 968) WEB-FRONTPAGE register.htm access
SecFilterSelective THE_REQUEST "/_private/register\.htm" "log,pass,id:sid968,rev:6,msg:'WEB-FRONTPAGE register.htm access'"

# (sid 1288) WEB-FRONTPAGE /_vti_bin/ access
SecFilterSelective THE_REQUEST "/_vti_bin/" "log,pass,id:sid1288,rev:8,msg:'WEB-FRONTPAGE /_vti_bin/ access'"

# (sid 990) WEB-FRONTPAGE _vti_inf.html access
SecFilterSelective THE_REQUEST "/_vti_inf\.html" "log,pass,id:sid990,rev:9,msg:'WEB-FRONTPAGE _vti_inf.html access'"

# (sid 1076) WEB-IIS repost.asp access
SecFilterSelective THE_REQUEST "/scripts/repost\.asp" "log,pass,id:sid1076,rev:6,msg:'WEB-IIS repost.asp access'"

# (sid 1806) WEB-IIS .htr chunked Transfer-Encoding
SecFilterSelective THE_REQUEST "\.htr" "id:sid1806,rev:9,msg:'WEB-IIS .htr chunked Transfer-Encoding',chain"
SecFilter "chunked" "log,pass"

# (sid 1618) WEB-IIS .asp chunked Transfer-Encoding
SecFilterSelective THE_REQUEST "\.asp" "id:sid1618,rev:16,msg:'WEB-IIS .asp chunked Transfer-Encoding',chain"
SecFilter "chunked" "log,pass"

# (sid 1626) WEB-IIS /StoreCSVS/InstantOrder.asmx request
SecFilterSelective THE_REQUEST "/StoreCSVS/InstantOrder\.asmx" "log,pass,id:sid1626,rev:4,msg:'WEB-IIS /StoreCSVS/InstantOrder.asmx request'"

# (sid 1750) WEB-IIS users.xml access
SecFilterSelective THE_REQUEST "/users\.xml" "log,pass,id:sid1750,rev:3,msg:'WEB-IIS users.xml access'"

# (sid 1753) WEB-IIS as_web.exe access
SecFilterSelective THE_REQUEST "/as_web\.exe" "log,pass,id:sid1753,rev:2,msg:'WEB-IIS as_web.exe access'"

# (sid 1754) WEB-IIS as_web4.exe access
SecFilterSelective THE_REQUEST "/as_web4\.exe" "log,pass,id:sid1754,rev:2,msg:'WEB-IIS as_web4.exe access'"

# (sid 1756) WEB-IIS NewsPro administration authentication attempt
SecFilter "logged,true" "log,pass,id:sid1756,rev:4,msg:'WEB-IIS NewsPro administration authentication attempt'"

# (sid 1772) WEB-IIS pbserver access
SecFilterSelective THE_REQUEST "/pbserver/pbserver\.dll" "log,pass,id:sid1772,rev:5,msg:'WEB-IIS pbserver access'"

# (sid 1660) WEB-IIS trace.axd access
SecFilterSelective THE_REQUEST "/trace\.axd" "log,pass,id:sid1660,rev:6,msg:'WEB-IIS trace.axd access'"

# (sid 1484) WEB-IIS /isapi/tstisapi.dll access
SecFilterSelective THE_REQUEST "/isapi/tstisapi\.dll" "log,pass,id:sid1484,rev:5,msg:'WEB-IIS /isapi/tstisapi.dll access'"

# (sid 1485) WEB-IIS mkilog.exe access
SecFilterSelective THE_REQUEST "/mkilog\.exe" "log,pass,id:sid1485,rev:7,msg:'WEB-IIS mkilog.exe access'"

# (sid 1486) WEB-IIS ctss.idc access
SecFilterSelective THE_REQUEST "/ctss\.idc" "log,pass,id:sid1486,rev:6,msg:'WEB-IIS ctss.idc access'"

# (sid 1487) WEB-IIS /iisadmpwd/aexp2.htr access
SecFilterSelective THE_REQUEST "/iisadmpwd/aexp2\.htr" "log,pass,id:sid1487,rev:10,msg:'WEB-IIS /iisadmpwd/aexp2.htr access'"

# (sid 969) WEB-IIS WebDAV file lock attempt
SecFilter "LOCK " "log,pass,id:sid969,rev:5,msg:'WEB-IIS WebDAV file lock attempt'"

# (sid 971) WEB-IIS ISAPI .printer access
SecFilterSelective THE_REQUEST "\.printer" "log,pass,id:sid971,rev:10,msg:'WEB-IIS ISAPI .printer access'"

# (sid 1243) WEB-IIS ISAPI .ida attempt
SecFilterSelective THE_REQUEST "\.ida\?" "log,pass,id:sid1243,rev:11,msg:'WEB-IIS ISAPI .ida attempt'"

# (sid 1242) WEB-IIS ISAPI .ida access
SecFilterSelective THE_REQUEST "\.ida" "log,pass,id:sid1242,rev:10,msg:'WEB-IIS ISAPI .ida access'"

# (sid 1244) WEB-IIS ISAPI .idq attempt
SecFilterSelective THE_REQUEST "\.idq\?" "log,pass,id:sid1244,rev:14,msg:'WEB-IIS ISAPI .idq attempt'"

# (sid 1245) WEB-IIS ISAPI .idq access
SecFilterSelective THE_REQUEST "\.idq" "log,pass,id:sid1245,rev:10,msg:'WEB-IIS ISAPI .idq access'"

# (sid 972) WEB-IIS %2E-asp access
SecFilter "\x2easp" "log,pass,id:sid972,rev:8,msg:'WEB-IIS %2E-asp access'"

# (sid 973) WEB-IIS *.idc attempt
SecFilterSelective THE_REQUEST "/*\.idc" "log,pass,id:sid973,rev:10,msg:'WEB-IIS *.idc attempt'"

# (sid 976) WEB-IIS .bat? access
SecFilterSelective THE_REQUEST "\.bat\?" "log,pass,id:sid976,rev:10,msg:'WEB-IIS .bat? access'"

# (sid 977) WEB-IIS .cnf access
SecFilterSelective THE_REQUEST "\.cnf" "log,pass,id:sid977,rev:11,msg:'WEB-IIS .cnf access'"

# (sid 978) WEB-IIS ASP contents view
SecFilter "&CiHiliteType=Full" "log,pass,id:sid978,rev:12,msg:'WEB-IIS ASP contents view'"

# (sid 979) WEB-IIS ASP contents view
SecFilterSelective THE_REQUEST "\.htw\?CiWebHitsFile" "log,pass,id:sid979,rev:10,msg:'WEB-IIS ASP contents view'"

# (sid 980) WEB-IIS CGImail.exe access
SecFilterSelective THE_REQUEST "/scripts/CGImail\.exe" "log,pass,id:sid980,rev:7,msg:'WEB-IIS CGImail.exe access'"

# (sid 986) WEB-IIS MSProxy access
SecFilterSelective THE_REQUEST "/scripts/proxy/w3proxy\.dll" "log,pass,id:sid986,rev:8,msg:'WEB-IIS MSProxy access'"

# (sid 1725) WEB-IIS +.htr code fragment attempt
SecFilterSelective THE_REQUEST "\+\.htr" "log,pass,id:sid1725,rev:9,msg:'WEB-IIS +.htr code fragment attempt'"

# (sid 987) WEB-IIS .htr access
SecFilterSelective THE_REQUEST "\.htr" "log,pass,id:sid987,rev:14,msg:'WEB-IIS .htr access'"

# (sid 988) WEB-IIS SAM Attempt
SecFilter "sam\._" "log,pass,id:sid988,rev:7,msg:'WEB-IIS SAM Attempt'"

# (sid 991) WEB-IIS achg.htr access
SecFilterSelective THE_REQUEST "/iisadmpwd/achg\.htr" "log,pass,id:sid991,rev:8,msg:'WEB-IIS achg.htr access'"

# (sid 994) WEB-IIS /scripts/iisadmin/default.htm access
SecFilterSelective THE_REQUEST "/scripts/iisadmin/default\.htm" "log,pass,id:sid994,rev:7,msg:'WEB-IIS /scripts/iisadmin/default.htm access'"

# (sid 995) WEB-IIS ism.dll access
SecFilterSelective THE_REQUEST "/scripts/iisadmin/ism\.dll\?http/dir" "log,pass,id:sid995,rev:10,msg:'WEB-IIS ism.dll access'"

# (sid 996) WEB-IIS anot.htr access
SecFilterSelective THE_REQUEST "/iisadmpwd/anot" "log,pass,id:sid996,rev:8,msg:'WEB-IIS anot.htr access'"

# (sid 997) WEB-IIS asp-dot attempt
SecFilterSelective THE_REQUEST "\.asp\." "log,pass,id:sid997,rev:9,msg:'WEB-IIS asp-dot attempt'"

# (sid 1000) WEB-IIS bdir.htr access
SecFilterSelective THE_REQUEST "/bdir\.htr" "log,pass,id:sid1000,rev:11,msg:'WEB-IIS bdir.htr access'"

# (sid 1661) WEB-IIS cmd32.exe access
SecFilter "cmd32\.exe" "log,pass,id:sid1661,rev:4,msg:'WEB-IIS cmd32.exe access'"

# (sid 1002) WEB-IIS cmd.exe access
SecFilterSelective THE_REQUEST "cmd\.exe" "log,pass,id:sid1002,rev:7,msg:'WEB-IIS cmd.exe access'"

# (sid 1003) WEB-IIS cmd? access
SecFilter "\.cmd\?&" "log,pass,id:sid1003,rev:7,msg:'WEB-IIS cmd? access'"

# (sid 1007) WEB-IIS cross-site scripting attempt
SecFilterSelective THE_REQUEST "/Form_JScript\.asp" "log,pass,id:sid1007,rev:10,msg:'WEB-IIS cross-site scripting attempt'"

# (sid 1380) WEB-IIS cross-site scripting attempt
SecFilterSelective THE_REQUEST "/Form_VBScript\.asp" "log,pass,id:sid1380,rev:7,msg:'WEB-IIS cross-site scripting attempt'"

# (sid 1009) WEB-IIS directory listing
SecFilterSelective THE_REQUEST "/ServerVariables_Jscript\.asp" "log,pass,id:sid1009,rev:6,msg:'WEB-IIS directory listing'"

# (sid 1010) WEB-IIS encoding access
SecFilter "%1u" "log,pass,id:sid1010,rev:10,msg:'WEB-IIS encoding access'"

# (sid 1012) WEB-IIS fpcount attempt
SecFilterSelective THE_REQUEST "/fpcount\.exe" "id:sid1012,rev:10,msg:'WEB-IIS fpcount attempt',chain"
SecFilter "Digits=" "log,pass"

# (sid 1013) WEB-IIS fpcount access
SecFilterSelective THE_REQUEST "/fpcount\.exe" "log,pass,id:sid1013,rev:9,msg:'WEB-IIS fpcount access'"

# (sid 1015) WEB-IIS getdrvs.exe access
SecFilterSelective THE_REQUEST "/scripts/tools/getdrvs\.exe" "log,pass,id:sid1015,rev:6,msg:'WEB-IIS getdrvs.exe access'"

# (sid 1016) WEB-IIS global.asa access
SecFilterSelective THE_REQUEST "/global\.asa" "log,pass,id:sid1016,rev:12,msg:'WEB-IIS global.asa access'"

# (sid 1018) WEB-IIS iisadmpwd attempt
SecFilterSelective THE_REQUEST "/iisadmpwd/aexp" "log,pass,id:sid1018,rev:10,msg:'WEB-IIS iisadmpwd attempt'"

# (sid 1019) IIS Malformed Hit-Highlighting Argument File Access Attempt
SecFilterSelective THE_REQUEST "ciHiliteType=Full" "log,pass,id:sid1019,rev:15,msg:'IIS Malformed Hit-Highlighting Argument File Access Attempt'"

# (sid 1021) WEB-IIS ism.dll attempt
SecFilterSelective THE_REQUEST " \.htr" "log,pass,id:sid1021,rev:14,msg:'WEB-IIS ism.dll attempt'"

# (sid 1022) WEB-IIS jet vba access
SecFilterSelective THE_REQUEST "/advworks/equipment/catalog_type\.asp" "log,pass,id:sid1022,rev:8,msg:'WEB-IIS jet vba access'"

# (sid 1023) WEB-IIS msadcs.dll access
SecFilterSelective THE_REQUEST "/msadcs\.dll" "log,pass,id:sid1023,rev:11,msg:'WEB-IIS msadcs.dll access'"

# (sid 1024) WEB-IIS newdsn.exe access
SecFilterSelective THE_REQUEST "/scripts/tools/newdsn\.exe" "log,pass,id:sid1024,rev:8,msg:'WEB-IIS newdsn.exe access'"

# (sid 1025) WEB-IIS perl access
SecFilterSelective THE_REQUEST "/scripts/perl" "log,pass,id:sid1025,rev:6,msg:'WEB-IIS perl access'"

# (sid 1027) WEB-IIS perl-browse space attempt
SecFilterSelective THE_REQUEST " \.pl" "log,pass,id:sid1027,rev:8,msg:'WEB-IIS perl-browse space attempt'"

# (sid 1029) WEB-IIS scripts-browse access
SecFilterSelective THE_REQUEST "/scripts/ " "log,pass,id:sid1029,rev:9,msg:'WEB-IIS scripts-browse access'"

# (sid 1030) WEB-IIS search97.vts access
SecFilterSelective THE_REQUEST "/search97\.vts" "log,pass,id:sid1030,rev:7,msg:'WEB-IIS search97.vts access'"

# (sid 1037) WEB-IIS showcode.asp access
SecFilterSelective THE_REQUEST "/showcode\.asp" "log,pass,id:sid1037,rev:11,msg:'WEB-IIS showcode.asp access'"

# (sid 1038) WEB-IIS site server config access
SecFilterSelective THE_REQUEST "/adsamples/config/site\.csc" "log,pass,id:sid1038,rev:8,msg:'WEB-IIS site server config access'"

# (sid 1039) WEB-IIS srch.htm access
SecFilterSelective THE_REQUEST "/samples/isapi/srch\.htm" "log,pass,id:sid1039,rev:6,msg:'WEB-IIS srch.htm access'"

# (sid 1040) WEB-IIS srchadm access
SecFilterSelective THE_REQUEST "/srchadm" "log,pass,id:sid1040,rev:12,msg:'WEB-IIS srchadm access'"

# (sid 1041) WEB-IIS uploadn.asp access
SecFilterSelective THE_REQUEST "/scripts/uploadn\.asp" "log,pass,id:sid1041,rev:8,msg:'WEB-IIS uploadn.asp access'"

# (sid 1043) WEB-IIS viewcode.asp access
SecFilterSelective THE_REQUEST "/viewcode\.asp" "log,pass,id:sid1043,rev:9,msg:'WEB-IIS viewcode.asp access'"

# (sid 1044) WEB-IIS webhits access
SecFilterSelective THE_REQUEST "\.htw" "log,pass,id:sid1044,rev:8,msg:'WEB-IIS webhits access'"

# (sid 1726) WEB-IIS doctodep.btr access
SecFilterSelective THE_REQUEST "doctodep\.btr" "log,pass,id:sid1726,rev:4,msg:'WEB-IIS doctodep.btr access'"

# (sid 1046) WEB-IIS site/iisamples access
SecFilterSelective THE_REQUEST "/site/iisamples" "log,pass,id:sid1046,rev:8,msg:'WEB-IIS site/iisamples access'"

# (sid 1256) WEB-IIS CodeRed v2 root.exe access
SecFilterSelective THE_REQUEST "/root\.exe" "log,pass,id:sid1256,rev:8,msg:'WEB-IIS CodeRed v2 root.exe access'"

# (sid 1283) WEB-IIS outlook web dos
SecFilterSelective THE_REQUEST "/exchange/LogonFrm\.asp\?" "id:sid1283,rev:9,msg:'WEB-IIS outlook web dos',chain"
SecFilter "%%%" "log,pass"

# (sid 1400) WEB-IIS /scripts/samples/ access
SecFilterSelective THE_REQUEST "/scripts/samples/" "log,pass,id:sid1400,rev:6,msg:'WEB-IIS /scripts/samples/ access'"

# (sid 1401) WEB-IIS /msadc/samples/ access
SecFilterSelective THE_REQUEST "/msadc/samples/" "log,pass,id:sid1401,rev:8,msg:'WEB-IIS /msadc/samples/ access'"

# (sid 1402) WEB-IIS iissamples access
SecFilterSelective THE_REQUEST "/iissamples/" "log,pass,id:sid1402,rev:6,msg:'WEB-IIS iissamples access'"

# (sid 993) WEB-IIS iisadmin access
SecFilterSelective THE_REQUEST "/iisadmin" "log,pass,id:sid993,rev:10,msg:'WEB-IIS iisadmin access'"

# (sid 1285) WEB-IIS msdac access
SecFilterSelective THE_REQUEST "/msdac/" "log,pass,id:sid1285,rev:8,msg:'WEB-IIS msdac access'"

# (sid 1286) WEB-IIS _mem_bin access
SecFilterSelective THE_REQUEST "/_mem_bin/" "log,pass,id:sid1286,rev:8,msg:'WEB-IIS _mem_bin access'"

# (sid 1595) WEB-IIS htimage.exe access
SecFilterSelective THE_REQUEST "/htimage\.exe" "log,pass,id:sid1595,rev:10,msg:'WEB-IIS htimage.exe access'"

# (sid 1817) WEB-IIS MS Site Server default login attempt
SecFilterSelective THE_REQUEST "/SiteServer/Admin/knowledge/persmbr/" "log,pass,id:sid1817,rev:5,msg:'WEB-IIS MS Site Server default login attempt'"

# (sid 1818) WEB-IIS MS Site Server admin attempt
SecFilterSelective THE_REQUEST "/Site Server/Admin/knowledge/persmbr/" "log,pass,id:sid1818,rev:3,msg:'WEB-IIS MS Site Server admin attempt'"

# (sid 1075) WEB-IIS postinfo.asp access
SecFilterSelective THE_REQUEST "/scripts/postinfo\.asp" "log,pass,id:sid1075,rev:9,msg:'WEB-IIS postinfo.asp access'"

# (sid 1567) WEB-IIS /exchange/root.asp attempt
SecFilterSelective THE_REQUEST "/exchange/root\.asp\?acs=anon" "log,pass,id:sid1567,rev:12,msg:'WEB-IIS /exchange/root.asp attempt'"

# (sid 1568) WEB-IIS /exchange/root.asp access
SecFilterSelective THE_REQUEST "/exchange/root\.asp" "log,pass,id:sid1568,rev:11,msg:'WEB-IIS /exchange/root.asp access'"

# (sid 2117) WEB-IIS Battleaxe Forum login.asp access
SecFilterSelective THE_REQUEST "myaccount/login\.asp" "log,pass,id:sid2117,rev:5,msg:'WEB-IIS Battleaxe Forum login.asp access'"

# (sid 2129) WEB-IIS nsiislog.dll access
SecFilterSelective THE_REQUEST "/nsiislog\.dll" "log,pass,id:sid2129,rev:11,msg:'WEB-IIS nsiislog.dll access'"

# (sid 2130) WEB-IIS IISProtect siteadmin.asp access
SecFilterSelective THE_REQUEST "/iisprotect/admin/SiteAdmin\.asp" "log,pass,id:sid2130,rev:5,msg:'WEB-IIS IISProtect siteadmin.asp access'"

# (sid 2157) WEB-IIS IISProtect globaladmin.asp access
SecFilterSelective THE_REQUEST "/iisprotect/admin/GlobalAdmin\.asp" "log,pass,id:sid2157,rev:2,msg:'WEB-IIS IISProtect globaladmin.asp access'"

# (sid 2131) WEB-IIS IISProtect access
SecFilterSelective THE_REQUEST "/iisprotect/admin/" "log,pass,id:sid2131,rev:2,msg:'WEB-IIS IISProtect access'"

# (sid 2132) WEB-IIS Synchrologic Email Accelerator userid list access attempt
SecFilterSelective THE_REQUEST "/en/admin/aggregate\.asp" "log,pass,id:sid2132,rev:2,msg:'WEB-IIS Synchrologic Email Accelerator userid list access attempt'"

# (sid 2133) WEB-IIS MS BizTalk server access
SecFilterSelective THE_REQUEST "/biztalkhttpreceive\.dll" "log,pass,id:sid2133,rev:6,msg:'WEB-IIS MS BizTalk server access'"

# (sid 2134) WEB-IIS register.asp access
SecFilterSelective THE_REQUEST "/register\.asp" "log,pass,id:sid2134,rev:2,msg:'WEB-IIS register.asp access'"

# (sid 2247) WEB-IIS UploadScript11.asp access
SecFilterSelective THE_REQUEST "/UploadScript11\.asp" "log,pass,id:sid2247,rev:3,msg:'WEB-IIS UploadScript11.asp access'"

# (sid 2248) WEB-IIS DirectoryListing.asp access
SecFilterSelective THE_REQUEST "/DirectoryListing\.asp" "log,pass,id:sid2248,rev:3,msg:'WEB-IIS DirectoryListing.asp access'"

# (sid 2249) WEB-IIS /pcadmin/login.asp access
SecFilterSelective THE_REQUEST "/pcadmin/login\.asp" "log,pass,id:sid2249,rev:3,msg:'WEB-IIS /pcadmin/login.asp access'"

# (sid 2321) WEB-IIS foxweb.exe access
SecFilterSelective THE_REQUEST "/foxweb\.exe" "log,pass,id:sid2321,rev:1,msg:'WEB-IIS foxweb.exe access'"

# (sid 2322) WEB-IIS foxweb.dll access
SecFilterSelective THE_REQUEST "/foxweb\.dll" "log,pass,id:sid2322,rev:1,msg:'WEB-IIS foxweb.dll access'"

# (sid 2324) WEB-IIS VP-ASP shopsearch.asp access
SecFilterSelective THE_REQUEST "/shopsearch\.asp" "log,pass,id:sid2324,rev:2,msg:'WEB-IIS VP-ASP shopsearch.asp access'"

# (sid 2325) WEB-IIS VP-ASP ShopDisplayProducts.asp access
SecFilterSelective THE_REQUEST "/ShopDisplayProducts\.asp" "log,pass,id:sid2325,rev:2,msg:'WEB-IIS VP-ASP ShopDisplayProducts.asp access'"

# (sid 2326) WEB-IIS sgdynamo.exe access
SecFilterSelective THE_REQUEST "/sgdynamo\.exe" "log,pass,id:sid2326,rev:3,msg:'WEB-IIS sgdynamo.exe access'"

# (sid 2571) WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access
SecFilterSelective THE_REQUEST "/frmGetAttachment\.aspx" "log,pass,id:sid2571,rev:2,msg:'WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access'"

# (sid 2572) WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt
SecFilterSelective THE_REQUEST "/login\.aspx" "id:sid2572,rev:3,msg:'WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt',chain"
SecFilter "txtusername=" "log,pass"

# (sid 2573) WEB-IIS SmarterTools SmarterMail frmCompose.asp access
SecFilterSelective THE_REQUEST "/frmCompose\.aspx" "log,pass,id:sid2573,rev:2,msg:'WEB-IIS SmarterTools SmarterMail frmCompose.asp access'"

# (sid 2667) WEB-IIS ping.asp access
SecFilterSelective THE_REQUEST "/ping\.asp" "log,pass,id:sid2667,rev:2,msg:'WEB-IIS ping.asp access'"

# (sid 3087) WEB-IIS w3who.dll buffer overflow attempt
SecFilterSelective THE_REQUEST "/w3who\.dll\?" "log,pass,id:sid3087,rev:2,msg:'WEB-IIS w3who.dll buffer overflow attempt'"

# (sid 3201) WEB-IIS httpodbc.dll access - nimda
SecFilterSelective THE_REQUEST "/httpodbc\.dll" "log,pass,id:sid3201,rev:2,msg:'WEB-IIS httpodbc.dll access - nimda'"

# (sid 3150) WEB-IIS SQLXML content type overflow
SecFilterSelective THE_REQUEST "contenttype=" "log,pass,id:sid3150,rev:4,msg:'WEB-IIS SQLXML content type overflow'"

# (sid 1497) WEB-MISC cross site scripting attempt
SecFilter "<SCRIPT>" "log,pass,id:sid1497,rev:6,msg:'WEB-MISC cross site scripting attempt'"

# (sid 1667) WEB-MISC cross site scripting HTML Image tag set to javascript attempt
SecFilter "img src=javascript" "log,pass,id:sid1667,rev:7,msg:'WEB-MISC cross site scripting HTML Image tag set to javascript attempt'"

# (sid 1250) WEB-MISC Cisco IOS HTTP configuration attempt
SecFilterSelective THE_REQUEST "/exec/" "log,pass,id:sid1250,rev:11,msg:'WEB-MISC Cisco IOS HTTP configuration attempt'"

# (sid 1047) WEB-MISC Netscape Enterprise DOS
SecFilter "REVLOG / " "log,pass,id:sid1047,rev:9,msg:'WEB-MISC Netscape Enterprise DOS'"

# (sid 1048) WEB-MISC Netscape Enterprise directory listing attempt
SecFilter "INDEX " "log,pass,id:sid1048,rev:9,msg:'WEB-MISC Netscape Enterprise directory listing attempt'"

# (sid 1050) WEB-MISC iPlanet GETPROPERTIES attempt
SecFilter "GETPROPERTIES" "log,pass,id:sid1050,rev:11,msg:'WEB-MISC iPlanet GETPROPERTIES attempt'"

# (sid 1056) WEB-MISC Tomcat view source attempt
SecFilterSelective THE_REQUEST "\x252ejsp" "log,pass,id:sid1056,rev:8,msg:'WEB-MISC Tomcat view source attempt'"

# (sid 1057) WEB-MISC ftp attempt
SecFilter "ftp\.exe" "log,pass,id:sid1057,rev:6,msg:'WEB-MISC ftp attempt'"

# (sid 1058) WEB-MISC xp_enumdsn attempt
SecFilter "xp_enumdsn" "log,pass,id:sid1058,rev:6,msg:'WEB-MISC xp_enumdsn attempt'"

# (sid 1059) WEB-MISC xp_filelist attempt
SecFilter "xp_filelist" "log,pass,id:sid1059,rev:6,msg:'WEB-MISC xp_filelist attempt'"

# (sid 1060) WEB-MISC xp_availablemedia attempt
SecFilter "xp_availablemedia" "log,pass,id:sid1060,rev:6,msg:'WEB-MISC xp_availablemedia attempt'"

# (sid 1061) WEB-MISC xp_cmdshell attempt
SecFilter "xp_cmdshell" "log,pass,id:sid1061,rev:6,msg:'WEB-MISC xp_cmdshell attempt'"

# (sid 1062) WEB-MISC nc.exe attempt
SecFilter "nc\.exe" "log,pass,id:sid1062,rev:6,msg:'WEB-MISC nc.exe attempt'"

# (sid 1064) WEB-MISC wsh attempt
SecFilter "wsh\.exe" "log,pass,id:sid1064,rev:6,msg:'WEB-MISC wsh attempt'"

# (sid 1065) WEB-MISC rcmd attempt
SecFilterSelective THE_REQUEST "rcmd\.exe" "log,pass,id:sid1065,rev:7,msg:'WEB-MISC rcmd attempt'"

# (sid 1066) WEB-MISC telnet attempt
SecFilter "telnet\.exe" "log,pass,id:sid1066,rev:6,msg:'WEB-MISC telnet attempt'"

# (sid 1067) WEB-MISC net attempt
SecFilter "net\.exe" "log,pass,id:sid1067,rev:6,msg:'WEB-MISC net attempt'"

# (sid 1068) WEB-MISC tftp attempt
SecFilter "tftp\.exe" "log,pass,id:sid1068,rev:6,msg:'WEB-MISC tftp attempt'"

# (sid 1069) WEB-MISC xp_regread attempt
SecFilter "xp_regread" "log,pass,id:sid1069,rev:6,msg:'WEB-MISC xp_regread attempt'"

# (sid 1977) WEB-MISC xp_regwrite attempt
SecFilter "xp_regwrite" "log,pass,id:sid1977,rev:1,msg:'WEB-MISC xp_regwrite attempt'"

# (sid 1978) WEB-MISC xp_regdeletekey attempt
SecFilter "xp_regdeletekey" "log,pass,id:sid1978,rev:1,msg:'WEB-MISC xp_regdeletekey attempt'"

# (sid 1070) WEB-MISC WebDAV search access
SecFilter "SEARCH " "log,pass,id:sid1070,rev:9,msg:'WEB-MISC WebDAV search access'"

# (sid 1071) WEB-MISC .htpasswd access
SecFilter "\.htpasswd" "log,pass,id:sid1071,rev:6,msg:'WEB-MISC .htpasswd access'"

# (sid 1072) WEB-MISC Lotus Domino directory traversal
SecFilterSelective THE_REQUEST "\.\./" "log,pass,id:sid1072,rev:11,msg:'WEB-MISC Lotus Domino directory traversal'"

# (sid 1077) WEB-MISC queryhit.htm access
SecFilterSelective THE_REQUEST "/samples/search/queryhit\.htm" "log,pass,id:sid1077,rev:8,msg:'WEB-MISC queryhit.htm access'"

# (sid 1078) WEB-MISC counter.exe access
SecFilterSelective THE_REQUEST "/counter\.exe" "log,pass,id:sid1078,rev:8,msg:'WEB-MISC counter.exe access'"

# (sid 1079) WEB-MISC WebDAV propfind access
SecFilter "propfind" "log,pass,id:sid1079,rev:13,msg:'WEB-MISC WebDAV propfind access'"

# (sid 1080) WEB-MISC unify eWave ServletExec upload
SecFilterSelective THE_REQUEST "/servlet/com\.unify\.servletexec\.UploadServlet" "log,pass,id:sid1080,rev:15,msg:'WEB-MISC unify eWave ServletExec upload'"

# (sid 1081) WEB-MISC Netscape Servers suite DOS
SecFilterSelective THE_REQUEST "/dsgw/bin/search\?context=" "log,pass,id:sid1081,rev:10,msg:'WEB-MISC Netscape Servers suite DOS'"

# (sid 1082) WEB-MISC amazon 1-click cookie theft
SecFilter "ref\x3Cscript\x20language\x3D\x22Javascript" "log,pass,id:sid1082,rev:8,msg:'WEB-MISC amazon 1-click cookie theft'"

# (sid 1083) WEB-MISC unify eWave ServletExec DOS
SecFilterSelective THE_REQUEST "/servlet/ServletExec" "log,pass,id:sid1083,rev:9,msg:'WEB-MISC unify eWave ServletExec DOS'"

# (sid 1084) WEB-MISC Allaire JRUN DOS attempt
SecFilterSelective THE_REQUEST "servlet/\.\.\.\.\.\.\." "log,pass,id:sid1084,rev:10,msg:'WEB-MISC Allaire JRUN DOS attempt'"

# (sid 1091) WEB-MISC ICQ Webfront HTTP DOS
SecFilterSelective THE_REQUEST "\?\?\?\?\?\?\?\?\?\?" "log,pass,id:sid1091,rev:10,msg:'WEB-MISC ICQ Webfront HTTP DOS'"

# (sid 1095) WEB-MISC Talentsoft Web+ Source Code view access
SecFilterSelective THE_REQUEST "/webplus\.exe\?script=test\.wml" "log,pass,id:sid1095,rev:8,msg:'WEB-MISC Talentsoft Web+ Source Code view access'"

# (sid 1096) WEB-MISC Talentsoft Web+ internal IP Address access
SecFilterSelective THE_REQUEST "/webplus\.exe\?about" "log,pass,id:sid1096,rev:8,msg:'WEB-MISC Talentsoft Web+ internal IP Address access'"

# (sid 1098) WEB-MISC SmartWin CyberOffice Shopping Cart access
SecFilterSelective THE_REQUEST "_private/shopping_cart\.mdb" "log,pass,id:sid1098,rev:8,msg:'WEB-MISC SmartWin CyberOffice Shopping Cart access'"

# (sid 1099) WEB-MISC cybercop scan
SecFilterSelective THE_REQUEST "/cybercop" "log,pass,id:sid1099,rev:6,msg:'WEB-MISC cybercop scan'"

# (sid 1102) WEB-MISC nessus 1.X 404 probe
SecFilterSelective THE_REQUEST "/nessus_is_probing_you_" "log,pass,id:sid1102,rev:8,msg:'WEB-MISC nessus 1.X 404 probe'"

# (sid 2585) WEB-MISC nessus 2.x 404 probe
SecFilterSelective THE_REQUEST "/NessusTest" "log,pass,id:sid2585,rev:1,msg:'WEB-MISC nessus 2.x 404 probe'"

# (sid 1103) WEB-MISC Netscape admin passwd
SecFilterSelective THE_REQUEST "/admin-serv/config/admpw" "log,pass,id:sid1103,rev:11,msg:'WEB-MISC Netscape admin passwd'"

# (sid 1105) WEB-MISC BigBrother access
SecFilterSelective THE_REQUEST "/bb-hostsvc\.sh\?HOSTSVC" "log,pass,id:sid1105,rev:10,msg:'WEB-MISC BigBrother access'"

# (sid 1612) WEB-MISC ftp.pl attempt
SecFilterSelective THE_REQUEST "/ftp\.pl\?dir=\.\./\.\." "log,pass,id:sid1612,rev:8,msg:'WEB-MISC ftp.pl attempt'"

# (sid 1107) WEB-MISC ftp.pl access
SecFilterSelective THE_REQUEST "/ftp\.pl" "log,pass,id:sid1107,rev:10,msg:'WEB-MISC ftp.pl access'"

# (sid 1108) WEB-MISC Tomcat server snoop access
SecFilterSelective THE_REQUEST "\.snp" "log,pass,id:sid1108,rev:10,msg:'WEB-MISC Tomcat server snoop access'"

# (sid 1109) WEB-MISC ROXEN directory list attempt
SecFilterSelective THE_REQUEST "/\x00" "log,pass,id:sid1109,rev:8,msg:'WEB-MISC ROXEN directory list attempt'"

# (sid 1110) WEB-MISC apache source.asp file access
SecFilterSelective THE_REQUEST "/site/eg/source\.asp" "log,pass,id:sid1110,rev:9,msg:'WEB-MISC apache source.asp file access'"

# (sid 1111) WEB-MISC Tomcat server exploit access
SecFilterSelective THE_REQUEST "/contextAdmin/contextAdmin\.html" "log,pass,id:sid1111,rev:10,msg:'WEB-MISC Tomcat server exploit access'"

# (sid 1115) WEB-MISC ICQ webserver DOS
SecFilterSelective THE_REQUEST "\.html/\.\.\.\.\.\." "log,pass,id:sid1115,rev:9,msg:'WEB-MISC ICQ webserver DOS'"

# (sid 1116) WEB-MISC Lotus DelDoc attempt
SecFilterSelective THE_REQUEST "\?DeleteDocument" "log,pass,id:sid1116,rev:6,msg:'WEB-MISC Lotus DelDoc attempt'"

# (sid 1117) WEB-MISC Lotus EditDoc attempt
SecFilterSelective THE_REQUEST "\?EditDocument" "log,pass,id:sid1117,rev:6,msg:'WEB-MISC Lotus EditDoc attempt'"

# (sid 1118) WEB-MISC ls%20-l
SecFilter "ls\x20-l" "log,pass,id:sid1118,rev:5,msg:'WEB-MISC ls%20-l'"

# (sid 1119) WEB-MISC mlog.phtml access
SecFilterSelective THE_REQUEST "/mlog\.phtml" "log,pass,id:sid1119,rev:7,msg:'WEB-MISC mlog.phtml access'"

# (sid 1120) WEB-MISC mylog.phtml access
SecFilterSelective THE_REQUEST "/mylog\.phtml" "log,pass,id:sid1120,rev:8,msg:'WEB-MISC mylog.phtml access'"

# (sid 1122) WEB-MISC /etc/passwd
SecFilter "/etc/passwd" "log,pass,id:sid1122,rev:5,msg:'WEB-MISC /etc/passwd'"

# (sid 1123) WEB-MISC ?PageServices access
SecFilterSelective THE_REQUEST "\?PageServices" "log,pass,id:sid1123,rev:9,msg:'WEB-MISC ?PageServices access'"

# (sid 1124) WEB-MISC Ecommerce check.txt access
SecFilterSelective THE_REQUEST "/config/check\.txt" "log,pass,id:sid1124,rev:5,msg:'WEB-MISC Ecommerce check.txt access'"

# (sid 1125) WEB-MISC webcart access
SecFilterSelective THE_REQUEST "/webcart/" "log,pass,id:sid1125,rev:8,msg:'WEB-MISC webcart access'"

# (sid 1126) WEB-MISC AuthChangeUrl access
SecFilterSelective THE_REQUEST "_AuthChangeUrl\?" "log,pass,id:sid1126,rev:11,msg:'WEB-MISC AuthChangeUrl access'"

# (sid 1127) WEB-MISC convert.bas access
SecFilterSelective THE_REQUEST "/scripts/convert\.bas" "log,pass,id:sid1127,rev:7,msg:'WEB-MISC convert.bas access'"

# (sid 1128) WEB-MISC cpshost.dll access
SecFilterSelective THE_REQUEST "/scripts/cpshost\.dll" "log,pass,id:sid1128,rev:8,msg:'WEB-MISC cpshost.dll access'"

# (sid 1129) WEB-MISC .htaccess access
SecFilterSelective THE_REQUEST "\.htaccess" "log,pass,id:sid1129,rev:6,msg:'WEB-MISC .htaccess access'"

# (sid 1130) WEB-MISC .wwwacl access
SecFilterSelective THE_REQUEST "\.wwwacl" "log,pass,id:sid1130,rev:5,msg:'WEB-MISC .wwwacl access'"

# (sid 1131) WEB-MISC .wwwacl access
SecFilterSelective THE_REQUEST "\.www_acl" "log,pass,id:sid1131,rev:5,msg:'WEB-MISC .wwwacl access'"

# (sid 1136) WEB-MISC cd..
SecFilter "cd\.\." "log,pass,id:sid1136,rev:5,msg:'WEB-MISC cd..'"

# (sid 1140) WEB-MISC guestbook.pl access
SecFilterSelective THE_REQUEST "/guestbook\.pl" "log,pass,id:sid1140,rev:11,msg:'WEB-MISC guestbook.pl access'"

# (sid 1141) WEB-MISC handler access
SecFilterSelective THE_REQUEST "/handler" "log,pass,id:sid1141,rev:10,msg:'WEB-MISC handler access'"

# (sid 1142) WEB-MISC /.... access
SecFilter "/\.\.\.\." "log,pass,id:sid1142,rev:5,msg:'WEB-MISC /.... access'"

# (sid 1143) WEB-MISC ///cgi-bin access
SecFilterSelective THE_REQUEST "///cgi-bin" "log,pass,id:sid1143,rev:7,msg:'WEB-MISC ///cgi-bin access'"

# (sid 1144) WEB-MISC /cgi-bin/// access
SecFilterSelective THE_REQUEST "/cgi-bin///" "log,pass,id:sid1144,rev:7,msg:'WEB-MISC /cgi-bin/// access'"

# (sid 1145) WEB-MISC /~root access
SecFilterSelective THE_REQUEST "/~root" "log,pass,id:sid1145,rev:7,msg:'WEB-MISC /~root access'"

# (sid 1662) WEB-MISC /~ftp access
SecFilterSelective THE_REQUEST "/~ftp" "log,pass,id:sid1662,rev:5,msg:'WEB-MISC /~ftp access'"

# (sid 1146) WEB-MISC Ecommerce import.txt access
SecFilterSelective THE_REQUEST "/config/import\.txt" "log,pass,id:sid1146,rev:5,msg:'WEB-MISC Ecommerce import.txt access'"

# (sid 1147) WEB-MISC cat%20 access
SecFilter "cat\x20" "log,pass,id:sid1147,rev:7,msg:'WEB-MISC cat%20 access'"

# (sid 1148) WEB-MISC Ecommerce import.txt access
SecFilterSelective THE_REQUEST "/orders/import\.txt" "log,pass,id:sid1148,rev:5,msg:'WEB-MISC Ecommerce import.txt access'"

# (sid 1150) WEB-MISC Domino catalog.nsf access
SecFilterSelective THE_REQUEST "/catalog\.nsf" "log,pass,id:sid1150,rev:8,msg:'WEB-MISC Domino catalog.nsf access'"

# (sid 1151) WEB-MISC Domino domcfg.nsf access
SecFilterSelective THE_REQUEST "/domcfg\.nsf" "log,pass,id:sid1151,rev:7,msg:'WEB-MISC Domino domcfg.nsf access'"

# (sid 1152) WEB-MISC Domino domlog.nsf access
SecFilterSelective THE_REQUEST "/domlog\.nsf" "log,pass,id:sid1152,rev:7,msg:'WEB-MISC Domino domlog.nsf access'"

# (sid 1153) WEB-MISC Domino log.nsf access
SecFilterSelective THE_REQUEST "/log\.nsf" "log,pass,id:sid1153,rev:7,msg:'WEB-MISC Domino log.nsf access'"

# (sid 1154) WEB-MISC Domino names.nsf access
SecFilterSelective THE_REQUEST "/names\.nsf" "log,pass,id:sid1154,rev:7,msg:'WEB-MISC Domino names.nsf access'"

# (sid 1575) WEB-MISC Domino mab.nsf access
SecFilterSelective THE_REQUEST "/mab\.nsf" "log,pass,id:sid1575,rev:7,msg:'WEB-MISC Domino mab.nsf access'"

# (sid 1576) WEB-MISC Domino cersvr.nsf access
SecFilterSelective THE_REQUEST "/cersvr\.nsf" "log,pass,id:sid1576,rev:6,msg:'WEB-MISC Domino cersvr.nsf access'"

# (sid 1577) WEB-MISC Domino setup.nsf access
SecFilterSelective THE_REQUEST "/setup\.nsf" "log,pass,id:sid1577,rev:6,msg:'WEB-MISC Domino setup.nsf access'"

# (sid 1578) WEB-MISC Domino statrep.nsf access
SecFilterSelective THE_REQUEST "/statrep\.nsf" "log,pass,id:sid1578,rev:6,msg:'WEB-MISC Domino statrep.nsf access'"

# (sid 1579) WEB-MISC Domino webadmin.nsf access
SecFilterSelective THE_REQUEST "/webadmin\.nsf" "log,pass,id:sid1579,rev:7,msg:'WEB-MISC Domino webadmin.nsf access'"

# (sid 1580) WEB-MISC Domino events4.nsf access
SecFilterSelective THE_REQUEST "/events4\.nsf" "log,pass,id:sid1580,rev:6,msg:'WEB-MISC Domino events4.nsf access'"

# (sid 1581) WEB-MISC Domino ntsync4.nsf access
SecFilterSelective THE_REQUEST "/ntsync4\.nsf" "log,pass,id:sid1581,rev:6,msg:'WEB-MISC Domino ntsync4.nsf access'"

# (sid 1582) WEB-MISC Domino collect4.nsf access
SecFilterSelective THE_REQUEST "/collect4\.nsf" "log,pass,id:sid1582,rev:6,msg:'WEB-MISC Domino collect4.nsf access'"

# (sid 1583) WEB-MISC Domino mailw46.nsf access
SecFilterSelective THE_REQUEST "/mailw46\.nsf" "log,pass,id:sid1583,rev:6,msg:'WEB-MISC Domino mailw46.nsf access'"

# (sid 1584) WEB-MISC Domino bookmark.nsf access
SecFilterSelective THE_REQUEST "/bookmark\.nsf" "log,pass,id:sid1584,rev:6,msg:'WEB-MISC Domino bookmark.nsf access'"

# (sid 1585) WEB-MISC Domino agentrunner.nsf access
SecFilterSelective THE_REQUEST "/agentrunner\.nsf" "log,pass,id:sid1585,rev:6,msg:'WEB-MISC Domino agentrunner.nsf access'"

# (sid 1586) WEB-MISC Domino mail.box access
SecFilterSelective THE_REQUEST "/mail\.box" "log,pass,id:sid1586,rev:7,msg:'WEB-MISC Domino mail.box access'"

# (sid 1155) WEB-MISC Ecommerce checks.txt access
SecFilterSelective THE_REQUEST "/orders/checks\.txt" "log,pass,id:sid1155,rev:7,msg:'WEB-MISC Ecommerce checks.txt access'"

# (sid 1156) WEB-MISC apache directory disclosure attempt
SecFilter "////////" "log,pass,id:sid1156,rev:9,msg:'WEB-MISC apache directory disclosure attempt'"

# (sid 1157) WEB-MISC Netscape PublishingXpert access
SecFilterSelective THE_REQUEST "/PSUser/PSCOErrPage\.htm" "log,pass,id:sid1157,rev:9,msg:'WEB-MISC Netscape PublishingXpert access'"

# (sid 1158) WEB-MISC windmail.exe access
SecFilterSelective THE_REQUEST "/windmail\.exe" "log,pass,id:sid1158,rev:10,msg:'WEB-MISC windmail.exe access'"

# (sid 1159) WEB-MISC webplus access
SecFilterSelective THE_REQUEST "/webplus\?script" "log,pass,id:sid1159,rev:10,msg:'WEB-MISC webplus access'"

# (sid 1160) WEB-MISC Netscape dir index wp
SecFilterSelective THE_REQUEST "\?wp-" "log,pass,id:sid1160,rev:11,msg:'WEB-MISC Netscape dir index wp'"

# (sid 1162) WEB-MISC cart 32 AdminPwd access
SecFilterSelective THE_REQUEST "/c32web\.exe/ChangeAdminPassword" "log,pass,id:sid1162,rev:7,msg:'WEB-MISC cart 32 AdminPwd access'"

# (sid 1164) WEB-MISC shopping cart access
SecFilterSelective THE_REQUEST "/quikstore\.cfg" "log,pass,id:sid1164,rev:10,msg:'WEB-MISC shopping cart access'"

# (sid 1614) WEB-MISC Novell Groupwise gwweb.exe attempt
SecFilterSelective THE_REQUEST "/GWWEB\.EXE\?HELP=" "log,pass,id:sid1614,rev:8,msg:'WEB-MISC Novell Groupwise gwweb.exe attempt'"

# (sid 1165) WEB-MISC Novell Groupwise gwweb.exe access
SecFilter "/GWWEB\.EXE" "log,pass,id:sid1165,rev:9,msg:'WEB-MISC Novell Groupwise gwweb.exe access'"

# (sid 1166) WEB-MISC ws_ftp.ini access
SecFilterSelective THE_REQUEST "/ws_ftp\.ini" "log,pass,id:sid1166,rev:8,msg:'WEB-MISC ws_ftp.ini access'"

# (sid 1167) WEB-MISC rpm_query access
SecFilterSelective THE_REQUEST "/rpm_query" "log,pass,id:sid1167,rev:9,msg:'WEB-MISC rpm_query access'"

# (sid 1168) WEB-MISC mall log order access
SecFilterSelective THE_REQUEST "/mall_log_files/order\.log" "log,pass,id:sid1168,rev:8,msg:'WEB-MISC mall log order access'"

# (sid 1173) WEB-MISC architext_query.pl access
SecFilterSelective THE_REQUEST "/ews/architext_query\.pl" "log,pass,id:sid1173,rev:10,msg:'WEB-MISC architext_query.pl access'"

# (sid 1175) WEB-MISC wwwboard.pl access
SecFilterSelective THE_REQUEST "/wwwboard\.pl" "log,pass,id:sid1175,rev:10,msg:'WEB-MISC wwwboard.pl access'"

# (sid 1177) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-verify-link" "log,pass,id:sid1177,rev:6,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1180) WEB-MISC get32.exe access
SecFilterSelective THE_REQUEST "/get32\.exe" "log,pass,id:sid1180,rev:13,msg:'WEB-MISC get32.exe access'"

# (sid 1181) WEB-MISC Annex Terminal DOS attempt
SecFilterSelective THE_REQUEST "/ping\?query=" "log,pass,id:sid1181,rev:10,msg:'WEB-MISC Annex Terminal DOS attempt'"

# (sid 1587) WEB-MISC cgitest.exe access
SecFilterSelective THE_REQUEST "/cgitest\.exe" "log,pass,id:sid1587,rev:13,msg:'WEB-MISC cgitest.exe access'"

# (sid 1183) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-cs-dump" "log,pass,id:sid1183,rev:10,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1184) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-ver-info" "log,pass,id:sid1184,rev:8,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1186) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-ver-diff" "log,pass,id:sid1186,rev:7,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1187) WEB-MISC SalesLogix Eviewer web command attempt
SecFilterSelective THE_REQUEST "/slxweb\.dll/admin\?command=" "log,pass,id:sid1187,rev:12,msg:'WEB-MISC SalesLogix Eviewer web command attempt'"

# (sid 1588) WEB-MISC SalesLogix Eviewer access
SecFilterSelective THE_REQUEST "/slxweb\.dll" "log,pass,id:sid1588,rev:8,msg:'WEB-MISC SalesLogix Eviewer access'"

# (sid 1188) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-start-ver" "log,pass,id:sid1188,rev:7,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1189) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-stop-ver" "log,pass,id:sid1189,rev:7,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1190) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-uncheckout" "log,pass,id:sid1190,rev:7,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1191) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-html-rend" "log,pass,id:sid1191,rev:7,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1381) WEB-MISC Trend Micro OfficeScan attempt
SecFilterSelective THE_REQUEST "event=" "log,pass,id:sid1381,rev:5,msg:'WEB-MISC Trend Micro OfficeScan attempt'"

# (sid 1192) WEB-MISC Trend Micro OfficeScan access
SecFilterSelective THE_REQUEST "/officescan/cgi/jdkRqNotify\.exe" "log,pass,id:sid1192,rev:6,msg:'WEB-MISC Trend Micro OfficeScan access'"

# (sid 1193) WEB-MISC oracle web arbitrary command execution attempt
SecFilterSelective THE_REQUEST "\?&" "log,pass,id:sid1193,rev:10,msg:'WEB-MISC oracle web arbitrary command execution attempt'"

# (sid 1880) WEB-MISC oracle web application server access
SecFilterSelective THE_REQUEST "/ows-bin/" "log,pass,id:sid1880,rev:4,msg:'WEB-MISC oracle web application server access'"

# (sid 1198) WEB-MISC Netscape Enterprise Server directory view
SecFilterSelective THE_REQUEST "\?wp-usr-prop" "log,pass,id:sid1198,rev:8,msg:'WEB-MISC Netscape Enterprise Server directory view'"

# (sid 1202) WEB-MISC search.vts access
SecFilterSelective THE_REQUEST "/search\.vts" "log,pass,id:sid1202,rev:7,msg:'WEB-MISC search.vts access'"

# (sid 1615) WEB-MISC htgrep attempt
SecFilterSelective THE_REQUEST "/htgrep" "id:sid1615,rev:5,msg:'WEB-MISC htgrep attempt',chain"
SecFilter "hdr=/" "log,pass"

# (sid 1207) WEB-MISC htgrep access
SecFilterSelective THE_REQUEST "/htgrep" "log,pass,id:sid1207,rev:7,msg:'WEB-MISC htgrep access'"

# (sid 1209) WEB-MISC .nsconfig access
SecFilterSelective THE_REQUEST "/\.nsconfig" "log,pass,id:sid1209,rev:6,msg:'WEB-MISC .nsconfig access'"

# (sid 1212) WEB-MISC Admin_files access
SecFilterSelective THE_REQUEST "/admin_files" "log,pass,id:sid1212,rev:5,msg:'WEB-MISC Admin_files access'"

# (sid 1213) WEB-MISC backup access
SecFilterSelective THE_REQUEST "/backup" "log,pass,id:sid1213,rev:5,msg:'WEB-MISC backup access'"

# (sid 1214) WEB-MISC intranet access
SecFilterSelective THE_REQUEST "/intranet/" "log,pass,id:sid1214,rev:6,msg:'WEB-MISC intranet access'"

# (sid 1216) WEB-MISC filemail access
SecFilterSelective THE_REQUEST "/filemail" "log,pass,id:sid1216,rev:10,msg:'WEB-MISC filemail access'"

# (sid 1217) WEB-MISC plusmail access
SecFilterSelective THE_REQUEST "/plusmail" "log,pass,id:sid1217,rev:9,msg:'WEB-MISC plusmail access'"

# (sid 1218) WEB-MISC adminlogin access
SecFilterSelective THE_REQUEST "/adminlogin" "log,pass,id:sid1218,rev:9,msg:'WEB-MISC adminlogin access'"

# (sid 1220) WEB-MISC ultraboard access
SecFilterSelective THE_REQUEST "/ultraboard" "log,pass,id:sid1220,rev:9,msg:'WEB-MISC ultraboard access'"

# (sid 1589) WEB-MISC musicat empower attempt
SecFilterSelective THE_REQUEST "/empower\?DB=" "log,pass,id:sid1589,rev:8,msg:'WEB-MISC musicat empower attempt'"

# (sid 1221) WEB-MISC musicat empower access
SecFilterSelective THE_REQUEST "/empower" "log,pass,id:sid1221,rev:10,msg:'WEB-MISC musicat empower access'"

# (sid 1224) WEB-MISC ROADS search.pl attempt
SecFilterSelective THE_REQUEST "/ROADS/cgi-bin/search\.pl" "id:sid1224,rev:10,msg:'WEB-MISC ROADS search.pl attempt',chain"
SecFilter "form=" "log,pass"

# (sid 1230) WEB-MISC VirusWall FtpSave access
SecFilterSelective THE_REQUEST "/FtpSave\.dll" "log,pass,id:sid1230,rev:8,msg:'WEB-MISC VirusWall FtpSave access'"

# (sid 1234) WEB-MISC VirusWall FtpSaveCSP access
SecFilterSelective THE_REQUEST "/FtpSaveCSP\.dll" "log,pass,id:sid1234,rev:8,msg:'WEB-MISC VirusWall FtpSaveCSP access'"

# (sid 1235) WEB-MISC VirusWall FtpSaveCVP access
SecFilterSelective THE_REQUEST "/FtpSaveCVP\.dll" "log,pass,id:sid1235,rev:8,msg:'WEB-MISC VirusWall FtpSaveCVP access'"

# (sid 1054) WEB-MISC weblogic/tomcat .jsp view source attempt
SecFilterSelective THE_REQUEST "\.jsp" "log,pass,id:sid1054,rev:7,msg:'WEB-MISC weblogic/tomcat .jsp view source attempt'"

# (sid 1241) WEB-MISC SWEditServlet directory traversal attempt
SecFilterSelective THE_REQUEST "/SWEditServlet" "id:sid1241,rev:8,msg:'WEB-MISC SWEditServlet directory traversal attempt',chain"
SecFilter "template=\.\./\.\./\.\./" "log,pass"

# (sid 1259) WEB-MISC SWEditServlet access
SecFilterSelective THE_REQUEST "/SWEditServlet" "log,pass,id:sid1259,rev:7,msg:'WEB-MISC SWEditServlet access'"

# (sid 1139) WEB-MISC whisker HEAD/./
SecFilter "HEAD/\./" "log,pass,id:sid1139,rev:7,msg:'WEB-MISC whisker HEAD/./'"

# (sid 1258) WEB-MISC HP OpenView Manager DOS
SecFilterSelective THE_REQUEST "/OvCgi/OpenView5\.exe\?Context=Snmp&Action=Snmp&Host=&Oid=" "log,pass,id:sid1258,rev:10,msg:'WEB-MISC HP OpenView Manager DOS'"

# (sid 1291) WEB-MISC sml3com access
SecFilterSelective THE_REQUEST "/graphics/sml3com" "log,pass,id:sid1291,rev:8,msg:'WEB-MISC sml3com access'"

# (sid 1001) WEB-MISC carbo.dll access
SecFilterSelective THE_REQUEST "/carbo\.dll" "id:sid1001,rev:7,msg:'WEB-MISC carbo.dll access',chain"
SecFilter "icatcommand=" "log,pass"

# (sid 1302) WEB-MISC console.exe access
SecFilterSelective THE_REQUEST "/cgi-bin/console\.exe" "log,pass,id:sid1302,rev:7,msg:'WEB-MISC console.exe access'"

# (sid 1303) WEB-MISC cs.exe access
SecFilterSelective THE_REQUEST "/cgi-bin/cs\.exe" "log,pass,id:sid1303,rev:7,msg:'WEB-MISC cs.exe access'"

# (sid 1113) WEB-MISC http directory traversal
SecFilter "\.\./" "log,pass,id:sid1113,rev:5,msg:'WEB-MISC http directory traversal'"

# (sid 1375) WEB-MISC sadmind worm access
SecFilter "GET x HTTP/1\.0" "log,pass,id:sid1375,rev:6,msg:'WEB-MISC sadmind worm access'"

# (sid 1376) WEB-MISC jrun directory browse attempt
SecFilterSelective THE_REQUEST "/\?\.jsp" "log,pass,id:sid1376,rev:5,msg:'WEB-MISC jrun directory browse attempt'"

# (sid 1385) WEB-MISC mod-plsql administration access
SecFilterSelective THE_REQUEST "/admin_/" "log,pass,id:sid1385,rev:11,msg:'WEB-MISC mod-plsql administration access'"

# (sid 1391) WEB-MISC Phorecast remote code execution attempt
SecFilter "includedir=" "log,pass,id:sid1391,rev:7,msg:'WEB-MISC Phorecast remote code execution attempt'"

# (sid 1403) WEB-MISC viewcode access
SecFilterSelective THE_REQUEST "/viewcode" "log,pass,id:sid1403,rev:9,msg:'WEB-MISC viewcode access'"

# (sid 1404) WEB-MISC showcode access
SecFilterSelective THE_REQUEST "/showcode" "log,pass,id:sid1404,rev:7,msg:'WEB-MISC showcode access'"

# (sid 1433) WEB-MISC .history access
SecFilterSelective THE_REQUEST "/\.history" "log,pass,id:sid1433,rev:5,msg:'WEB-MISC .history access'"

# (sid 1434) WEB-MISC .bash_history access
SecFilterSelective THE_REQUEST "/\.bash_history" "log,pass,id:sid1434,rev:7,msg:'WEB-MISC .bash_history access'"

# (sid 1489) WEB-MISC /~nobody access
SecFilterSelective THE_REQUEST "/~nobody" "log,pass,id:sid1489,rev:7,msg:'WEB-MISC /~nobody access'"

# (sid 1492) WEB-MISC RBS ISP /newuser  directory traversal attempt
SecFilterSelective THE_REQUEST "/newuser\?Image=\.\./\.\." "log,pass,id:sid1492,rev:10,msg:'WEB-MISC RBS ISP /newuser  directory traversal attempt'"

# (sid 1493) WEB-MISC RBS ISP /newuser access
SecFilterSelective THE_REQUEST "/newuser" "log,pass,id:sid1493,rev:9,msg:'WEB-MISC RBS ISP /newuser access'"

# (sid 1664) WEB-MISC mkplog.exe access
SecFilterSelective THE_REQUEST "/mkplog\.exe" "log,pass,id:sid1664,rev:5,msg:'WEB-MISC mkplog.exe access'"

# (sid 509) WEB-MISC PCCS mysql database admin tool access
SecFilter "pccsmysqladm/incs/dbconnect\.inc" "log,pass,id:sid509,rev:11,msg:'WEB-MISC PCCS mysql database admin tool access'"

# (sid 1769) WEB-MISC .DS_Store access
SecFilterSelective THE_REQUEST "/\.DS_Store" "log,pass,id:sid1769,rev:3,msg:'WEB-MISC .DS_Store access'"

# (sid 1770) WEB-MISC .FBCIndex access
SecFilterSelective THE_REQUEST "/\.FBCIndex" "log,pass,id:sid1770,rev:3,msg:'WEB-MISC .FBCIndex access'"

# (sid 1500) WEB-MISC ExAir access
SecFilterSelective THE_REQUEST "/exair/search/" "log,pass,id:sid1500,rev:10,msg:'WEB-MISC ExAir access'"

# (sid 1519) WEB-MISC apache ?M=D directory list attempt
SecFilterSelective THE_REQUEST "/\?M=D" "log,pass,id:sid1519,rev:8,msg:'WEB-MISC apache ?M=D directory list attempt'"

# (sid 1520) WEB-MISC server-info access
SecFilterSelective THE_REQUEST "/server-info" "log,pass,id:sid1520,rev:6,msg:'WEB-MISC server-info access'"

# (sid 1521) WEB-MISC server-status access
SecFilterSelective THE_REQUEST "/server-status" "log,pass,id:sid1521,rev:6,msg:'WEB-MISC server-status access'"

# (sid 1522) WEB-MISC ans.pl attempt
SecFilterSelective THE_REQUEST "/ans\.pl\?p=\.\./\.\./" "log,pass,id:sid1522,rev:10,msg:'WEB-MISC ans.pl attempt'"

# (sid 1523) WEB-MISC ans.pl access
SecFilterSelective THE_REQUEST "/ans\.pl" "log,pass,id:sid1523,rev:10,msg:'WEB-MISC ans.pl access'"

# (sid 1524) WEB-MISC AxisStorpoint CD attempt
SecFilterSelective THE_REQUEST "/cd/\.\./config/html/cnf_gi\.htm" "log,pass,id:sid1524,rev:9,msg:'WEB-MISC AxisStorpoint CD attempt'"

# (sid 1525) WEB-MISC Axis Storpoint CD access
SecFilterSelective THE_REQUEST "/config/html/cnf_gi\.htm" "log,pass,id:sid1525,rev:9,msg:'WEB-MISC Axis Storpoint CD access'"

# (sid 1526) WEB-MISC basilix sendmail.inc access
SecFilterSelective THE_REQUEST "/inc/sendmail\.inc" "log,pass,id:sid1526,rev:9,msg:'WEB-MISC basilix sendmail.inc access'"

# (sid 1527) WEB-MISC basilix mysql.class access
SecFilterSelective THE_REQUEST "/class/mysql\.class" "log,pass,id:sid1527,rev:8,msg:'WEB-MISC basilix mysql.class access'"

# (sid 1528) WEB-MISC BBoard access
SecFilterSelective THE_REQUEST "/servlet/sunexamples\.BBoardServlet" "log,pass,id:sid1528,rev:8,msg:'WEB-MISC BBoard access'"

# (sid 1544) WEB-MISC Cisco Catalyst command execution attempt
SecFilterSelective THE_REQUEST "/exec/show/config/cr" "log,pass,id:sid1544,rev:7,msg:'WEB-MISC Cisco Catalyst command execution attempt'"

# (sid 1551) WEB-MISC /CVS/Entries access
SecFilterSelective THE_REQUEST "/CVS/Entries" "log,pass,id:sid1551,rev:6,msg:'WEB-MISC /CVS/Entries access'"

# (sid 1552) WEB-MISC cvsweb version access
SecFilterSelective THE_REQUEST "/cvsweb/version" "log,pass,id:sid1552,rev:4,msg:'WEB-MISC cvsweb version access'"

# (sid 1559) WEB-MISC /doc/packages access
SecFilterSelective THE_REQUEST "/doc/packages" "log,pass,id:sid1559,rev:8,msg:'WEB-MISC /doc/packages access'"

# (sid 1560) WEB-MISC /doc/ access
SecFilterSelective THE_REQUEST "/doc/" "log,pass,id:sid1560,rev:6,msg:'WEB-MISC /doc/ access'"

# (sid 1563) WEB-MISC login.htm attempt
SecFilterSelective THE_REQUEST "/login\.htm\?password=" "log,pass,id:sid1563,rev:6,msg:'WEB-MISC login.htm attempt'"

# (sid 1564) WEB-MISC login.htm access
SecFilterSelective THE_REQUEST "/login\.htm" "log,pass,id:sid1564,rev:6,msg:'WEB-MISC login.htm access'"

# (sid 1603) WEB-MISC DELETE attempt
SecFilter "DELETE " "log,pass,id:sid1603,rev:7,msg:'WEB-MISC DELETE attempt'"

# (sid 1670) WEB-MISC /home/ftp access
SecFilterSelective THE_REQUEST "/home/ftp" "log,pass,id:sid1670,rev:6,msg:'WEB-MISC /home/ftp access'"

# (sid 1671) WEB-MISC /home/www access
SecFilterSelective THE_REQUEST "/home/www" "log,pass,id:sid1671,rev:6,msg:'WEB-MISC /home/www access'"

# (sid 1738) WEB-MISC global.inc access
SecFilterSelective THE_REQUEST "/global\.inc" "log,pass,id:sid1738,rev:5,msg:'WEB-MISC global.inc access'"

# (sid 1744) WEB-MISC SecureSite authentication bypass attempt
SecFilter "secure_site, ok" "log,pass,id:sid1744,rev:3,msg:'WEB-MISC SecureSite authentication bypass attempt'"

# (sid 1766) WEB-MISC search.dll directory listing attempt
SecFilterSelective THE_REQUEST "/search\.dll" "id:sid1766,rev:7,msg:'WEB-MISC search.dll directory listing attempt',chain"
SecFilter "query=\x00" "log,pass"

# (sid 1767) WEB-MISC search.dll access
SecFilterSelective THE_REQUEST "/search\.dll" "log,pass,id:sid1767,rev:6,msg:'WEB-MISC search.dll access'"

# (sid 1231) WEB-MISC VirusWall catinfo access
SecFilterSelective THE_REQUEST "/catinfo" "log,pass,id:sid1231,rev:8,msg:'WEB-MISC VirusWall catinfo access'"

# (sid 1807) WEB-MISC Chunked-Encoding transfer attempt
SecFilter "chunked" "log,pass,id:sid1807,rev:10,msg:'WEB-MISC Chunked-Encoding transfer attempt'"

# (sid 1814) WEB-MISC CISCO VoIP DOS ATTEMPT
SecFilterSelective THE_REQUEST "/StreamingStatistics" "log,pass,id:sid1814,rev:8,msg:'WEB-MISC CISCO VoIP DOS ATTEMPT'"

# (sid 1820) WEB-MISC IBM Net.Commerce orderdspc.d2w access
SecFilterSelective THE_REQUEST "/ncommerce3/ExecMacro/orderdspc\.d2w" "log,pass,id:sid1820,rev:7,msg:'WEB-MISC IBM Net.Commerce orderdspc.d2w access'"

# (sid 1826) WEB-MISC WEB-INF access
SecFilterSelective THE_REQUEST "/WEB-INF" "log,pass,id:sid1826,rev:7,msg:'WEB-MISC WEB-INF access'"

# (sid 1827) WEB-MISC Tomcat servlet mapping cross site scripting attempt
SecFilterSelective THE_REQUEST "/org\.apache\." "log,pass,id:sid1827,rev:7,msg:'WEB-MISC Tomcat servlet mapping cross site scripting attempt'"

# (sid 1828) WEB-MISC iPlanet Search directory traversal attempt
SecFilterSelective THE_REQUEST "/search" "id:sid1828,rev:6,msg:'WEB-MISC iPlanet Search directory traversal attempt',chain"
SecFilter "\.\./\.\./" "log,pass"

# (sid 1829) WEB-MISC Tomcat TroubleShooter servlet access
SecFilterSelective THE_REQUEST "/examples/servlet/TroubleShooter" "log,pass,id:sid1829,rev:5,msg:'WEB-MISC Tomcat TroubleShooter servlet access'"

# (sid 1830) WEB-MISC Tomcat SnoopServlet servlet access
SecFilterSelective THE_REQUEST "/examples/servlet/SnoopServlet" "log,pass,id:sid1830,rev:5,msg:'WEB-MISC Tomcat SnoopServlet servlet access'"

# (sid 1831) WEB-MISC jigsaw dos attempt
SecFilterSelective THE_REQUEST "/servlet/con" "log,pass,id:sid1831,rev:3,msg:'WEB-MISC jigsaw dos attempt'"

# (sid 1835) WEB-MISC Macromedia SiteSpring cross site scripting attempt
SecFilterSelective THE_REQUEST "<script" "log,pass,id:sid1835,rev:5,msg:'WEB-MISC Macromedia SiteSpring cross site scripting attempt'"

# (sid 1839) WEB-MISC mailman cross site scripting attempt
SecFilterSelective THE_REQUEST "<script" "log,pass,id:sid1839,rev:4,msg:'WEB-MISC mailman cross site scripting attempt'"

# (sid 1847) WEB-MISC webalizer access
SecFilterSelective THE_REQUEST "/webalizer/" "log,pass,id:sid1847,rev:9,msg:'WEB-MISC webalizer access'"

# (sid 1848) WEB-MISC webcart-lite access
SecFilterSelective THE_REQUEST "/webcart-lite/" "log,pass,id:sid1848,rev:5,msg:'WEB-MISC webcart-lite access'"

# (sid 1849) WEB-MISC webfind.exe access
SecFilterSelective THE_REQUEST "/webfind\.exe" "log,pass,id:sid1849,rev:7,msg:'WEB-MISC webfind.exe access'"

# (sid 1851) WEB-MISC active.log access
SecFilterSelective THE_REQUEST "/active\.log" "log,pass,id:sid1851,rev:6,msg:'WEB-MISC active.log access'"

# (sid 1852) WEB-MISC robots.txt access
SecFilterSelective THE_REQUEST "/robots\.txt" "log,pass,id:sid1852,rev:3,msg:'WEB-MISC robots.txt access'"

# (sid 1857) WEB-MISC robot.txt access
SecFilterSelective THE_REQUEST "/robot\.txt" "log,pass,id:sid1857,rev:3,msg:'WEB-MISC robot.txt access'"

# (sid 1871) WEB-MISC Oracle XSQLConfig.xml access
SecFilterSelective THE_REQUEST "/XSQLConfig\.xml" "log,pass,id:sid1871,rev:4,msg:'WEB-MISC Oracle XSQLConfig.xml access'"

# (sid 1872) WEB-MISC Oracle Dynamic Monitoring Services dms access
SecFilterSelective THE_REQUEST "/dms0" "log,pass,id:sid1872,rev:3,msg:'WEB-MISC Oracle Dynamic Monitoring Services dms access'"

# (sid 1873) WEB-MISC globals.jsa access
SecFilterSelective THE_REQUEST "/globals\.jsa" "log,pass,id:sid1873,rev:4,msg:'WEB-MISC globals.jsa access'"

# (sid 1874) WEB-MISC Oracle Java Process Manager access
SecFilterSelective THE_REQUEST "/oprocmgr-status" "log,pass,id:sid1874,rev:1,msg:'WEB-MISC Oracle Java Process Manager access'"

# (sid 1943) WEB-MISC /Carello/add.exe access
SecFilterSelective THE_REQUEST "/Carello/add\.exe" "log,pass,id:sid1943,rev:5,msg:'WEB-MISC /Carello/add.exe access'"

# (sid 1944) WEB-MISC /ecscripts/ecware.exe access
SecFilterSelective THE_REQUEST "/ecscripts/ecware\.exe" "log,pass,id:sid1944,rev:3,msg:'WEB-MISC /ecscripts/ecware.exe access'"

# (sid 1969) WEB-MISC ion-p access
SecFilterSelective THE_REQUEST "/ion-p" "log,pass,id:sid1969,rev:3,msg:'WEB-MISC ion-p access'"

# (sid 1979) WEB-MISC perl post attempt
SecFilterSelective THE_REQUEST "/perl/" "id:sid1979,rev:4,msg:'WEB-MISC perl post attempt',chain"
SecFilter "POST" "log,pass"

# (sid 2056) WEB-MISC TRACE attempt
SecFilter "TRACE" "log,pass,id:sid2056,rev:4,msg:'WEB-MISC TRACE attempt'"

# (sid 2057) WEB-MISC helpout.exe access
SecFilterSelective THE_REQUEST "/helpout\.exe" "log,pass,id:sid2057,rev:5,msg:'WEB-MISC helpout.exe access'"

# (sid 2058) WEB-MISC MsmMask.exe attempt
SecFilterSelective THE_REQUEST "/MsmMask\.exe" "id:sid2058,rev:1,msg:'WEB-MISC MsmMask.exe attempt',chain"
SecFilter "mask=" "log,pass"

# (sid 2059) WEB-MISC MsmMask.exe access
SecFilterSelective THE_REQUEST "/MsmMask\.exe" "log,pass,id:sid2059,rev:1,msg:'WEB-MISC MsmMask.exe access'"

# (sid 2060) WEB-MISC DB4Web access
SecFilterSelective THE_REQUEST "/DB4Web/" "log,pass,id:sid2060,rev:1,msg:'WEB-MISC DB4Web access'"

# (sid 2062) WEB-MISC iPlanet .perf access
SecFilterSelective THE_REQUEST "/\.perf" "log,pass,id:sid2062,rev:4,msg:'WEB-MISC iPlanet .perf access'"

# (sid 2063) WEB-MISC Demarc SQL injection attempt
SecFilterSelective THE_REQUEST "/dm/demarc" "id:sid2063,rev:6,msg:'WEB-MISC Demarc SQL injection attempt',chain"
SecFilter "'" "log,pass"

# (sid 2064) WEB-MISC Lotus Notes .csp script source download attempt
SecFilterSelective THE_REQUEST "\.csp" "id:sid2064,rev:4,msg:'WEB-MISC Lotus Notes .csp script source download attempt',chain"
SecFilter "\." "log,pass"

# (sid 2066) WEB-MISC Lotus Notes .pl script source download attempt
SecFilterSelective THE_REQUEST "\.pl" "id:sid2066,rev:4,msg:'WEB-MISC Lotus Notes .pl script source download attempt',chain"
SecFilter "\." "log,pass"

# (sid 2067) WEB-MISC Lotus Notes .exe script source download attempt
SecFilterSelective THE_REQUEST "\.exe" "id:sid2067,rev:4,msg:'WEB-MISC Lotus Notes .exe script source download attempt',chain"
SecFilter "\." "log,pass"

# (sid 2068) WEB-MISC BitKeeper arbitrary command attempt
SecFilterSelective THE_REQUEST "/diffs/" "id:sid2068,rev:2,msg:'WEB-MISC BitKeeper arbitrary command attempt',chain"
SecFilter "'" "log,pass"

# (sid 2069) WEB-MISC chip.ini access
SecFilterSelective THE_REQUEST "/chip\.ini" "log,pass,id:sid2069,rev:5,msg:'WEB-MISC chip.ini access'"

# (sid 2071) WEB-MISC post32.exe access
SecFilterSelective THE_REQUEST "/post32\.exe" "log,pass,id:sid2071,rev:1,msg:'WEB-MISC post32.exe access'"

# (sid 2072) WEB-MISC lyris.pl access
SecFilterSelective THE_REQUEST "/lyris\.pl" "log,pass,id:sid2072,rev:3,msg:'WEB-MISC lyris.pl access'"

# (sid 2073) WEB-MISC globals.pl access
SecFilterSelective THE_REQUEST "/globals\.pl" "log,pass,id:sid2073,rev:3,msg:'WEB-MISC globals.pl access'"

# (sid 2135) WEB-MISC philboard.mdb access
SecFilterSelective THE_REQUEST "/philboard\.mdb" "log,pass,id:sid2135,rev:1,msg:'WEB-MISC philboard.mdb access'"

# (sid 2136) WEB-MISC philboard_admin.asp authentication bypass attempt
SecFilterSelective THE_REQUEST "/philboard_admin\.asp" "id:sid2136,rev:2,msg:'WEB-MISC philboard_admin.asp authentication bypass attempt',chain"
SecFilter "philboard_admin=True" "log,pass"

# (sid 2137) WEB-MISC philboard_admin.asp access
SecFilterSelective THE_REQUEST "/philboard_admin\.asp" "log,pass,id:sid2137,rev:2,msg:'WEB-MISC philboard_admin.asp access'"

# (sid 2138) WEB-MISC logicworks.ini access
SecFilterSelective THE_REQUEST "/logicworks\.ini" "log,pass,id:sid2138,rev:2,msg:'WEB-MISC logicworks.ini access'"

# (sid 2139) WEB-MISC /*.shtml access
SecFilterSelective THE_REQUEST "/*\.shtml" "log,pass,id:sid2139,rev:5,msg:'WEB-MISC /*.shtml access'"

# (sid 2156) WEB-MISC mod_gzip_status access
SecFilterSelective THE_REQUEST "/mod_gzip_status" "log,pass,id:sid2156,rev:1,msg:'WEB-MISC mod_gzip_status access'"

# (sid 2231) WEB-MISC register.dll access
SecFilterSelective THE_REQUEST "/register\.dll" "log,pass,id:sid2231,rev:5,msg:'WEB-MISC register.dll access'"

# (sid 2232) WEB-MISC ContentFilter.dll access
SecFilterSelective THE_REQUEST "/ContentFilter\.dll" "log,pass,id:sid2232,rev:5,msg:'WEB-MISC ContentFilter.dll access'"

# (sid 2233) WEB-MISC SFNofitication.dll access
SecFilterSelective THE_REQUEST "/SFNofitication\.dll" "log,pass,id:sid2233,rev:5,msg:'WEB-MISC SFNofitication.dll access'"

# (sid 2234) WEB-MISC TOP10.dll access
SecFilterSelective THE_REQUEST "/TOP10\.dll" "log,pass,id:sid2234,rev:5,msg:'WEB-MISC TOP10.dll access'"

# (sid 2235) WEB-MISC SpamExcp.dll access
SecFilterSelective THE_REQUEST "/SpamExcp\.dll" "log,pass,id:sid2235,rev:5,msg:'WEB-MISC SpamExcp.dll access'"

# (sid 2236) WEB-MISC spamrule.dll access
SecFilterSelective THE_REQUEST "/spamrule\.dll" "log,pass,id:sid2236,rev:5,msg:'WEB-MISC spamrule.dll access'"

# (sid 2237) WEB-MISC cgiWebupdate.exe access
SecFilterSelective THE_REQUEST "/cgiWebupdate\.exe" "log,pass,id:sid2237,rev:5,msg:'WEB-MISC cgiWebupdate.exe access'"

# (sid 2238) WEB-MISC WebLogic ConsoleHelp view source attempt
SecFilterSelective THE_REQUEST "\.jsp" "log,pass,id:sid2238,rev:5,msg:'WEB-MISC WebLogic ConsoleHelp view source attempt'"

# (sid 2239) WEB-MISC redirect.exe access
SecFilterSelective THE_REQUEST "/redirect\.exe" "log,pass,id:sid2239,rev:3,msg:'WEB-MISC redirect.exe access'"

# (sid 2240) WEB-MISC changepw.exe access
SecFilterSelective THE_REQUEST "/changepw\.exe" "log,pass,id:sid2240,rev:3,msg:'WEB-MISC changepw.exe access'"

# (sid 2241) WEB-MISC cwmail.exe access
SecFilterSelective THE_REQUEST "/cwmail\.exe" "log,pass,id:sid2241,rev:5,msg:'WEB-MISC cwmail.exe access'"

# (sid 2242) WEB-MISC ddicgi.exe access
SecFilterSelective THE_REQUEST "/ddicgi\.exe" "log,pass,id:sid2242,rev:4,msg:'WEB-MISC ddicgi.exe access'"

# (sid 2243) WEB-MISC ndcgi.exe access
SecFilterSelective THE_REQUEST "/ndcgi\.exe" "log,pass,id:sid2243,rev:5,msg:'WEB-MISC ndcgi.exe access'"

# (sid 2244) WEB-MISC VsSetCookie.exe access
SecFilterSelective THE_REQUEST "/VsSetCookie\.exe" "log,pass,id:sid2244,rev:4,msg:'WEB-MISC VsSetCookie.exe access'"

# (sid 2245) WEB-MISC Webnews.exe access
SecFilterSelective THE_REQUEST "/Webnews\.exe" "log,pass,id:sid2245,rev:5,msg:'WEB-MISC Webnews.exe access'"

# (sid 2246) WEB-MISC webadmin.dll access
SecFilterSelective THE_REQUEST "/webadmin\.dll" "log,pass,id:sid2246,rev:6,msg:'WEB-MISC webadmin.dll access'"

# (sid 2276) WEB-MISC oracle portal demo access
SecFilterSelective THE_REQUEST "/pls/portal/PORTAL_DEMO" "log,pass,id:sid2276,rev:1,msg:'WEB-MISC oracle portal demo access'"

# (sid 2277) WEB-MISC PeopleSoft PeopleBooks psdoccgi access
SecFilterSelective THE_REQUEST "/psdoccgi" "log,pass,id:sid2277,rev:4,msg:'WEB-MISC PeopleSoft PeopleBooks psdoccgi access'"

# (sid 2327) WEB-MISC bsml.pl access
SecFilterSelective THE_REQUEST "/bsml\.pl" "log,pass,id:sid2327,rev:2,msg:'WEB-MISC bsml.pl access'"

# (sid 2369) WEB-MISC ISAPISkeleton.dll access
SecFilterSelective THE_REQUEST "/ISAPISkeleton\.dll" "log,pass,id:sid2369,rev:1,msg:'WEB-MISC ISAPISkeleton.dll access'"

# (sid 2370) WEB-MISC BugPort config.conf file access
SecFilterSelective THE_REQUEST "/config\.conf" "log,pass,id:sid2370,rev:2,msg:'WEB-MISC BugPort config.conf file access'"

# (sid 2371) WEB-MISC Sample_showcode.html access
SecFilterSelective THE_REQUEST "/Sample_showcode\.html" "id:sid2371,rev:2,msg:'WEB-MISC Sample_showcode.html access',chain"
SecFilter "fname" "log,pass"

# (sid 2395) WEB-MISC InteractiveQuery.jsp access
SecFilterSelective THE_REQUEST "/InteractiveQuery\.jsp" "log,pass,id:sid2395,rev:3,msg:'WEB-MISC InteractiveQuery.jsp access'"

# (sid 2400) WEB-MISC edittag.pl access
SecFilterSelective THE_REQUEST "/edittag\.pl" "log,pass,id:sid2400,rev:1,msg:'WEB-MISC edittag.pl access'"

# (sid 2407) WEB-MISC util.pl access
SecFilterSelective THE_REQUEST "/util\.pl" "log,pass,id:sid2407,rev:1,msg:'WEB-MISC util.pl access'"

# (sid 2408) WEB-MISC Invision Power Board search.pl access
SecFilterSelective THE_REQUEST "/search\.pl" "id:sid2408,rev:1,msg:'WEB-MISC Invision Power Board search.pl access',chain"
SecFilter "st=" "log,pass"

# (sid 2484) WEB-MISC source.jsp access
SecFilterSelective THE_REQUEST "/source\.jsp" "log,pass,id:sid2484,rev:1,msg:'WEB-MISC source.jsp access'"

# (sid 2447) WEB-MISC ServletManager access
SecFilterSelective THE_REQUEST "/servlet/ServletManager" "log,pass,id:sid2447,rev:4,msg:'WEB-MISC ServletManager access'"

# (sid 2448) WEB-MISC setinfo.hts access
SecFilterSelective THE_REQUEST "/setinfo\.hts" "log,pass,id:sid2448,rev:2,msg:'WEB-MISC setinfo.hts access'"

# (sid 2569) WEB-MISC cPanel resetpass access
SecFilterSelective THE_REQUEST "/resetpass" "log,pass,id:sid2569,rev:1,msg:'WEB-MISC cPanel resetpass access'"

# (sid 2570) WEB-MISC Invalid HTTP Version String
SecFilter "HTTP/" "log,pass,id:sid2570,rev:7,msg:'WEB-MISC Invalid HTTP Version String'"

# (sid 2581) WEB-MISC Crystal Reports crystalimagehandler.aspx access
SecFilterSelective THE_REQUEST "/crystalimagehandler\.aspx" "log,pass,id:sid2581,rev:2,msg:'WEB-MISC Crystal Reports crystalimagehandler.aspx access'"

# (sid 2582) WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt
SecFilterSelective THE_REQUEST "/crystalimagehandler\.aspx" "id:sid2582,rev:3,msg:'WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt',chain"
SecFilter "dynamicimage=\.\./" "log,pass"

# (sid 2672) WEB-MISC sresult.exe access
SecFilterSelective THE_REQUEST "/sresult\.exe" "log,pass,id:sid2672,rev:1,msg:'WEB-MISC sresult.exe access'"

# (sid 2702) WEB-MISC Oracle iSQLPlus username overflow attempt
SecFilterSelective THE_REQUEST "/isqlplus" "log,pass,id:sid2702,rev:1,msg:'WEB-MISC Oracle iSQLPlus username overflow attempt'"

# (sid 2703) WEB-MISC Oracle iSQLPlus login.uix username overflow attempt
SecFilterSelective THE_REQUEST "/login\.uix" "log,pass,id:sid2703,rev:1,msg:'WEB-MISC Oracle iSQLPlus login.uix username overflow attempt'"

# (sid 2704) WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt
SecFilterSelective THE_REQUEST "/login\.uix" "log,pass,id:sid2704,rev:1,msg:'WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt'"

# (sid 2701) WEB-MISC Oracle iSQLPlus sid overflow attempt
SecFilterSelective THE_REQUEST "/isqlplus" "log,pass,id:sid2701,rev:1,msg:'WEB-MISC Oracle iSQLPlus sid overflow attempt'"

# (sid 1374) WEB-MISC .htgroup access
SecFilterSelective THE_REQUEST "\.htgroup" "log,pass,id:sid1374,rev:6,msg:'WEB-MISC .htgroup access'"

# (sid 3086) WEB-MISC 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt
SecFilterSelective THE_REQUEST "/app_sta\.stm" "log,pass,id:sid3086,rev:1,msg:'WEB-MISC 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt'"

# (sid 3467) WEB-MISC CISCO VoIP Portinformation access
SecFilterSelective THE_REQUEST "/PortInformation" "log,pass,id:sid3467,rev:1,msg:'WEB-MISC CISCO VoIP Portinformation access'"

# (sid 3466) WEB-MISC Authorization Basic overflow attempt
SecFilter "Basic" "log,pass,id:sid3466,rev:4,msg:'WEB-MISC Authorization Basic overflow attempt'"

# (sid 3518) WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow
SecFilter "wqPassword=" "log,pass,id:sid3518,rev:2,msg:'WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow'"

# (sid 3629) WEB-MISC sambar /search/results.stm access
SecFilter "/search/results\.stm" "log,pass,id:sid3629,rev:1,msg:'WEB-MISC sambar /search/results.stm access'"

# (sid 3676) WEB-MISC newsscript.pl admin attempt
SecFilterSelective THE_REQUEST "/newsscript\.pl" "id:sid3676,rev:2,msg:'WEB-MISC newsscript.pl admin attempt',chain"
SecFilter "mode=admin" "log,pass"

# (sid 3823) WEB-MISC Real Player realtext file bad version buffer overflow attempt
SecFilter "<window" "log,pass,id:sid3823,rev:1,msg:'WEB-MISC Real Player realtext file bad version buffer overflow attempt'"

# (sid 3822) WEB-MISC Real Player realtext long URI request
SecFilterSelective THE_REQUEST "\.rt" "log,pass,id:sid3822,rev:1,msg:'WEB-MISC Real Player realtext long URI request'"

# (sid 3816) WEB-MISC BadBlue ext.dll buffer overflow attempt
SecFilterSelective THE_REQUEST "ext\.dll" "log,pass,id:sid3816,rev:1,msg:'WEB-MISC BadBlue ext.dll buffer overflow attempt'"

# (sid 1774) WEB-PHP bb_smilies.php access
SecFilterSelective THE_REQUEST "/bb_smilies\.php" "log,pass,id:sid1774,rev:3,msg:'WEB-PHP bb_smilies.php access'"

# (sid 1736) WEB-PHP squirrel mail spell-check arbitrary command attempt
SecFilterSelective THE_REQUEST "/squirrelspell/modules/check_me\.mod\.php" "id:sid1736,rev:6,msg:'WEB-PHP squirrel mail spell-check arbitrary command attempt',chain"
SecFilter "SQSPELL_APP\[" "log,pass"

# (sid 1737) WEB-PHP squirrel mail theme arbitrary command attempt
SecFilterSelective THE_REQUEST "/left_main\.php" "id:sid1737,rev:6,msg:'WEB-PHP squirrel mail theme arbitrary command attempt',chain"
SecFilter "cmdd=" "log,pass"

# (sid 1739) WEB-PHP DNSTools administrator authentication bypass attempt
SecFilterSelective THE_REQUEST "/dnstools\.php" "id:sid1739,rev:6,msg:'WEB-PHP DNSTools administrator authentication bypass attempt',chain"
SecFilter "user_dnstools_administrator=true" "log,pass"

# (sid 1740) WEB-PHP DNSTools authentication bypass attempt
SecFilterSelective THE_REQUEST "/dnstools\.php" "id:sid1740,rev:5,msg:'WEB-PHP DNSTools authentication bypass attempt',chain"
SecFilter "user_logged_in=true" "log,pass"

# (sid 1741) WEB-PHP DNSTools access
SecFilterSelective THE_REQUEST "/dnstools\.php" "log,pass,id:sid1741,rev:5,msg:'WEB-PHP DNSTools access'"

# (sid 1742) WEB-PHP Blahz-DNS dostuff.php modify user attempt
SecFilterSelective THE_REQUEST "/dostuff\.php\?action=modify_user" "log,pass,id:sid1742,rev:5,msg:'WEB-PHP Blahz-DNS dostuff.php modify user attempt'"

# (sid 1743) WEB-PHP Blahz-DNS dostuff.php access
SecFilterSelective THE_REQUEST "/dostuff\.php" "log,pass,id:sid1743,rev:5,msg:'WEB-PHP Blahz-DNS dostuff.php access'"

# (sid 1745) WEB-PHP Messagerie supp_membre.php access
SecFilterSelective THE_REQUEST "/supp_membre\.php" "log,pass,id:sid1745,rev:3,msg:'WEB-PHP Messagerie supp_membre.php access'"

# (sid 1773) WEB-PHP php.exe access
SecFilterSelective THE_REQUEST "/php\.exe" "log,pass,id:sid1773,rev:3,msg:'WEB-PHP php.exe access'"

# (sid 1816) WEB-PHP directory.php access
SecFilterSelective THE_REQUEST "/directory\.php" "log,pass,id:sid1816,rev:3,msg:'WEB-PHP directory.php access'"

# (sid 1834) WEB-PHP PHP-Wiki cross site scripting attempt
SecFilterSelective THE_REQUEST "<script" "log,pass,id:sid1834,rev:5,msg:'WEB-PHP PHP-Wiki cross site scripting attempt'"

# (sid 1967) WEB-PHP phpbb quick-reply.php arbitrary command attempt
SecFilterSelective THE_REQUEST "/quick-reply\.php" "id:sid1967,rev:1,msg:'WEB-PHP phpbb quick-reply.php arbitrary command attempt',chain"
SecFilter "phpbb_root_path=" "log,pass"

# (sid 1968) WEB-PHP phpbb quick-reply.php access
SecFilterSelective THE_REQUEST "/quick-reply\.php" "log,pass,id:sid1968,rev:1,msg:'WEB-PHP phpbb quick-reply.php access'"

# (sid 1997) WEB-PHP read_body.php access attempt
SecFilterSelective THE_REQUEST "/read_body\.php" "log,pass,id:sid1997,rev:3,msg:'WEB-PHP read_body.php access attempt'"

# (sid 1998) WEB-PHP calendar.php access
SecFilterSelective THE_REQUEST "/calendar\.php" "log,pass,id:sid1998,rev:4,msg:'WEB-PHP calendar.php access'"

# (sid 1999) WEB-PHP edit_image.php access
SecFilterSelective THE_REQUEST "/edit_image\.php" "log,pass,id:sid1999,rev:4,msg:'WEB-PHP edit_image.php access'"

# (sid 2000) WEB-PHP readmsg.php access
SecFilterSelective THE_REQUEST "/readmsg\.php" "log,pass,id:sid2000,rev:3,msg:'WEB-PHP readmsg.php access'"

# (sid 2002) WEB-PHP remote include path
SecFilterSelective THE_REQUEST "\.php" "id:sid2002,rev:5,msg:'WEB-PHP remote include path',chain"
SecFilter "path=" "log,pass"

# (sid 1134) WEB-PHP Phorum admin access
SecFilterSelective THE_REQUEST "/admin\.php3" "log,pass,id:sid1134,rev:7,msg:'WEB-PHP Phorum admin access'"

# (sid 1161) WEB-PHP piranha passwd.php3 access
SecFilterSelective THE_REQUEST "/passwd\.php3" "log,pass,id:sid1161,rev:9,msg:'WEB-PHP piranha passwd.php3 access'"

# (sid 1178) WEB-PHP Phorum read access
SecFilterSelective THE_REQUEST "/read\.php3" "log,pass,id:sid1178,rev:6,msg:'WEB-PHP Phorum read access'"

# (sid 1179) WEB-PHP Phorum violation access
SecFilterSelective THE_REQUEST "/violation\.php3" "log,pass,id:sid1179,rev:7,msg:'WEB-PHP Phorum violation access'"

# (sid 1197) WEB-PHP Phorum code access
SecFilterSelective THE_REQUEST "/code\.php3" "log,pass,id:sid1197,rev:6,msg:'WEB-PHP Phorum code access'"

# (sid 1300) WEB-PHP admin.php file upload attempt
SecFilterSelective THE_REQUEST "/admin\.php" "id:sid1300,rev:7,msg:'WEB-PHP admin.php file upload attempt',chain"
SecFilter "file_name=" "log,pass"

# (sid 1301) WEB-PHP admin.php access
SecFilterSelective THE_REQUEST "/admin\.php" "log,pass,id:sid1301,rev:11,msg:'WEB-PHP admin.php access'"

# (sid 1407) WEB-PHP smssend.php access
SecFilterSelective THE_REQUEST "/smssend\.php" "log,pass,id:sid1407,rev:8,msg:'WEB-PHP smssend.php access'"

# (sid 1399) WEB-PHP PHP-Nuke remote file include attempt
SecFilterSelective THE_REQUEST "/index\.php" "id:sid1399,rev:11,msg:'WEB-PHP PHP-Nuke remote file include attempt',chain"
SecFilter "file=" "log,pass"

# (sid 1490) WEB-PHP Phorum /support/common.php attempt
SecFilterSelective THE_REQUEST "/support/common\.php" "id:sid1490,rev:8,msg:'WEB-PHP Phorum /support/common.php attempt',chain"
SecFilter "ForumLang=\.\./" "log,pass"

# (sid 1491) WEB-PHP Phorum /support/common.php access
SecFilterSelective THE_REQUEST "/support/common\.php" "log,pass,id:sid1491,rev:9,msg:'WEB-PHP Phorum /support/common.php access'"

# (sid 1137) WEB-PHP Phorum authentication access
SecFilter "PHP_AUTH_USER=boogieman" "log,pass,id:sid1137,rev:9,msg:'WEB-PHP Phorum authentication access'"

# (sid 1086) WEB-PHP strings overflow
SecFilterSelective THE_REQUEST "\?STRENGUR" "log,pass,id:sid1086,rev:12,msg:'WEB-PHP strings overflow'"

# (sid 1254) WEB-PHP PHPLIB remote command attempt
SecFilter "_PHPLIB\[libdir\]" "log,pass,id:sid1254,rev:8,msg:'WEB-PHP PHPLIB remote command attempt'"

# (sid 1255) WEB-PHP PHPLIB remote command attempt
SecFilterSelective THE_REQUEST "/db_mysql\.inc" "log,pass,id:sid1255,rev:8,msg:'WEB-PHP PHPLIB remote command attempt'"

# (sid 2074) WEB-PHP Mambo uploadimage.php upload php file attempt
SecFilterSelective THE_REQUEST "/uploadimage\.php" "id:sid2074,rev:2,msg:'WEB-PHP Mambo uploadimage.php upload php file attempt',chain"
SecFilter "\.php" "log,pass"

# (sid 2075) WEB-PHP Mambo upload.php upload php file attempt
SecFilterSelective THE_REQUEST "/upload\.php" "id:sid2075,rev:2,msg:'WEB-PHP Mambo upload.php upload php file attempt',chain"
SecFilter "\.php" "log,pass"

# (sid 2076) WEB-PHP Mambo uploadimage.php access
SecFilterSelective THE_REQUEST "/uploadimage\.php" "log,pass,id:sid2076,rev:2,msg:'WEB-PHP Mambo uploadimage.php access'"

# (sid 2077) WEB-PHP Mambo upload.php access
SecFilterSelective THE_REQUEST "/upload\.php" "log,pass,id:sid2077,rev:2,msg:'WEB-PHP Mambo upload.php access'"

# (sid 2078) WEB-PHP phpBB privmsg.php access
SecFilterSelective THE_REQUEST "/privmsg\.php" "log,pass,id:sid2078,rev:2,msg:'WEB-PHP phpBB privmsg.php access'"

# (sid 2140) WEB-PHP p-news.php access
SecFilterSelective THE_REQUEST "/p-news\.php" "log,pass,id:sid2140,rev:1,msg:'WEB-PHP p-news.php access'"

# (sid 2141) WEB-PHP shoutbox.php directory traversal attempt
SecFilterSelective THE_REQUEST "/shoutbox\.php" "id:sid2141,rev:1,msg:'WEB-PHP shoutbox.php directory traversal attempt',chain"
SecFilter "\.\./" "log,pass"

# (sid 2142) WEB-PHP shoutbox.php access
SecFilterSelective THE_REQUEST "/shoutbox\.php" "log,pass,id:sid2142,rev:1,msg:'WEB-PHP shoutbox.php access'"

# (sid 2143) WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt
SecFilterSelective THE_REQUEST "/gm-2-b2\.php" "id:sid2143,rev:3,msg:'WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt',chain"
SecFilter "b2inc=" "log,pass"

# (sid 2144) WEB-PHP b2 cafelog gm-2-b2.php access
SecFilterSelective THE_REQUEST "/gm-2-b2\.php" "log,pass,id:sid2144,rev:1,msg:'WEB-PHP b2 cafelog gm-2-b2.php access'"

# (sid 2145) WEB-PHP TextPortal admin.php default password admin attempt
SecFilterSelective THE_REQUEST "/admin\.php" "id:sid2145,rev:3,msg:'WEB-PHP TextPortal admin.php default password admin attempt',chain"
SecFilter "password=admin" "log,pass"

# (sid 2146) WEB-PHP TextPortal admin.php default password 12345 attempt
SecFilterSelective THE_REQUEST "/admin\.php" "id:sid2146,rev:3,msg:'WEB-PHP TextPortal admin.php default password 12345 attempt',chain"
SecFilter "password=12345" "log,pass"

# (sid 2147) WEB-PHP BLNews objects.inc.php4 remote file include attempt
SecFilterSelective THE_REQUEST "/objects\.inc\.php4" "id:sid2147,rev:7,msg:'WEB-PHP BLNews objects.inc.php4 remote file include attempt',chain"
SecFilter "Server\[path\]=" "log,pass"

# (sid 2148) WEB-PHP BLNews objects.inc.php4 access
SecFilterSelective THE_REQUEST "/objects\.inc\.php4" "log,pass,id:sid2148,rev:4,msg:'WEB-PHP BLNews objects.inc.php4 access'"

# (sid 2149) WEB-PHP Turba status.php access
SecFilterSelective THE_REQUEST "/turba/status\.php" "log,pass,id:sid2149,rev:1,msg:'WEB-PHP Turba status.php access'"

# (sid 2150) WEB-PHP ttCMS header.php remote file include attempt
SecFilterSelective THE_REQUEST "/admin/templates/header\.php" "id:sid2150,rev:7,msg:'WEB-PHP ttCMS header.php remote file include attempt',chain"
SecFilter "admin_root=" "log,pass"

# (sid 2151) WEB-PHP ttCMS header.php access
SecFilterSelective THE_REQUEST "/admin/templates/header\.php" "log,pass,id:sid2151,rev:4,msg:'WEB-PHP ttCMS header.php access'"

# (sid 2152) WEB-PHP test.php access
SecFilterSelective THE_REQUEST "/test\.php" "log,pass,id:sid2152,rev:1,msg:'WEB-PHP test.php access'"

# (sid 2153) WEB-PHP autohtml.php directory traversal attempt
SecFilterSelective THE_REQUEST "/autohtml\.php" "id:sid2153,rev:1,msg:'WEB-PHP autohtml.php directory traversal attempt',chain"
SecFilter "\.\./\.\./" "log,pass"

# (sid 2154) WEB-PHP autohtml.php access
SecFilterSelective THE_REQUEST "/autohtml\.php" "log,pass,id:sid2154,rev:1,msg:'WEB-PHP autohtml.php access'"

# (sid 2155) WEB-PHP ttforum remote file include attempt
SecFilterSelective THE_REQUEST "forum/index\.php" "id:sid2155,rev:5,msg:'WEB-PHP ttforum remote file include attempt',chain"
SecFilter "template=" "log,pass"

# (sid 2226) WEB-PHP pmachine remote file include attempt
SecFilterSelective THE_REQUEST "lib\.inc\.php" "id:sid2226,rev:5,msg:'WEB-PHP pmachine remote file include attempt',chain"
SecFilter "pm_path=" "log,pass"

# (sid 2227) WEB-PHP forum_details.php access
SecFilterSelective THE_REQUEST "forum_details\.php" "log,pass,id:sid2227,rev:2,msg:'WEB-PHP forum_details.php access'"

# (sid 2228) WEB-PHP phpMyAdmin db_details_importdocsql.php access
SecFilterSelective THE_REQUEST "db_details_importdocsql\.php" "log,pass,id:sid2228,rev:4,msg:'WEB-PHP phpMyAdmin db_details_importdocsql.php access'"

# (sid 2229) WEB-PHP viewtopic.php access
SecFilterSelective THE_REQUEST "viewtopic\.php" "log,pass,id:sid2229,rev:4,msg:'WEB-PHP viewtopic.php access'"

# (sid 2279) WEB-PHP UpdateClasses.php access
SecFilterSelective THE_REQUEST "/UpdateClasses\.php" "log,pass,id:sid2279,rev:2,msg:'WEB-PHP UpdateClasses.php access'"

# (sid 2280) WEB-PHP Title.php access
SecFilterSelective THE_REQUEST "/Title\.php" "log,pass,id:sid2280,rev:2,msg:'WEB-PHP Title.php access'"

# (sid 2281) WEB-PHP Setup.php access
SecFilterSelective THE_REQUEST "/Setup\.php" "log,pass,id:sid2281,rev:2,msg:'WEB-PHP Setup.php access'"

# (sid 2282) WEB-PHP GlobalFunctions.php access
SecFilterSelective THE_REQUEST "/GlobalFunctions\.php" "log,pass,id:sid2282,rev:2,msg:'WEB-PHP GlobalFunctions.php access'"

# (sid 2283) WEB-PHP DatabaseFunctions.php access
SecFilterSelective THE_REQUEST "/DatabaseFunctions\.php" "log,pass,id:sid2283,rev:2,msg:'WEB-PHP DatabaseFunctions.php access'"

# (sid 2284) WEB-PHP rolis guestbook remote file include attempt
SecFilterSelective THE_REQUEST "/insert\.inc\.php" "id:sid2284,rev:3,msg:'WEB-PHP rolis guestbook remote file include attempt',chain"
SecFilter "path=" "log,pass"

# (sid 2285) WEB-PHP rolis guestbook access
SecFilterSelective THE_REQUEST "/insert\.inc\.php" "log,pass,id:sid2285,rev:2,msg:'WEB-PHP rolis guestbook access'"

# (sid 2286) WEB-PHP friends.php access
SecFilterSelective THE_REQUEST "/friends\.php" "log,pass,id:sid2286,rev:2,msg:'WEB-PHP friends.php access'"

# (sid 2287) WEB-PHP Advanced Poll admin_comment.php access
SecFilterSelective THE_REQUEST "/admin_comment\.php" "log,pass,id:sid2287,rev:4,msg:'WEB-PHP Advanced Poll admin_comment.php access'"

# (sid 2288) WEB-PHP Advanced Poll admin_edit.php access
SecFilterSelective THE_REQUEST "/admin_edit\.php" "log,pass,id:sid2288,rev:4,msg:'WEB-PHP Advanced Poll admin_edit.php access'"

# (sid 2289) WEB-PHP Advanced Poll admin_embed.php access
SecFilterSelective THE_REQUEST "/admin_embed\.php" "log,pass,id:sid2289,rev:4,msg:'WEB-PHP Advanced Poll admin_embed.php access'"

# (sid 2290) WEB-PHP Advanced Poll admin_help.php access
SecFilterSelective THE_REQUEST "/admin_help\.php" "log,pass,id:sid2290,rev:4,msg:'WEB-PHP Advanced Poll admin_help.php access'"

# (sid 2291) WEB-PHP Advanced Poll admin_license.php access
SecFilterSelective THE_REQUEST "/admin_license\.php" "log,pass,id:sid2291,rev:4,msg:'WEB-PHP Advanced Poll admin_license.php access'"

# (sid 2292) WEB-PHP Advanced Poll admin_logout.php access
SecFilterSelective THE_REQUEST "/admin_logout\.php" "log,pass,id:sid2292,rev:4,msg:'WEB-PHP Advanced Poll admin_logout.php access'"

# (sid 2293) WEB-PHP Advanced Poll admin_password.php access
SecFilterSelective THE_REQUEST "/admin_password\.php" "log,pass,id:sid2293,rev:4,msg:'WEB-PHP Advanced Poll admin_password.php access'"

# (sid 2294) WEB-PHP Advanced Poll admin_preview.php access
SecFilterSelective THE_REQUEST "/admin_preview\.php" "log,pass,id:sid2294,rev:4,msg:'WEB-PHP Advanced Poll admin_preview.php access'"

# (sid 2295) WEB-PHP Advanced Poll admin_settings.php access
SecFilterSelective THE_REQUEST "/admin_settings\.php" "log,pass,id:sid2295,rev:4,msg:'WEB-PHP Advanced Poll admin_settings.php access'"

# (sid 2296) WEB-PHP Advanced Poll admin_stats.php access
SecFilterSelective THE_REQUEST "/admin_stats\.php" "log,pass,id:sid2296,rev:4,msg:'WEB-PHP Advanced Poll admin_stats.php access'"

# (sid 2297) WEB-PHP Advanced Poll admin_templates_misc.php access
SecFilterSelective THE_REQUEST "/admin_templates_misc\.php" "log,pass,id:sid2297,rev:4,msg:'WEB-PHP Advanced Poll admin_templates_misc.php access'"

# (sid 2298) WEB-PHP Advanced Poll admin_templates.php access
SecFilterSelective THE_REQUEST "/admin_templates\.php" "log,pass,id:sid2298,rev:4,msg:'WEB-PHP Advanced Poll admin_templates.php access'"

# (sid 2299) WEB-PHP Advanced Poll admin_tpl_misc_new.php access
SecFilterSelective THE_REQUEST "/admin_tpl_misc_new\.php" "log,pass,id:sid2299,rev:4,msg:'WEB-PHP Advanced Poll admin_tpl_misc_new.php access'"

# (sid 2300) WEB-PHP Advanced Poll admin_tpl_new.php access
SecFilterSelective THE_REQUEST "/admin_tpl_new\.php" "log,pass,id:sid2300,rev:4,msg:'WEB-PHP Advanced Poll admin_tpl_new.php access'"

# (sid 2301) WEB-PHP Advanced Poll booth.php access
SecFilterSelective THE_REQUEST "/booth\.php" "log,pass,id:sid2301,rev:4,msg:'WEB-PHP Advanced Poll booth.php access'"

# (sid 2302) WEB-PHP Advanced Poll poll_ssi.php access
SecFilterSelective THE_REQUEST "/poll_ssi\.php" "log,pass,id:sid2302,rev:4,msg:'WEB-PHP Advanced Poll poll_ssi.php access'"

# (sid 2303) WEB-PHP Advanced Poll popup.php access
SecFilterSelective THE_REQUEST "/popup\.php" "log,pass,id:sid2303,rev:4,msg:'WEB-PHP Advanced Poll popup.php access'"

# (sid 2304) WEB-PHP files.inc.php access
SecFilterSelective THE_REQUEST "/files\.inc\.php" "log,pass,id:sid2304,rev:2,msg:'WEB-PHP files.inc.php access'"

# (sid 2305) WEB-PHP chatbox.php access
SecFilterSelective THE_REQUEST "/chatbox\.php" "log,pass,id:sid2305,rev:2,msg:'WEB-PHP chatbox.php access'"

# (sid 2306) WEB-PHP gallery remote file include attempt
SecFilterSelective THE_REQUEST "/setup/" "id:sid2306,rev:4,msg:'WEB-PHP gallery remote file include attempt',chain"
SecFilter "GALLERY_BASEDIR=" "log,pass"

# (sid 2307) WEB-PHP PayPal Storefront remote file include attempt
SecFilter "page=" "log,pass,id:sid2307,rev:6,msg:'WEB-PHP PayPal Storefront remote file include attempt'"

# (sid 2328) WEB-PHP authentication_index.php access
SecFilterSelective THE_REQUEST "/authentication_index\.php" "log,pass,id:sid2328,rev:3,msg:'WEB-PHP authentication_index.php access'"

# (sid 2331) WEB-PHP MatrikzGB privilege escalation attempt
SecFilter "new_rights=admin" "log,pass,id:sid2331,rev:2,msg:'WEB-PHP MatrikzGB privilege escalation attempt'"

# (sid 2341) WEB-PHP DCP-Portal remote file include attempt
SecFilterSelective THE_REQUEST "/library/editor/editor\.php" "id:sid2341,rev:1,msg:'WEB-PHP DCP-Portal remote file include attempt',chain"
SecFilter "root=" "log,pass"

# (sid 2342) WEB-PHP DCP-Portal remote file include attempt
SecFilterSelective THE_REQUEST "/library/lib\.php" "id:sid2342,rev:1,msg:'WEB-PHP DCP-Portal remote file include attempt',chain"
SecFilter "root=" "log,pass"

# (sid 2345) WEB-PHP PhpGedView search.php access
SecFilterSelective THE_REQUEST "firstname=" "log,pass,id:sid2345,rev:4,msg:'WEB-PHP PhpGedView search.php access'"

# (sid 2346) WEB-PHP myPHPNuke chatheader.php access
SecFilterSelective THE_REQUEST "/chatheader\.php" "log,pass,id:sid2346,rev:2,msg:'WEB-PHP myPHPNuke chatheader.php access'"

# (sid 2347) WEB-PHP myPHPNuke partner.php access
SecFilterSelective THE_REQUEST "/partner\.php" "log,pass,id:sid2347,rev:2,msg:'WEB-PHP myPHPNuke partner.php access'"

# (sid 2353) WEB-PHP IdeaBox cord.php file include
SecFilterSelective THE_REQUEST "/index\.php" "id:sid2353,rev:2,msg:'WEB-PHP IdeaBox cord.php file include',chain"
SecFilter "cord\.php" "log,pass"

# (sid 2354) WEB-PHP IdeaBox notification.php file include
SecFilterSelective THE_REQUEST "/index\.php" "id:sid2354,rev:2,msg:'WEB-PHP IdeaBox notification.php file include',chain"
SecFilter "notification\.php" "log,pass"

# (sid 2355) WEB-PHP Invision Board emailer.php file include
SecFilterSelective THE_REQUEST "/ad_member\.php" "id:sid2355,rev:2,msg:'WEB-PHP Invision Board emailer.php file include',chain"
SecFilter "emailer\.php" "log,pass"

# (sid 2356) WEB-PHP WebChat db_mysql.php file include
SecFilterSelective THE_REQUEST "/defines\.php" "id:sid2356,rev:2,msg:'WEB-PHP WebChat db_mysql.php file include',chain"
SecFilter "db_mysql\.php" "log,pass"

# (sid 2357) WEB-PHP WebChat english.php file include
SecFilterSelective THE_REQUEST "/defines\.php" "id:sid2357,rev:2,msg:'WEB-PHP WebChat english.php file include',chain"
SecFilter "english\.php" "log,pass"

# (sid 2358) WEB-PHP Typo3 translations.php file include
SecFilterSelective THE_REQUEST "/translations\.php" "id:sid2358,rev:2,msg:'WEB-PHP Typo3 translations.php file include',chain"
SecFilter "ONLY" "log,pass"

# (sid 2359) WEB-PHP Invision Board ipchat.php file include
SecFilterSelective THE_REQUEST "/ipchat\.php" "id:sid2359,rev:2,msg:'WEB-PHP Invision Board ipchat.php file include',chain"
SecFilter "conf_global\.php" "log,pass"

# (sid 2360) WEB-PHP myphpPagetool pt_config.inc file include
SecFilterSelective THE_REQUEST "/doc/admin" "id:sid2360,rev:2,msg:'WEB-PHP myphpPagetool pt_config.inc file include',chain"
SecFilter "pt_config\.inc" "log,pass"

# (sid 2361) WEB-PHP news.php file include
SecFilterSelective THE_REQUEST "/news\.php" "id:sid2361,rev:2,msg:'WEB-PHP news.php file include',chain"
SecFilter "template" "log,pass"

# (sid 2362) WEB-PHP YaBB SE packages.php file include
SecFilterSelective THE_REQUEST "/packages\.php" "id:sid2362,rev:2,msg:'WEB-PHP YaBB SE packages.php file include',chain"
SecFilter "packer\.php" "log,pass"

# (sid 2363) WEB-PHP Cyboards default_header.php access
SecFilterSelective THE_REQUEST "/default_header\.php" "log,pass,id:sid2363,rev:2,msg:'WEB-PHP Cyboards default_header.php access'"

# (sid 2364) WEB-PHP Cyboards options_form.php access
SecFilterSelective THE_REQUEST "/options_form\.php" "log,pass,id:sid2364,rev:2,msg:'WEB-PHP Cyboards options_form.php access'"

# (sid 2365) WEB-PHP newsPHP Language file include attempt
SecFilterSelective THE_REQUEST "/nphpd\.php" "id:sid2365,rev:2,msg:'WEB-PHP newsPHP Language file include attempt',chain"
SecFilter "LangFile" "log,pass"

# (sid 2366) WEB-PHP PhpGedView PGV authentication_index.php base directory manipulation attempt
SecFilterSelective THE_REQUEST "/authentication_index\.php" "id:sid2366,rev:4,msg:'WEB-PHP PhpGedView PGV authentication_index.php base directory manipulation attempt',chain"
SecFilter "PGV_BASE_DIRECTORY" "log,pass"

# (sid 2367) WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt
SecFilterSelective THE_REQUEST "/functions\.php" "id:sid2367,rev:4,msg:'WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt',chain"
SecFilter "PGV_BASE_DIRECTORY" "log,pass"

# (sid 2368) WEB-PHP PhpGedView PGV config_gedcom.php base directory manipulation attempt
SecFilterSelective THE_REQUEST "/config_gedcom\.php" "id:sid2368,rev:4,msg:'WEB-PHP PhpGedView PGV config_gedcom.php base directory manipulation attempt',chain"
SecFilter "PGV_BASE_DIRECTORY" "log,pass"

# (sid 2372) WEB-PHP Photopost PHP Pro showphoto.php access
SecFilterSelective THE_REQUEST "/showphoto\.php" "log,pass,id:sid2372,rev:2,msg:'WEB-PHP Photopost PHP Pro showphoto.php access'"

# (sid 2393) WEB-PHP /_admin access
SecFilterSelective THE_REQUEST "/_admin/" "log,pass,id:sid2393,rev:1,msg:'WEB-PHP /_admin access'"

# (sid 2398) WEB-PHP WAnewsletter newsletter.php file include attempt
SecFilterSelective THE_REQUEST "newsletter\.php" "id:sid2398,rev:1,msg:'WEB-PHP WAnewsletter newsletter.php file include attempt',chain"
SecFilter "start\.php" "log,pass"

# (sid 2399) WEB-PHP WAnewsletter db_type.php access
SecFilterSelective THE_REQUEST "/sql/db_type\.php" "log,pass,id:sid2399,rev:1,msg:'WEB-PHP WAnewsletter db_type.php access'"

# (sid 2405) WEB-PHP phptest.php access
SecFilterSelective THE_REQUEST "/phptest\.php" "log,pass,id:sid2405,rev:1,msg:'WEB-PHP phptest.php access'"

# (sid 2410) WEB-PHP IGeneric Free Shopping Cart page.php access
SecFilterSelective THE_REQUEST "/page\.php" "log,pass,id:sid2410,rev:2,msg:'WEB-PHP IGeneric Free Shopping Cart page.php access'"

# (sid 2565) WEB-PHP modules.php access
SecFilterSelective THE_REQUEST "/modules\.php" "log,pass,id:sid2565,rev:1,msg:'WEB-PHP modules.php access'"

# (sid 2566) WEB-PHP PHPBB viewforum.php access
SecFilterSelective THE_REQUEST "/viewforum\.php" "log,pass,id:sid2566,rev:4,msg:'WEB-PHP PHPBB viewforum.php access'"

# (sid 2575) WEB-PHP Opt-X header.php remote file include attempt
SecFilterSelective THE_REQUEST "/header\.php" "id:sid2575,rev:1,msg:'WEB-PHP Opt-X header.php remote file include attempt',chain"
SecFilter "systempath=" "log,pass"

# (sid 2588) WEB-PHP TUTOS path disclosure attempt
SecFilterSelective THE_REQUEST "/note_overview\.php" "id:sid2588,rev:1,msg:'WEB-PHP TUTOS path disclosure attempt',chain"
SecFilter "id=" "log,pass"

# (sid 2654) WEB-PHP PHPNuke Forum viewtopic SQL insertion attempt
SecFilterSelective THE_REQUEST "/modules\.php" "id:sid2654,rev:2,msg:'WEB-PHP PHPNuke Forum viewtopic SQL insertion attempt',chain"
SecFilter "file=viewtopic" "log,pass"

# (sid 2926) WEB-PHP PhpGedView PGV base directory manipulation
SecFilterSelective THE_REQUEST "_conf\.php" "id:sid2926,rev:1,msg:'WEB-PHP PhpGedView PGV base directory manipulation',chain"
SecFilter "PGV_BASE_DIRECTORY" "log,pass"

# (sid 3827) WEB-PHP xmlrpc.php post attempt
SecFilterSelective THE_REQUEST "/xmlrpc\.php" "log,pass,id:sid3827,rev:1,msg:'WEB-PHP xmlrpc.php post attempt'"