zen2
commented
3 years ago Hello ! Thanks for your project, I'm using your lists but differently because I've to match IP on a specific HTTP header issued by a CDN. BTW you can be interested how you can filter IP like bots:
SetEnvIfExpr "-R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" privateip
SetEnvIfExpr "%{HTTP:X-Forwarded-For} -ipmatch '23.21.227.69'" badipI use last one on a different HTTP header to be able to filter behind a proxy/CDN without lost CDN Server IP.
I got recently a vulnerability scan as part of an attack on one of my web server. And I got thousands of requests related to Acunetix vulneralibities scanner with specific pattern in user agent or referrer or url:
User Agent:
"${@print(md5(acunetix_wvs_security_test))}\\"
"';print(md5(acunetix_wvs_security_test));$a='"
"${@print(md5(acunetix_wvs_security_test))}"
";print(md5(acunetix_wvs_security_test));"
"\";print(md5(acunetix_wvs_security_test));$a=\""Not trapped because there is no space around "acunetix" by:
BrowserMatchNoCase "(?:\b)Acunetix(?:\b)" badbot
but trapped with simple:
BrowserMatchNoCase "Acunetix" batbot
Referrer:
"${@print(md5(acunetix_wvs_security_test))}"
"${@print(md5(acunetix_wvs_security_test))}\\"
"http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0,\"'\\\"><xsstag>()refdxss\")"
";print(md5(acunetix_wvs_security_test));"
"';print(md5(acunetix_wvs_security_test));$a='"
"\";print(md5(acunetix_wvs_security_test));$a=\""URL (part of):
acunetix_wvs_security_test
$acunetix
acunetix-wvs-test-for-some-inexistent-file
Topic continues from https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/issues/50